Data Policy

Data We Store

When your organization uses Compliance Bootcamp, we store the following categories of data:

Data Retention

• Active accounts: data retained for the lifetime of the organization's subscription
• Cancelled accounts: data retained for 30 days after cancellation, then deleted
• Audit logs: retained for 12 months from creation
• Evidence files: retained until deleted by the user or 30 days after account deletion
• Billing records: retained for 7 years for financial compliance (Stripe holds payment records)
• Archived/suspended organizations: retained for 90 days before permanent deletion

Data Export

Organization Owners can export compliance data at any time from the Gap Analysis report (CSV and PDF formats). Evidence files can be individually downloaded from the Evidence repository. We recommend exporting your data before cancelling your subscription.

Data Deletion

You can delete your organization and all associated data by going to Settings → Organization → Delete Organization. This action is irreversible.

Individual users can be removed by an Admin from Settings → Team. Removed users lose access immediately; their historical audit log entries are retained for compliance purposes.

To request manual deletion of specific data, contact [email protected].

Data Portability

Your compliance data belongs to you. We provide CSV and PDF export for compliance reports, and individual evidence file downloads. If you need a full data export in machine-readable format, contact us and we will provide it within 30 days.

Sub-processors

We use the following sub-processors to operate the Platform:

• Railway — application hosting and PostgreSQL database (US)
• Cloudflare R2 — evidence file storage (S3-compatible object storage)
• Stripe — payment processing
• Anthropic Claude API — AI-assisted audit report parsing (uploaded PDFs only, not retained by Anthropic beyond request)

Contact

Anchor Cyber Security LLC
Biddeford, Maine 04005
[email protected]