New — The Inspection Record: 483 Observation Library, inspection prep checklists, and the first article. Join free →
🔒 Legal

Privacy Policy

How ComplianceWorxs collects, processes, and protects information across its case file products and decision authorization services.

✓ No Data Selling ✓ No AI Training on Customer Data ✓ International Transfer Safeguards ✓ User Rights

Effective Date: April 14, 2026

Contents
  1. Information We Collect
  2. AI-Assisted Processing
  3. How We Use Information
  4. Compliance Data
  5. Regulated Environments
  6. Healthcare Data
  7. Data Security
  8. Data Retention
  9. Third-Party Service Providers
  10. International Data Transfers
  11. User Rights
  12. Cookies and Analytics
  13. Security Incidents
  14. Children's Privacy
  15. Changes to This Policy
  16. Contact Information

1. Information We Collect

ComplianceWorxs collects information necessary to deliver its case file products and decision authorization services.

Purchase and Account Information

When users purchase a case file or create an account we may collect:

  • name
  • email address
  • organization name
  • billing information processed by our payment provider
  • account credentials where applicable

Compliance-Related Information

Users may submit compliance-related descriptions through the platform, including:

  • descriptions of compliance decisions
  • inspection preparation information
  • deviation or investigation summaries
  • compliance documentation context

Users should avoid submitting confidential regulatory documentation unless authorized by their organization.

Usage Information

We collect operational information including access timestamps, platform feature usage, session activity, case file page interactions, scroll depth, and system interaction logs.

Technical Information

We collect limited technical data for security and performance purposes including IP address, browser type, device type, and operating system.

Business Visitor Information

When organizations visit the ComplianceWorxs website, we may collect business-level information including company name, industry, and general location through third-party business identity resolution services. This information is used to understand site traffic patterns and identify organizations with potential interest in our products. Individual personal data collected through this process is limited to publicly available professional information.

2. AI-Assisted Processing

Certain features of the ComplianceWorxs platform use artificial intelligence to analyze user inputs and generate documentation outputs.

AI-assisted processing may include:

  • compliance scenario analysis
  • inspection intelligence explanations
  • documentation generation
  • structured decision authorization outputs

User inputs may be processed by AI service providers solely for the purpose of delivering platform functionality.

AI Training Restriction — ComplianceWorxs does not permit customer data to be used to train public AI models. Customer-submitted compliance information is not used for model training.

3. How We Use Information

Information collected through the platform may be used to:

  • deliver purchased case file products and platform services
  • generate platform outputs and analysis
  • improve platform functionality and case file content
  • identify organizations visiting the site for business development purposes
  • monitor security and prevent misuse
  • respond to support requests

We do not sell customer data.

4. Compliance Data and Regulatory Documentation

ComplianceWorxs case files are designed to assist compliance professionals in understanding inspection expectations and identifying authorization gaps in compliance decisions.

Organizations remain responsible for determining what information may be uploaded to the system and ensuring compliance with internal data governance policies.

The platform is not intended to store regulated records requiring validated system controls unless validated by the customer organization.

5. Support for Regulated Environments

ComplianceWorxs is designed to support documentation practices aligned with electronic records principles described in FDA 21 CFR Part 11 and similar regulatory frameworks.

However, each organization remains responsible for determining whether the platform must be validated within its own regulatory environment.

ComplianceWorxs does not represent that the system is automatically validated for any specific organization's regulatory requirements.

6. Healthcare Data

ComplianceWorxs is not designed to store or process Protected Health Information (PHI).

Users should not submit PHI unless a separate Business Associate Agreement (BAA) has been executed.

7. Data Security

ComplianceWorxs implements commercially reasonable technical safeguards designed to protect user information.

Security measures may include:

  • encryption in transit using TLS
  • encryption of stored data where appropriate
  • controlled system access
  • infrastructure monitoring
  • security incident response procedures

No system can guarantee absolute security.

8. Data Retention

ComplianceWorxs retains information only as long as necessary to provide the Services.

Retention practices include:

  • purchase and account data retained while accounts remain active
  • usage logs retained for security and system integrity
  • compliance descriptions retained for platform functionality
  • business visitor identification data retained for a reasonable period for business development purposes

Users may request deletion of their account data where permitted by law. ComplianceWorxs may retain anonymized platform analytics data for service improvement.

9. Third-Party Service Providers

ComplianceWorxs uses trusted third-party service providers to deliver its products and services.

Infrastructure and Data

Supabase Cloud database infrastructure and backend services
Vercel Hosting and deployment infrastructure

Payments

Stripe Payment processing. ComplianceWorxs does not store payment card data. All payment information is processed directly by Stripe.

Communications

MailerSend Transactional email delivery
MailerLite Marketing email and subscriber management

Analytics and Tracking

PostHog Product analytics and behavioral event tracking
Vercel Analytics Site performance and traffic analytics

Business Identity Resolution

Apollo.io Business visitor identification. Apollo.io may identify organizational information associated with site visits using publicly available data sources.
Claydar Business visitor intelligence and identification

Customer Relationship Management

Attio Customer relationship management and contact tracking

Artificial Intelligence

Anthropic AI-assisted documentation generation and analysis

Third-party providers process data only to deliver platform functionality. Where required, these providers operate under contractual data protection obligations. A full list of subprocessors may be provided upon request.

10. International Data Transfers

ComplianceWorxs may process data using infrastructure located in multiple jurisdictions.

When personal data is transferred internationally, we implement appropriate safeguards designed to protect that information in accordance with applicable law.

11. User Rights

Depending on jurisdiction, users may have rights regarding their personal data, including:

  • the right to access data
  • the right to request correction
  • the right to request deletion
  • the right to object to certain processing
  • the right to opt out of business identity resolution tracking

Requests may be submitted using the contact information below.

12. Cookies and Analytics

The ComplianceWorxs website uses cookies and similar technologies to improve site functionality, understand site usage patterns, and measure performance of platform features.

In addition to standard analytics cookies, ComplianceWorxs uses business identity resolution tools — including Apollo.io and Claydar — that may identify the organization associated with a site visit using IP address and publicly available business data. These tools do not access personal device data beyond what is standard for web analytics, but they may associate your visit with your employer or organization.

Users may manage cookie preferences through browser settings. To opt out of business identity resolution, contact us at privacy@complianceworxs.com.

13. Security Incidents

If a security incident affecting personal data is identified, ComplianceWorxs will respond in accordance with applicable legal requirements and internal incident response procedures.

14. Children's Privacy

The Services are intended for professional use by adults.

ComplianceWorxs does not knowingly collect information from individuals under 18 years of age.

15. Changes to This Policy

We may update this Privacy Policy periodically.

Updates will be posted on this page and reflected by an updated effective date.

Continued use of the Services after changes indicates acceptance of the updated policy.

16. Contact Information

Privacy inquiries and data subject requests may be directed to:

Questions About Your Data?

If you have questions about how we handle your data, need information about subprocessors or data processing agreements, or wish to opt out of business identity resolution, contact us directly.

We respond to all privacy inquiries within 30 days, or sooner as required by applicable law.

Not sure which case file you need?

Browse all 10 decision-specific case files and find the scenario that has your name on it.

See All Case Files →