Privacy Policy

Effective Date: March 1, 2026  |  Last Updated: March 4, 2026

1. Introduction

This Privacy Policy describes how Detailed In Design, LLC ("Company," "we," "us," or "our"), an Illinois limited liability company, collects, uses, and protects information in connection with the Managed Risk platform and related services (collectively, the "Service"). By accessing or using the Service, you agree to this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you register for Managed Risk, we collect:

• Name and business email address
• Organization name and billing address
• Payment and billing information (processed by our secure payment processor)
• Job title and role within your organization

2.2 Customer-Controlled Data

In the course of using the Service, your organization may process the following categories of data through Managed Risk:

• Risk assessments and risk register entries
• Organizational data, including departmental structures and asset inventories
• Compliance records and regulatory mapping data
• Audit trails and Decision Artifacts generated by the platform
• User-defined risk frameworks, scoring models, and configuration settings

2.3 Usage and Telemetry Data

We collect limited, non-content telemetry to maintain and improve the Service:

• Feature usage patterns and session duration (aggregated and anonymized)
• Performance metrics, error logs, and system health data
• Browser type, operating system, and device information
• IP address and approximate geographic location

2.4 Website Visitor Data

When you visit our marketing website, we may collect standard analytics data including pages viewed, referring URL, and interaction events. This data is used solely to improve our website experience.

3. How We Use Information

We use collected information for the following purposes:

• Service Delivery: To provision, operate, and maintain your Managed Risk instance
• Account Management: To manage your subscription, process payments, and provide customer support
• Security: To detect, prevent, and respond to security incidents, fraud, and abuse
• Compliance: To meet legal obligations and respond to lawful government requests
• Improvement: To improve the Service based on aggregated, anonymized usage patterns
• Communication: To send transactional notifications, security alerts, and (with consent) product updates

4. Enterprise Risk Data Sensitivity

4.1 Risk Assessment Confidentiality

Risk assessments and related organizational data are among the most sensitive categories of enterprise information. We treat all customer-controlled risk data with the highest level of confidentiality:

• Risk assessment data is never aggregated across customers
• No customer's risk posture information is visible to or accessible by any other customer
• Our personnel access customer data only when explicitly authorized by the customer for support purposes

4.2 Encryption and Access Controls

• All enterprise risk data is encrypted at rest and in transit using AES-256 and TLS 1.3
• Access to risk assessment data is governed by role-based access controls configured by the customer
• Comprehensive audit logs record all access to sensitive risk records

4.3 Regulatory Compliance Support

Our platform architecture and operational controls are designed to support common regulatory and compliance frameworks. Your single-tenant deployment ensures that data handling meets the specific requirements of your regulatory environment.

5. Single-Tenant Architecture & Data Isolation

Managed Risk operates on a single-tenant deployment model. This means:

• Your data is stored in isolated infrastructure dedicated to your organization
• No data is commingled with other customers' data
• You retain full control over data residency and retention policies
• Your data never leaves your servers or designated cloud environment

6. Decision Artifacts and Audit Trails

Managed Risk generates Decision Artifacts - auditable, human-readable records that document the reasoning behind risk assessments and scoring decisions. These artifacts:

• Are stored exclusively within your single-tenant environment
• Contain references to the data points, frameworks, and models that informed the assessment
• Are designed to support regulatory compliance, board reporting, and audit requirements
• Can be exported or deleted according to your data retention policies

7. Data Sharing and Disclosure

We do not sell, rent, or share your personal information or customer-controlled data with third parties for their own marketing purposes. We may share information only in the following circumstances:

• Service Providers: With trusted vendors who assist us in operating the Service (e.g., payment processing, cloud infrastructure), bound by confidentiality agreements
• Legal Obligations: When required by law, subpoena, or valid legal process
• Safety: To protect the rights, property, or safety of Detailed In Design, our customers, or the public
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected customers

8. Data Retention

Account information is retained for the duration of your subscription and for a reasonable period thereafter for legal and business purposes. Customer-controlled data within your single-tenant instance is governed by your own retention policies. Upon subscription cancellation, all customer data is permanently deleted within 30 days unless a longer retention period is required by law or requested by you.

9. Security Measures

We implement industry-standard security measures including:

• AES-256 encryption at rest and TLS 1.3 encryption in transit
• Role-based access controls and multi-factor authentication
• Regular penetration testing and vulnerability assessments
• 24/7 infrastructure monitoring and incident response
• Comprehensive audit logging of all system access

10. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate personal information
• Deletion: Request deletion of your personal information
• Portability: Request your data in a structured, machine-readable format
• Opt-Out: Opt out of marketing communications at any time
• Restriction: Request restriction of processing in certain circumstances

To exercise any of these rights, contact us at privacy@detailedindesign.com.

11. Cookies and Tracking Technologies

Our marketing website uses essential cookies for functionality and optional analytics cookies (with consent). The Managed Risk application itself uses only essential session cookies required for authentication and security. We do not use third-party advertising trackers within the application.

12. International Data Transfers

If your deployment involves transferring data across borders, Detailed In Design supports standard contractual clauses and other lawful transfer mechanisms. Your single-tenant architecture allows you to select data residency regions that comply with applicable regulations.

13. Children's Privacy

Managed Risk is a business-to-business service and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to account administrators and posted on this page with an updated "Last Updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Detailed In Design, LLC
Email: privacy@detailedindesign.com
Web: detailedindesign.com