Privacy Policy
Last Updated: May 2026
1. Introduction & Scope
House of GRC (“we,” “us,” or “our”) provides compliance tools, guides, and advisory resources for founders and security teams. This Privacy Policy details how we collect, process, secure, and share your information when you use our website, tools, newsletter services, or submit leads.
By accessing our tools, subscribing to newsletters, or submitting forms, you consent to the processing of your data in accordance with this Policy.
2. EU GDPR Compliance & Lawful Basis
For users located within the European Economic Area (EEA), we process personal data in compliance with the General Data Protection Regulation (GDPR). Our lawful bases for processing your data include:
- Consent: When you voluntarily submit your email to subscribe to updates, news tips, roadmaps, or custom reports.
- Legitimate Interests: To analyze Self-Assessment Scores, optimize GRC mappings, and match your business with vetted partners who can assist with your certification audits.
3. EU AI Act & Algorithmic Transparency
Our interactive tools (including the SOC 2 Assessment, Framework Finder, and Kickstart Wizard) process your answers using rules-based algorithmic engines to output compliance recommendations, scores, and checklist timelines.
Under the EU AI Act transparency rules, we disclose that these systems do not make automated legal decisions. They are designed as self-assessment tools. The recommendations generated are suggestions based on industry standards, and final auditor scopes must be verified independently.
4. Key Disclosure: Data Usage & Lead Sharing
Your data is processed and used for:
- Compliance analysis, security gap tracking, and generating custom checklist PDF reports.
- Sending newsletters, cybersecurity news tips, and educational GRC updates.
- Lead Sharing: Your contact details and readiness profile responses may be shared with vetted third-party GRC advisory firms, tool vendors (e.g., Vanta, Drata), and accredited third-party auditing firms as business leads. This sharing occurs to connect you with partners qualified to conduct formal certification audits.
5. Information We Collect
We collect data when you interact with our pages, including:
- Contact Information: Work email, name, and company name.
- Company Profile Data: Team size, security maturity, timeline, customer locations, and compliance objectives.
- System Answers: Selected frameworks, Trust Services Criteria configurations, and gap answers.
6. Your Rights
Depending on your location (including the EU/EEA), you have rights regarding your personal data:
- Access & Portability: Request a copy of the data we hold.
- Rectification & Erasure (“Right to be Forgotten”): Ask us to update incorrect data or delete your records.
- Withdraw Consent: Opt-out of newsletters or request that your contact details no longer be shared with partner firms.
To exercise any of these rights, please email us at updates@houseofgrc.com.
7. Security & Retention
We implement industry-standard encryption to protect your data in transit and rest. Responses are retained in our secure Supabase database and Resend contact lists. We retain personal data only as long as necessary to fulfill the analysis, update, and referral purposes outlined in this Policy.
© 2026 House of GRC · New Delhi, India