Legal
Last updated: January 1, 2026 · Effective: January 1, 2026
Account Information: When you register for GridGuard, we collect your name, email address, organization name, and job title. This information is used to create and manage your account.
Usage Data: We collect information about how you interact with the platform, including pages visited, features used, and actions taken. This data helps us improve the product and provide support.
Compliance Data: GridGuard stores the compliance documentation, RSAW narratives, mitigation plan records, and regulatory filings you create within the platform. This data is owned by you and your organization.
Technical Data: We collect standard server logs including IP addresses, browser type, device information, and access timestamps for security and operational purposes.
Service Delivery: To provide, operate, and maintain the GridGuard compliance platform and all its features.
Product Improvement: To analyze usage patterns and improve platform functionality, performance, and user experience.
Customer Support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.
Security: To detect, prevent, and address fraud, abuse, security incidents, and other harmful activities.
Communications: To send you product updates, security notices, and administrative messages. You may opt out of marketing communications at any time.
We do not sell your data. The Compliance Consortium LLC does not sell, rent, or trade your personal information or compliance data to third parties.
Service Providers: We share data with trusted third-party vendors who assist in operating our platform (e.g., cloud hosting, analytics). These providers are contractually bound to protect your data and may not use it for their own purposes.
Legal Requirements: We may disclose information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect the rights, property, or safety of our users or the public.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
We implement industry-standard security measures to protect your data, including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, and regular security audits.
GridGuard is designed with SOC 2 Type II compliance principles and NERC CIP-aligned security controls. Our infrastructure is hosted in US-based data centers with physical and logical access controls.
While we take reasonable precautions to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to use strong passwords and enable multi-factor authentication.
We retain your account and compliance data for as long as your account is active or as needed to provide services. If you close your account, we will retain your data for 90 days to allow for account recovery, after which it will be permanently deleted.
Certain data may be retained longer if required by law or for legitimate business purposes such as resolving disputes or enforcing agreements.
You may request deletion of your data at any time by contacting us at [email protected].
Access and Portability: You have the right to access the personal information we hold about you and to request a copy in a portable format.
Correction: You may update or correct inaccurate personal information through your account settings or by contacting us.
Deletion: You may request deletion of your personal information, subject to certain legal and contractual obligations.
Opt-Out: You may opt out of marketing communications at any time by clicking the unsubscribe link in any email or contacting us directly.
California Residents: If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know, delete, and opt out of the sale of personal information.
GridGuard uses cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze platform usage. We use strictly necessary cookies (required for the platform to function) and analytics cookies (to understand usage patterns).
You can control cookie settings through your browser. Disabling cookies may affect the functionality of the platform.
GridGuard may integrate with third-party services such as single sign-on providers, document management systems, and regulatory data feeds. When you connect a third-party service, that service's privacy policy governs how they handle your data.
We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies before connecting them to GridGuard.
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on the platform at least 30 days before the changes take effect.
Your continued use of GridGuard after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
The Compliance Consortium LLC
Email: [email protected]
Website: gridguardcompliance.com