Privacy Policy

1. Information We Collect

We collect the following types of information from users of our Services:

• Personal Information: Information that identifies you, such as your full name and email address, which you provide when you create an account or contact us.
• Payment Information: Billing information processed through our third-party payment provider, Stripe. We do not store your credit card details on our systems.
• Compliance Information: Information you upload or provide to our platform related to Cybersecurity Maturity Model Certification (CMMC) compliance, such as documentation, evidence, or notes. This may include files you select from your Dropbox account via our integration.
• Usage Information: Information collected automatically when you use our Services, such as IP addresses, browser type, device information, and usage data (e.g., pages visited, features used).

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve our Services, including account management and customer support.
• To process payments and manage subscriptions through our third-party payment provider.
• To facilitate compliance workflows, such as generating reports, organizing evidence, or extracting files from your Dropbox account for CMMC compliance.
• To monitor and analyze usage of our Services to improve functionality and user experience.
• To communicate with you, including sending service-related emails (e.g., account updates, technical notices).
• To ensure the security of our Services and comply with legal obligations.

3. Third-Party Service Providers

We use third-party service providers to perform essential functions for our Services. These providers may have access to certain information to perform their services, but they are contractually obligated to protect your data and use it only for the purposes we specify.

• Authentication: We use Clerk to manage user authentication. Clerk processes your email address and login credentials in accordance with its privacy policy, available at clerk.com/privacy.
• Payments: We use Stripe to process payments. Stripe collects and processes your payment information in accordance with its privacy policy, available at stripe.com/privacy.
• Emails: We use Resend to send transactional and service-related emails. Resend processes your email address in accordance with its privacy policy, available at resend.com/legal/privacy-policy.
• File Integration: We use Dropbox to allow users to authenticate via Dropbox Single Sign-On (SSO) and select files from their Dropbox accounts for compliance purposes. When you authorize our app, Dropbox processes your account credentials and provides access to file contents and metadata, in accordance with its privacy policy, available at dropbox.com/privacy.
• File Storage: We use Cloudflare R2 to store compliance files uploaded to our platform. Cloudflare R2 processes your files in accordance with its privacy policy, available at cloudflare.com/privacypolicy.

If we use additional third-party services in the future, we will update this Privacy Policy to reflect those changes.

4. Data Security

We implement industry-standard security measures to protect your information, including:

• AES-256 encryption for all files, notes, and compliance data stored on our platform.
• Secure transmission of data using HTTPS.
• Access controls to limit data access to authorized personnel only.

While we strive to protect your information, no system can be guaranteed to be 100% secure. If you have concerns about the security of your data, please contact us.

5. Data Retention and Deletion

We retain your information for as long as necessary to provide our Services and fulfill the purposes outlined in this Privacy Policy, or as required by law.

You may request deletion of your account and associated data by contacting us at support@wrayresources.com. Upon receiving your request, we will delete your account and data within a reasonable timeframe, except for information we are required to retain for legal, tax, audit, or compliance purposes (e.g., payment records, logs required for CMMC compliance).

Usage data (e.g., logs, analytics) may be retained in anonymized form for longer periods to improve our Services.

6. Data Sharing

We do not sell, rent, or share your personal information with third parties, except in the following circumstances:

• Service Providers: We share information with third-party service providers (e.g., Clerk, Stripe, Resend, Dropbox, Cloudflare R2) as necessary to provide our Services, as described in Section 3.
• Legal and Compliance Requirements: We may disclose information if required by law, such as in response to a subpoena, court order, or other legal process, or to comply with applicable compliance obligations (e.g., CMMC audits).
• Business Transfers: If our company is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, but we will notify you of any such change.

7. Children's Privacy

Our Services are not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will take steps to delete it as soon as possible.

8. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website or by sending you an email or in-platform notification. Your continued use of our Services after the effective date of the updated policy constitutes your acceptance of the changes.

9. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Email: support@wrayresources.com