1. Who We Are

CompHolis is a compliance management platform designed to help organisations manage security, risk, and regulatory requirements in a clear and practical way.

For the purposes of data protection laws, CompHolis is the data controller for personal data collected through this website and, depending on the service arrangement, a data processor for client data stored within the platform.

2. The Information We Collect

We collect only the information we genuinely need to operate our website and provide our services.

This may include:

• Website information, such as IP address, browser type, device type, pages visited, and usage patterns
• Contact information, such as name, email address, and organisation details when you contact us or request information
• Account and platform data, provided by clients and their users when using the CompHolis platform
• Support communications, including emails and messages sent to us

We do not knowingly collect data from children.

3. How We Use Your Information

We use personal data for the following purposes:

• To operate, maintain, and improve our website and services
• To respond to enquiries and provide customer support
• To manage user accounts and platform access
• To meet legal, regulatory, and contractual obligations
• To monitor website performance and usage trends using anonymised analytics

We do not use personal data for purposes that are incompatible with these aims.

4. Use of Artificial Intelligence (AI)

CompHolis uses AI-assisted processing features to support functionality within the platform, such as analysis, categorisation, or automation.

We are very clear about how this works:

• AI processing is used only to deliver platform functionality
• No client data is ever used to train AI models
• No client data is made available to external AI providers for retention or training
• Data processed by AI remains within the CompHolis controlled environment and is handled in line with this policy

AI is used as a tool to assist users - not as a mechanism to extract, reuse, or monetise their data.

5. Data Storage Locations and Geographical Controls

We recognise that data residency matters.

Client data is stored in geo-fenced data centres, selected by the client. Available locations include:

• United Kingdom
• European Union (Ireland)
• European Union (Germany)
• United States of America
• Singapore

Client data remains within the selected geographic region unless the client explicitly requests otherwise.

6. Data Retention and Deletion

We retain personal data only for as long as it is needed to fulfil its purpose and meet legal or contractual requirements.

Retention periods are aligned with:

• The laws and regulations applicable to the geographic location where the data is stored
• Contractual obligations with our clients

Permanent deletion:

All client data can be permanently deleted upon request. Once deleted, data is removed from active systems and backups in line with secure deletion procedures.