Privacy Policy

Last updated: 19 June 2026

AdvantaISO ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store and protect your information when you use our platform.

1. Who We Are

AdvantaISO is a security and compliance management platform. For data protection enquiries, please contact us at privacy@advantaiso.com.

2. What Data We Collect

We collect the following personal data when you use our platform:

• Name and username
• Email address
• Login credentials (stored securely using bcrypt hashing)
• IP address and browser information (for security logging)
• Data you enter into the platform (threat logs, documents, audit records)
• Session data and cookies necessary for the platform to function

3. How We Use Your Data

We use your data to:

• Provide and maintain the AdvantaISO platform
• Authenticate your identity and maintain your session
• Send password reset emails when requested
• Monitor for security threats and unauthorised access attempts
• Comply with legal obligations

4. Cookies

We use the following cookies:

• Session cookie — essential for keeping you logged in. This cookie is deleted when you close your browser or sign out.
• CSRF token cookie — essential for security, preventing cross-site request forgery attacks.
• Cookie consent cookie — remembers your cookie preference for 12 months.

We do not use advertising, tracking or analytics cookies. We do not share your data with third-party advertising networks.

5. Data Storage and Security

Your data is stored on secure servers. Passwords are never stored in plain text — they are hashed using bcrypt. Access to your data is restricted to authorised personnel only.

6. Data Retention

We retain your personal data for as long as your account is active. When an account is deleted, associated personal data is removed within 30 days. Threat log and audit data may be retained for compliance purposes as agreed with your organisation.

7. Your Rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Data portability

To exercise any of these rights, contact us at privacy@advantaiso.com.

8. Third Parties

We do not sell, trade or transfer your personal data to third parties. We do not use third-party analytics or advertising services.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by a notice on the platform.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at privacy@advantaiso.com.