Kimova AI Privacy Policy
Introduction
Kimova AI ("we," "our," or "us") is committed to protecting the privacy of your organization's data when conducting information security audits for ISO 27001 certification using our AI-powered platform. This Privacy Policy describes the types of information we collect, how we use it, and the steps we take to protect it.
1. Information We Collect
We collect the following types of information:
1.1 Personal Data
- Contact Information: Name, email address, phone number, and job title.
- Company Information: Company name, address, size, industry, and other relevant details.
- Payment Information: When you make purchases, we ask for your name, contact information, and payment details (credit card or other payment account information). We store the cardholder's name, address, expiry date, and the last four digits of the card number. The actual credit card number is not stored. If authorized, we store payment information in encrypted format with our Payment Gateway Service Providers.
1.2 Usage Data
- Log Data: Pages visited, time spent on pages, and other usage statistics.
- Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies, including data from Google Analytics and Bing Analytics.
1.3 Sensitive Data (Audit Data)
As part of the ISO 27001 audit process, we collect sensitive information related to your organization's security posture, such as:
- Security Policies and Procedures: Documentation of security practices.
- Network Diagrams and Asset Inventories: Organizational structure and assets.
- Risk Assessments and Incident Reports: Details of previous assessments and incidents.
- Audit Logs and Access Controls: Security logs and user access data.
- Information Security Objectives and Procedures: Compliance-related data.
- Vulnerability Assessments: Results from security testing and risk assessments.
1.4 Analytics Information
- Technical Data: IP address, browser type, operating system, and browsing behavior collected through Google Analytics and Bing Analytics.
2. How We Use Your Information
We use the information we collect for the following purposes:
- To conduct ISO 27001 gap assessments and provide a comprehensive report on your information security posture.
- To facilitate payments and manage billing.
- To improve the accuracy and efficiency of our AI platform.
- To communicate with you regarding audit progress, results, and service updates.
- To comply with legal and regulatory requirements.
- For internal analytics and product development.
3. Data Storage & Security
Your data is stored in encrypted form on:
- Firebase and Google Cloud Buckets.
We implement strict security measures, including access controls and regular security audits, to ensure only authorized personnel can access your data. All payment data is processed by our Payment Gateway Service Providers in compliance with security standards.
4. Data Retention
We retain your data for 3 months after the deletion of your user profile and account, after which it will be permanently deleted unless a longer retention period is required by law.
5. Third-Party Service Providers
We use the following third-party service providers to store or process your data:
- Firebase (by Google) for data storage and authentication.
- Google Analytics and Bing Analytics to track website usage and gather analytics data.
- Payment Gateway Providers to process payments securely.
These third-party service providers may collect and process your data in accordance with their privacy policies. We ensure that these providers adhere to strict data security standards.
6. Your Rights
You have the following rights concerning your data:
- The right to access and rectify your company and personal information.
- The right to request permanent deletion of your organization data, subject to legal or regulatory restrictions.
You can contact our DPO at dpo@kimova.ai for data protection-related queries.
7. Cookies and Tracking
We use cookies provided by Google Analytics and Bing Analytics to track and analyze website usage.
8. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. In the event of significant changes, we will notify registered users via email and post the updated policy on our website. Please review this page periodically for any updates.
9. Contact Us
If you have any questions about this Privacy Policy or your data, please contact our DPO at dpo@kimova.ai.