Privacy Statement


Privacy Policy

ENGAIZ Inc. and its subsidiaries  (“ENGAIZ”, “we”, “us”, “our” and terms of similar meaning) take your privacy rights very seriously. We are committed to transparently describing our privacy practices, including how we collect, use and disclose (a) your personal or personally identifiable information (“Information”); and (b) data we obtain from your activity on the Services (as defined below) (“Data”) as part of providing the ENGAIZ website (https://www.ENGAIZ.com) (the “ENGAIZ Site”) and the ENGAIZ Software as a Service application (the “Application”) (collectively, the “Services”).

For purposes of the General Data Protection Regulation (the “GDPR”), the data controller for personal data processed under this Privacy Notice is ENGAIZ Inc. 20 Bay Street, 11th Floor, Toronto, ON M5J 2N8.
We encourage you to read and understand our Terms of Use (“Terms”) and this privacy policy (“Privacy Policy”) before using the Services. By accepting the Terms and/or Privacy Policy or by accessing the Services, you expressly consent to our collection, use and disclosure of your Information and Data in accordance with this Privacy Policy. This Privacy Policy is incorporated into and subject to our Terms.
All capitalized terms that are not otherwise defined herein obtain their meaning from the Terms.

1. What Information Do We Collect?

  • General : Our primary purpose in collecting Information and Data from you voluntarily is to provide you with a secure, efficient and customized experience when using the Services. We will only ask for and collect Information and Data that we consider necessary to ensure a positive experience.
  • Information and Data : 
    • When signing up for a User account on the , Clients and Users of the Services must provide the Information as requested or where indicated. Where possible, on these forms we indicate which fields are required and which fields are optional. Our primary purpose in collecting Data from you voluntarily is to provide a secure experience. When using the Services, we may collect, without limitation, Information and Data including: your first and last name, company name, email, address, phone number, vendor contracts, other information inputted by you and Data generated from your use of the Services.
    • As you use the Services, you can, or may be required, from time to time enter or send to us Information, which may include, without limitation, Information that you share on your account as a User or Client.
  • Payment and Banking Information : When you add a credit/debit card, payment method or banking information to any Client account, these payment details will be shared with our third-party payment processor(s). We do not store credit/debit card, payment method or banking information on our servers. If you modify which Administrator account provides payment for the Services, we will require that Information to be updated for your continued access to the Services.
  • Information and Data Collected Automatically : 
    • When you use the Services, ENGAIZ automatically receives and records Data from your device, including, but not limited to your GPS location, IP address, operating Data, device Data, other Application IDs, cookies, the page you requested, the timing, frequency and pattern of your use of the Services. This usage data may be processed for the purposes of analyzing the use of the ENGAIZ Site and the Application. Unless otherwise stated in this Privacy Policy, ENGAIZ only uses this Data in aggregate form.
    • “Cookies” and similar technologies are small files placed on your computer and devices that assist us in providing our Services. We and our third-party service providers use cookies and similar technologies to provide and personalize the Service, analyze use, target advertisements and prevent fraud. You can disable cookies in your browser settings, however, if you do so, some parts of the Service may not function properly.
    • Our website uses Google Analytics. Google Analytics is a service which transmits traffic data to Google Servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand traffic and usage of our website.

