Privacy Policy for LintGRC

Last Updated: May 30, 2026

At LintGRC, we respect your privacy and are committed to protecting the data you entrust to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (lintgrc.com) and use our compliance toolkits and templates. By using our services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect the minimum amount of information necessary to deliver our resources and support our users:

  • Account & Order Information: If you create an account or purchase a toolkit, we collect your name, email address, and billing information necessary to process your transaction and deliver your digital files.
  • Usage Data: We collect technical information automatically, such as IP addresses, browser types, Internet Service Provider (ISP), referring/exit pages, and date/time stamps. This data helps us understand how users interact with our resources and ensures our site remains secure.
  • Communications: If you contact us via email or a contact form, we store your contact details and the content of your message to respond to your inquiry and provide support.

2. How We Use Your Information

We use your personal data solely for the following purposes, based on the legal bases outlined in the GDPR section below:

  • To provide, maintain, and deliver the LintGRC toolkits and templates you request, including processing payments and managing your account.
  • To communicate with you regarding your orders, essential product updates, security alerts, or support requests.
  • To ensure the security of our website, detect and prevent fraud, and protect against unauthorized access.
  • To analyze anonymous usage trends and improve our website and product offerings.

3. Cookies and Tracking Technologies

We believe in a privacy-first architecture. We use only “strictly necessary” session cookies, which are essential for the basic functionality of our platform (such as keeping you logged in securely and remembering items in a cart). Because these cookies are required to provide our service, they do not require consent and are not used for tracking purposes.

We do not use advertising cookies, tracking pixels, or third-party analytics that monitor your behavior across the web for profiling or marketing. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept these strictly necessary cookies, some portions of our service may not function properly.

4. Third-Party Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data only with trusted third-party service providers who assist us in operating our business:

  • Payment Processing: Purchases are processed securely by Stripe. We do not store your full credit card details on our servers. Stripe’s privacy policy governs its handling of your payment information.
  • Hosting & Infrastructure: Our website is hosted on platforms like WordPress.com, which may collect basic server logs. We may use privacy-focused, first-party analytics that do not track you across sites.
  • Legal Compliance: We may disclose your information if required by law, subpoena, or to protect the rights, property, or safety of LintGRC, our users, or the public.

5. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Specifically:

  • Account Data: Retained as long as your account is active. If you close your account, we will delete or anonymize your data within 90 days, except for information needed for legal compliance, dispute resolution, or legitimate business records.
  • Order Records: Transaction records (excluding full payment card details) are retained for a minimum of 7 years to comply with tax and accounting regulations.
  • Usage Data: Automatically collected technical logs are retained for up to 12 months for security monitoring, after which they are aggregated or deleted.

6. Your Privacy Rights (GDPR & UK GDPR)

For users in the European Union, European Economic Area, and the United Kingdom:

If you are located in the EU, EEA, or UK, you have specific rights regarding your personal data. We process your information based on the following legal bases:

  • Contractual Necessity: To fulfill your purchase and deliver our toolkits.
  • Legitimate Interests: To maintain the security of our website and communicate essential service updates.
  • Consent: Where you have explicitly given permission (e.g., for optional marketing emails).

Your rights include the right to access, rectify, or erase your personal data; the right to data portability; the right to restrict or object to processing; and the right to withdraw consent at any time. To exercise these rights, contact us at the details below. You also have the right to lodge a complaint with your local supervisory authority (e.g., a Data Protection Authority in the EU).

7. California Privacy Rights (CCPA/CPRA)

For residents of California, USA:

Under the California Consumer Privacy Act, as amended by the CPRA, California residents have the right to request disclosure of the categories and specific pieces of personal information we have collected, the sources of that information, and the business purpose for collection. You also have the right to request correction of inaccurate data and deletion of your personal information.

Importantly, we do not sell or share personal information for cross-context behavioral advertising, and we have no actual knowledge of selling or sharing the data of minors under 16. You have the right to opt-out of such selling or sharing, though it is not practiced here. We will not discriminate against you for exercising any of your CCPA rights.

To submit a verifiable consumer request, please contact our dedicated privacy team at hello@lintgrc.com or use the phone number listed in Section 10. We will respond within 45 days as required by law.

8. Data Security

We take the security of your information seriously. We implement industry-standard administrative, technical, and physical safeguards, including TLS/SSL encryption for data in transit. We limit access to your personal information to employees and contractors who need it to provide our services. Please note that no method of electronic storage is 100% secure, but we strive to use commercially acceptable means to protect your data.

Note on Template Usage: LintGRC toolkits are designed to help you manage your own compliance obligations. We do not access, store, or process the sensitive compliance data you may input into our editable templates. That data remains solely under your control.

9. Updates to this Policy

We may update this Privacy Policy occasionally to reflect changes in our practices, technologies, or legal obligations. If we make material changes, we will notify you by posting a prominent notice on our website and, where appropriate, sending an email to the address associated with your account. The “Last Updated” date at the top of this page will be revised accordingly.

10. Contact Us & Privacy Inquiries

If you have questions, concerns, or wish to exercise your data rights regarding this Privacy Policy, please contact our dedicated privacy team through the following channels:

For CCPA requests, please use the email above with “California Privacy Request” in the subject line. We will respond to all privacy inquiries within 30 days (45 days for CCPA requests, as required by law)