Back to Homepage

Privacy Policy

Last updated: April 13, 2026

Overview

This Privacy Policy explains how Do GRC ("we", "us", or "our") collects, uses, stores, and protects your personal information when you access or use our platform. We are committed to safeguarding your privacy and handling your data transparently.

Information We Collect

We may collect the following types of information:

  • Account Information — name, email address, and authentication credentials when you create an account.
  • Usage Data — learning progress, room completions, scenario responses, GRC tool records (e.g. risks, incidents, policies, vendors, audits), GRC Coach conversations, interview prep answers, and platform interaction patterns.
  • Technical Data — browser type, device information, IP address, and cookies used to deliver core functionality.

How We Use Information

We use your information to:

  • Operate, maintain, and improve the Do GRC platform.
  • Personalise your learning experience and track your progress.
  • Provide AI-powered features such as the GRC Coach, AI scenario grading, interview prep feedback, and GRC tool data population.
  • Send service-related communications such as account verification and updates.
  • Analyse aggregated, anonymised usage trends to improve our content.
  • Maintain the security and integrity of the platform.

Data Sharing and Disclosure

We do not sell your personal information. We may share data with trusted third-party service providers (such as hosting and analytics providers) solely to operate and improve the platform. We may also disclose information if required by law or to protect our legal rights.

AI-Powered Features and Third-Party Processing

Several platform features use third-party AI services to process your inputs and generate responses. These include the GRC Coach (conversations and journey generation), scenario and interview prep grading, and GRC tool data population. When you use these features, the content you submit is sent to our AI provider for processing.

We do not use your submissions to train third-party AI models, with the following narrow exceptions, all of which are routed through a separate OpenAI organisation in which input/output sharing is enabled so that OpenAI may use the non-personal inputs and outputs to improve their services:

  • Exam prep generation — produces synthetic certification-style multiple-choice questions from non-personal inputs (exam name, domain, difficulty).
  • "Populate examples" in our GRC tools — asks the model to invent realistic example records from scratch. None of your own GRC records are sent.
  • Resume Point Generator— sends only a sanitised target-role string and the titles of Do GRC training modules you have completed. It does not send your name, contact details, or real employment history; the resume bullet points are generated from the platform's training content alone.

All other features — including the GRC Coach (chat and journey generation), interview prep, role play, scenario submissions, AI quiz answer checking, text-to-speech, and the per-record AI fill helpers in our GRC tools (which include the name or title of one of your actual records in the prompt) — use a separate OpenAI organisation in which input/output sharing is disabled, and inputs to those features are not used to train OpenAI's models and are retained by OpenAI only for the short abuse-monitoring window required by their API terms.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. If you close your account, we will delete or anonymise your data within a reasonable timeframe, unless retention is required by law.

Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. You may also have the right to object to or restrict certain processing activities. To exercise any of these rights, please contact us using the details below.

Security

We implement industry-standard security measures to protect your data, including encryption in transit, secure authentication, and regular access reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Contact

If you have questions or concerns about this Privacy Policy or your data, please contact us at hello@dogrc.com.