Privacy Policy

Last updated: March 23, 2026

1. Introduction

RegulaCore Inc. ("RegulaCore Inc," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website at regulacore.com and use our cloud-based EHS, Quality, ISO, and Training platform (collectively, the "Service").

By accessing or using the Service, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, phone number, job title, company name, and billing information when you create an account or request a demo.
• User Content: Data you enter into the platform, including incident reports, audit records, corrective actions, training records, and ISO compliance documents.
• Communications: Information you share when you contact our support team, submit feedback, or participate in surveys.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, timestamps, session duration, and interaction patterns.
• Device Data: Browser type, operating system, device identifiers, IP address, and screen resolution.
• Cookies and Similar Technologies: See our Cookie Policy for details.

2.3 Information from Third Parties

• Single Sign-On (SSO) providers such as Google Workspace, Microsoft Entra ID, or Okta.
• Payment processors (Stripe, PayPal) for billing verification.
• Analytics services and advertising partners.

3. How We Use Your Information

We use collected information to:

• Provide, operate, and maintain the Service.
• Process transactions and send related billing information.
• Send administrative notifications, security alerts, and support messages.
• Analyze usage patterns to improve the Service.
• Enforce our Terms of Service and comply with legal obligations.
• Detect, prevent, and address fraud, abuse, and security incidents.
• Respond to your requests, comments, and questions.

4. Legal Basis for Processing (EEA/UK)

If you are located in the European Economic Area or United Kingdom, we process personal data under the following legal bases:

• Contract: Processing necessary to perform our contract with you.
• Legitimate Interest: Improving the Service, fraud prevention, and security.
• Consent: Where you have provided explicit consent (e.g., marketing emails).
• Legal Obligation: Compliance with applicable laws and regulations.

5. How We Share Your Information

We do not sell your personal data. We may share it with:

• Service Providers: Cloudflare (infrastructure), Stripe/PayPal (payments), analytics providers — bound by data processing agreements.
• Your Organization: If you use the Service through an enterprise account, your administrator may access your data.
• Legal Requirements: When required by law, subpoena, or court order.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. We retain records as required by applicable EHS, quality, and ISO regulations. When data is no longer needed, it is securely deleted or anonymized.

7. Data Security

We implement industry-standard security measures, including:

• TLS 1.3 encryption for all data in transit.
• AES-256 encryption for data at rest.
• Zero-trust architecture with tenant-level isolation.
• Role-based access control (RBAC) and audit logging.
• SOC 2 Type II and ISO 27001 aligned controls.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion of your personal data.
• Restrict or object to certain processing activities.
• Data portability — receive your data in a structured, machine-readable format.
• Withdraw consent at any time where processing is based on consent.

To exercise your rights, contact us at privacy@regulacore.com.

9. International Data Transfers

Your data may be processed in the United States and other countries where Cloudflare operates edge nodes. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Children's Privacy

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the data promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, contact us at:

RegulaCore Inc.
500 Navarro St, 2nd Floor, PMB 7096
San Antonio, TX 78205
United States

Email: privacy@regulacore.com