Legal
Privacy Policy
Last updated: January 2026
Overview
ComplyIT365 collects only the personal data necessary to deliver the ITSM + GRC service and comply with applicable regulations. This policy explains what we collect, why, and your rights.
Data we collect
Identity data (name, work email), device metadata, tenant configuration, uploaded evidence and tickets. We do not sell personal data.
Legal bases
Contract performance, legitimate interest, and where required, explicit consent under GDPR / DPDP / UK GDPR.
Retention
Ticket and audit data is retained for the term of the subscription + 3 years, unless customer contract specifies otherwise.
Your rights
Access, correction, deletion, portability, and objection — request via privacy@complyit365.io.