Seal AuditAudit-first

Privacy

Privacy Policy

Last updated: May 15, 2026

1. Overview

SealAudit operates a compliance workflow platform that helps organizations configure, execute, and audit field-based operational processes. This privacy policy describes what personal data we collect, why we collect it, how we use it, and what rights you have.

2. Data controller

The data controller responsible for your personal data is the SealAudit organization. For questions about this policy or your data, contact support@sealaudit.com.

3. What data we collect

We collect only the data needed to operate compliance workflows and maintain audit records. This includes:

  • Account data: name, email address, organization name, and role when you create an account or are invited to an organization.
  • Authentication data: login credentials managed through our identity provider (Clerk). We do not store passwords directly.
  • Workflow execution data: timestamps, verification outcomes, action completion states, and form responses generated when users complete workflows.
  • Location data: browser-reported geolocation coordinates, collected only when a user explicitly consents during a geolocation verification step. Location data is never collected without direct browser-level consent.
  • Contact form data: name, email, company, role, request type, and message content submitted through the contact form.
  • Usage analytics: anonymized page views, CTA clicks, and scroll depth. We do not collect personally identifiable information through analytics events.

4. How we use your data

  • To provide and operate the SealAudit platform, including workflow execution, audit trail management, and organization administration.
  • To communicate with you about your account, subscription, or support inquiries.
  • To maintain the integrity of the audit trail, which by design stores execution records in an append-only structure.
  • To improve the product through aggregated, anonymized usage patterns.

5. Data retention

  • Audit trail records (workflow executions, verification outcomes, action evidence) are retained for the lifetime of the organization account to preserve compliance evidence integrity.
  • Account data is retained while your account is active and for a reasonable period after deletion to fulfill legal and contractual obligations.
  • Contact form submissions are retained for up to 12 months unless a longer retention period is required by law.
  • Analytics data is anonymized and aggregated; it is not linked to individual user profiles.

6. Data sharing

  • We do not sell personal data to third parties.
  • Data is shared with service providers only as necessary to operate the platform (identity management, infrastructure hosting, email delivery).
  • Within an organization, members with appropriate roles can view workflow execution records and audit events as part of normal compliance operations.
  • We may disclose data when required by law or to protect the safety of our users and the public.

7. International data transfers

SealAudit is hosted on infrastructure that may process data in the United States and other jurisdictions. If you access the platform from the European Union, Australia, or other regions with data protection laws, your data may be transferred to and processed in the United States. We take appropriate safeguards to protect your data during transfer.

8. Your rights

Depending on your jurisdiction, you may have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate personal data.
  • Deletion: request deletion of your personal data, subject to legal and contractual retention obligations (including audit trail integrity requirements).
  • Restriction: request that we restrict processing of your data in certain circumstances.
  • Portability: request your data in a structured, machine-readable format.
  • Objection: object to processing of your data for specific purposes.
  • Complaint: lodge a complaint with your local data protection authority.

9. Consent-based location collection

Geolocation verification is an optional workflow feature. When enabled, field users are prompted through their browser's permission system before any coordinates are shared. The browser controls the consent interaction, not SealAudit. Users can decline location sharing, and the verification outcome is recorded as a denied attempt rather than silently ignored.

10. Security

We implement industry-standard technical and organizational measures to protect personal data, including encryption in transit and at rest, tenant-scoped data isolation, and role-based access controls. No system is completely secure, and we encourage users to use strong authentication practices.

11. Children's privacy

SealAudit is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated last-modified date. Material changes will be communicated through the platform or by email where appropriate.

13. Contact

For privacy inquiries, data access requests, or questions about this policy, contact support@sealaudit.com.