2. How Do We Use Your Information and Data?

  • To create and maintain your account : We may use your Information to determine your eligibility to be a Client or to continue to have a User account on the Service. We may also use your Information and Data to provide to you the license for the Services; to provide you with the Services; communicate with you, either directly or through one of our partners.
  • To respond to your inquiries : We will use your Contact Data and other personal data you may provide as necessary to respond to your inquiries, questions and/or other requests for information. We do this on the basis of our contractual obligations to you, our legal obligations, and our legitimate interests, depending on the nature of your inquiry.
  • Internal Processes and Service Improvement : We may use Identity Data, Contact Data, Device Data, Network Data, Commercial Data, and any other personal data we process as necessary in connection with our legitimate interests in improving the design and performance of our Services, to create a personalized user experience, and for ensuring the security and stability of the Services. Specifically, (i) we may use this data to understand what parts of our Services are most relevant to users, how users interact with various aspects of our Services, how our Services perform or fail to perform, etc., and we may also use this information in connection with the provision of new features, products, and analytics tools to be used by other clients; (ii) we may personalize the Service by greeting you by name, or associating users with particular customers; and (iii) we may analyze use of the Services to determine if there are specific activities that might indicate an information security risk to the Services or our clients or users. We do this on the basis our legitimate interests.
  • Marketing Communications :. We may process Identity Data, Device Data, Network Data and Contact Data in connection with our marketing and promotional communications if you sign up for such communications, or of you inquire about or register for our Services. We may also process Device/Network Data and Contact Data when you interact with our communications in connection with our interest in understanding communication response and open rates. When you sign up for marketing communications, we send you emails based on your consent, and any other processing is performed on the basis of our legitimate interests.
  • Facilitate transactions and payments (if and as applicable) :  resolve service disputes; troubleshoot problems; to analyze usage of our Services; to improve our content and product offerings; deliver information to you that, in some cases, is relevant to your interests; customize your experience, the content, layout and services.
  • Exceptional Purposes : We may, without your consent or further notice to you, and to the extent required or permitted by law, process any of your personal data for purposes determined to be in the public interest or otherwise required by law. For example, detect and protect us against error, fraud and other criminal activity.
  • Provide you with system or administrative messages : and/or as otherwise described to you at the time of collection. These uses improve the Services and better tailor it to meet your needs, so as to provide you with a secure, efficient and customized experience while using the Services.

3. Our Disclosure of Your Information and Data

  • General Disclosure : We may share your Information and Data with third parties only in the ways that are described in this Privacy Policy and in accordance with your consent. We will not share, sell or rent your Information or Data to third parties without your explicit consent.
  • Anonymized Aggregated Data : We may aggregate and anonymize your Data and use and disclose it for a variety of purposes, including analytics, to improve our algorithms, measure service usage, publish summaries and develop new features. We will not display or otherwise disclose information where a User can be identified.
  • Subsidiaries, Affiliates & Service Providers : We may use the services of subsidiaries, affiliates and third party service providers (collectively, “Third Parties”) in connection with our provision of the Services, including, without limitation, for the processing of payments, off-premise data hosting, communication services, account hosting, and Information collecting and analysis services. We may disclose your Information and Data to the Third Parties in the course of our use of their services. We take care to use Third Parties that we believe are reputable and capable of performing the services we require of them, including, without limitation, the handling of confidential information and Information and Data and the compliance with all applicable laws.
  • Laws and Jurisdictions : Notwithstanding anything to the contrary in this Privacy Policy, we may preserve or disclose your Information and Data if we believe that it is reasonably necessary to comply with a law, regulation or legal request; to protect the safety of any person; to address fraud, security or technical issues; or to protect our or any other person’s or entity’s rights or property. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your Information and Data.
  • Sale of Business : We may disclose Information and Data to the acquiror or its agents in the course of the sale of our business. If we do this, the disclosure will be subject to confidentiality arrangements customary in such transactions.
  • Storing and Processing Your Information and Data : In some cases, Information and Data that we collect may be stored or processed outside of the jurisdiction it is received. When that occurs, we continue to protect the Information and Data with appropriate safeguards and data export requirements, but it may be subject to the legal jurisdiction of those countries and governmental authorities in those countries.

4. Communication Preferences

You can always unsubscribe from our commercial and promotional emails, but we may still send you communications relating to your status as a Client and your Users and your use of the Services in accordance with applicable anti-spam legislation.

5. Information and Data Retention

  • General Retention Policy : We will periodically de-identify (a) Information from collected Data in unused User Accounts; and (b) unnecessary Information from Data collected elsewhere on and/or through the Services.
  • Termination of User Account : If your User Accounts are terminated, we will deactivate them, but we may retain your Information and Data for a certain period of time and disclose it in a manner consistent with our practices under this Privacy Policy.

