Privacy policy

1. Introduction

Easygovernance Limited (trading as Easygovernance) ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website easygovernance.ie or use our services, in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws in Ireland and the European Union (EU).

2. Data controller

Easygovernance Limited (trading as Easygovernance) is the data controller responsible for processing your personal data. If you have any questions about this Privacy Policy or your rights, you can contact us at:

3. Personal data we collect

We may collect and process the following categories of personal data:

• Identity data: Name, title, position, company name, and professional details
• Contact data: Business address, email address, phone number, and website
• Financial data: Bank account details, payment information, invoicing details
• Transaction data: Details about payments, services purchased, and transaction history
• Technical data: IP address, browser type, device information, and operating system
• Usage data: Information about how you use our website, products, and services
• Marketing data: Your preferences for receiving marketing communications
• Professional data: Information about your business, governance needs, and compliance requirements
• Pre-signup funnel data: When you complete our onboarding questionnaire at /get-started/, we record your answers (organisation type, size, governance practices, applicable frameworks), your IP address, and browser user-agent. This happens before any account is created. Legal basis: legitimate interest (product improvement and abuse prevention). Retention: 90 days from collection if you do not proceed to sign up; permanently linked to your workspace if you do.

4. How we collect personal data

We collect personal data through:

• Direct interactions: When you fill out forms, request services, subscribe to newsletters, or contact us
• Automated technologies: Through cookies and similar tracking technologies on our website
• Third parties: From business partners, service providers, publicly available sources, or professional networks
• Service delivery: During the provision of governance and compliance services

5. Legal basis for processing

We process your personal data based on the following legal grounds:

• Consent: When you provide explicit consent for specific purposes
• Contract: When processing is necessary to perform our services or honour our agreement with you
• Legal obligation: To comply with legal, regulatory, or compliance requirements
• Legitimate interests: For our legitimate business interests, provided they don't override your rights

6. How we use your personal data

We use your data for the following purposes:

• To provide governance, compliance, and advisory services
• To process payments and manage client accounts
• To communicate about our services, updates, and relevant business matters
• To send marketing communications and promotional offers (with your consent)
• To comply with legal obligations and regulatory requirements
• To improve our website, services, and user experience
• To maintain business records and conduct analytics
• To protect our business interests and prevent fraud

7. Data sharing and disclosure

We may share your personal data with:

• Service providers: Third-party vendors who assist in our operations (IT support, payment processors, marketing platforms)
• Professional partners: Legal advisors, accountants, and other professional service providers
• Regulatory authorities: When required by law or regulation
• Business transfers: During mergers, acquisitions, or asset sales
• Client consent: When you explicitly authorise sharing with specific third parties

We ensure that all third parties handling your data comply with GDPR requirements and provide appropriate safeguards.

Sub-processors

We use a small number of trusted service providers ("sub-processors") to operate the platform. Each is bound by a data processing agreement and provides GDPR-appropriate safeguards. Our current sub-processors are:

• Supabase — database and document hosting (our primary data store). Hosted in the EU (Ireland, eu-west-1).
• Cloudflare R2 — encrypted off-site backup of stored documents and records, retained in a European Union jurisdiction for data residency.
• Stripe — payment processing for subscriptions and donations. Card details are handled by Stripe directly; we do not store full card numbers.
• Resend — delivery of transactional email (account, governance, and notification messages).

We review this list as our providers change and update it here. Some sub-processors may process limited data outside the EU/EEA; where they do, the safeguards in Section 8 (International data transfers) apply.

8. International data transfers

If your personal data is transferred outside the EU/EEA, we ensure it is protected through:

• Adequacy decisions from the European Commission
• Standard Contractual Clauses approved by the European Commission
• Other legally approved transfer mechanisms
• Appropriate technical and organisational security measures

9. Data retention

We retain your personal data only for as long as necessary to:

• Fulfil the purposes outlined in this Privacy Policy
• Comply with legal, regulatory, and professional obligations
• Maintain business records as required by law
• Resolve disputes and enforce our agreements

After the retention period expires, your data will be securely deleted or anonymised.

Pre-signup funnel data (questionnaire answers, IP, browser metadata captured at /get-started/ before an account is created) is automatically deleted 90 days after collection unless you proceed to sign up for a trial, in which case it becomes part of your workspace record. If you want your pre-signup data deleted sooner, email privacy@easygovernance.ie and we will remove it within 30 days.

10. Your rights under GDPR

You have the following rights regarding your personal data:

• Right of access: Request access to your personal data
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure: Request deletion of your data ("right to be forgotten")
• Right to restriction: Limit processing of your data
• Right to data portability: Request transfer of your data to another entity
• Right to object: Object to processing based on legitimate interests or direct marketing
• Right to withdraw consent: Revoke consent at any time, where applicable

To exercise your rights, contact us using the details in Section 2. We will respond within one month, subject to applicable legal exceptions.

11. Data security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Access controls and authentication systems
• Regular security assessments and updates
• Staff training on data protection
• Incident response procedures

12. Cookies and tracking technologies

Our website uses cookies and similar technologies to:

• Ensure proper website functionality
• Analyse website usage and performance
• Personalise your experience
• Deliver targeted advertising (with your consent)

You can manage cookie preferences through your browser settings. For detailed information, see our Cookie Policy.

13. Marketing communications

With your consent, we may send you marketing communications about our services, industry updates, and relevant business information. You can opt out at any time by:

• Clicking the unsubscribe link in our emails
• Contacting us directly
• Updating your preferences in your account settings

14. Third-party links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal data.

15. Complaints

If you have concerns about our data processing practices, you can:

1. Contact us directly using the information in Section 2
2. File a complaint with the Irish Data Protection Commission:

16. Updates to this policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. We will notify you of significant changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Updating the "Last Updated" date at the top of this policy

Your continued use of our services after changes indicates acceptance of the updated policy.

17. Contact us

For questions, concerns, or to exercise your rights regarding this Privacy Policy, please contact us: