Privacy Policy

Privacy Policy

Last updated: January 2026

SecurDI LLC ("we", "our", or "us") operates Compass (usecompass.io). This Privacy Policy explains how we collect, use, and protect your information.

Information We Collect

Account Information

  • Email address
  • Name
  • Organization name
  • Password (encrypted)

Usage Data

  • Pages visited and features used
  • Discovery reports created
  • Connected systems and configurations (metadata only)

Connector Data

When you connect enterprise systems (Okta, Azure AD, ServiceNow, etc.), we access:

  • Aggregated metrics and counts
  • Configuration settings relevant to IAM analysis
  • We do not store raw user data, passwords, or sensitive PII from connected systems

Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Log data

How We Use Your Information

We use collected information to:

  • Provide and improve Compass services
  • Generate AI-powered discovery reports
  • Communicate about your account and service updates
  • Ensure security and prevent fraud
  • Comply with legal obligations

Data Storage and Security

  • Data is stored on secure servers in the United States
  • We use encryption in transit (TLS) and at rest
  • Access to data is restricted to authorized personnel
  • We implement industry-standard security practices

Data Retention

  • Account data is retained while your account is active
  • Discovery reports are retained for 2 years or until you delete them
  • You can request deletion of your data at any time

Third-Party Services

We use the following third-party services:

  • Stripe - Payment processing
  • Vercel - Website hosting
  • Railway - AI service hosting
  • Neon - Database hosting
  • Anthropic - AI model provider (no user data stored)

Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data
  • Export your data
  • Opt out of marketing communications

GDPR Compliance

For EU residents, we comply with GDPR requirements including:

  • Lawful basis for processing
  • Data minimization
  • Right to erasure
  • Data portability

CCPA Compliance

For California residents, you have the right to:

  • Know what personal information is collected
  • Delete personal information
  • Opt-out of sale of personal information (we do not sell data)
  • Non-discrimination for exercising rights

Children's Privacy

Compass is not intended for users under 18. We do not knowingly collect data from children.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or website notice.

Contact Us

For privacy-related inquiries:

  • Email: privacy@usecompass.io

For data deletion requests, email: dpo@usecompass.io