6. Your Information and Data Rights

In accordance with the applicable privacy laws, you may have the following rights with respect to your Information and Data. You may exercise your rights by contacting us using the contact information below. Note, we may require that you provide additional personal data to exercise these rights, e.g. information necessary to prove your identity.
  • Right of Access and Portability : You may ask for an overview or copy of your Information and/or Data to be provided to you; and/or transferred to another organization. To the extent required by applicable law, we will send you a copy of your personal data in a common portable format of our choice.
  • Right to Rectification : You may review your Information and delete and/or update it through your User Account or by contacting us, to ensure it is accurate and complete on the Services.
  • Right to Erasure and Restriction : You may ask us to remove and/or restrict our processing of your Information and/or Data in certain circumstances (e.g. if you believe we have processed your Information and/or Data unlawfully, if you believe that your Information and/or Data is no longer necessary for the purposes in which it was collected or processed, you withdraw your consent (as discussed below). Notwithstanding the foregoing, despite such request, subject to all applicable laws and the terms and conditions of this Privacy Policy, we may still retain your Information and Data for legitimate business interests, to collect any fees owed (if and as applicable), resolve disputes, troubleshoot problems, analyze usage of the Services, assist with any investigations, prevent fraud, enforce our Terms and/or take other actions as required or permitted by law.
  • Right to Withdraw Consent : Where we have asked for your consent to use and/or process your Information and Data, you can withdraw this consent at any time by contacting us using the contact information below, or using the opt-out procedures we may make available from time to time. We will do our best to accommodate your request, subject to applicable laws and the terms and conditions of this Privacy Policy.
  • Objection : You may have the right under applicable law to object to our processing of your personal data that we undertake without your consent as in connection with our legitimate business interests. You may do so by contacting us re: data rights requests. Note that we may not be required to cease, or limit processing based solely on that objection, and we may continue processing cases where our interests in processing are balanced against individuals’ privacy interests, or where we are otherwise not obligated to limit or cease processing.
  • Unsubscribe : You have the choice to opt-out of or withdraw your consent to processing related to direct marketing communications. If you receive marketing emails from us, you can unsubscribe our emails by clicking “unsubscribe” within each email. To opt-out of the collection of information relating to email opens, configure your email so that it does not load images in our emails. You may not have the right to opt-out of certain Service-related communications, transactional communications, or other messages which are not promotional in nature.
  • California Rights : Residents of California (and others to the extent required by applicable law) may request a list of personal data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year. Upon receipt of a verifiable request, you may also request that we provide you a copy of your personal data, direct us to stop selling or disclosing personal data for certain purposes (if we have done so), and receive information regarding: (1) the categories of personal data we have collected about you, or that we have sold, or disclosed for a commercial purpose;(2) the categories of sources from which your personal data was collected; (3) the business or commercial purpose for which we collected or sold your personal data; (4) the categories of third parties with whom we have disclosed your personal data, or sold, or disclosed it for a business purpose; and (5) the specific pieces of personal data we have collected
Please contact us at [email protected] if you would like to exercise any of the above rights.

7. Security

We strive to protect your Information and Data by putting in place a range of technical and organizational measures to safeguard and secure the Information and Data we receive from you, including without limitation, security technologies. We are continuously utilizing security measures to protect your Information and Data from unauthorized access or against loss, misuse or alteration. Despite our efforts, we cannot guarantee the security of your Information and Data. Unauthorized entry or use, hardware or application failure and other factors, may compromise the security of your Information and Data at any time. We reserve the right, without any limitation, to investigate any suspected breaches of the Services’ security or information technology or other systems or networks.

8. Children under the Age of 16

Our Services are not directed to, and we do not knowingly collect or solicit personal data from, children under the age of 16. If we learn we have collected or received personal data from a child under the age of 16, we will delete that information. If you believe we might have any information from or about a child under the age of 16, please contact us using the contact information below.

9. Changes to This Privacy Policy

ENGAIZ may amend this Privacy Policy from time to time. The use of Information and Data we collect is subject to the Privacy Policy in effect at the time the Information or Data is used. If we make any material changes in the way we use your Information or Data, we will notify you by (a) posting a notice on the Client and User Account page of the Application or elsewhere on the Services; or (b) e-mailing you at your e-mail address associated with your Client, Administrator or User Account. Clients and Users of the Services are bound by any changes to the Privacy Policy when they use the Services after such changes have been first posted.

10. Questions?

It is our goal to make our privacy practices easy to understand. If you have questions, concerns or if you would like more detailed information, please email our data controller at [email protected].


If by postal mail, write to –


USA & Canada

20 Bay Street, 11th Floor , Toronto, ON M5J 2N8. Canada.



ENGAIZ GRC Solutions Private Limited

36 Infantry Road, Prestige Central, HD-037 WeWork,

Bangalore – 560 001.