Legal

Privacy Policy

Last updated: January 2026

Overview

ComplyIT365 collects only the personal data necessary to deliver the ITSM + GRC service and comply with applicable regulations. This policy explains what we collect, why, and your rights.

Data we collect

Identity data (name, work email), device metadata, tenant configuration, uploaded evidence and tickets. We do not sell personal data.

Legal bases

Contract performance, legitimate interest, and where required, explicit consent under GDPR / DPDP / UK GDPR.

Retention

Ticket and audit data is retained for the term of the subscription + 3 years, unless customer contract specifies otherwise.

Your rights

Access, correction, deletion, portability, and objection — request via privacy@complyit365.io.