Anchor Bootcamp
Compliance Bootcamp

Privacy Policy

Last updated: May 2026

Compliance Bootcamp — by Anchor Cyber Security LLC

Who We Are

Anchor Cyber Security LLC ("Anchor," "we," "our," or "us") operates Compliance Bootcamp ("the Platform"), a compliance improvement platform for organizations tracking GRC frameworks. We are located in Biddeford, Maine 04005.

Data We Collect

When you create an account or are invited to an organization on the Platform, we collect:

Account & Organization Data

  • Email address and full name
  • Organization name, domain, and industry
  • User role (Owner, Admin, Member, Viewer)

Compliance & Usage Data

  • Control status updates and notes you enter
  • Evidence files you upload (stored in Cloudflare R2)
  • Remediation tasks you create or are assigned
  • Audit report files you import
  • Compliance snapshots and gap analysis results
  • Audit logs of all actions taken within your organization

Billing Data

  • Stripe customer ID and subscription status
  • Payment card data is processed and stored exclusively by Stripe — we never see or store card numbers

Technical Data

  • Session tokens (stored as secure HTTP-only cookies)
  • IP address (recorded in audit logs for security purposes)
  • Browser type and device information for session management

How We Use Your Data

  • Authenticate and authorize your access to the Platform
  • Provide compliance tracking and reporting features
  • Send transactional emails (task assignments, evidence expiration alerts, team invitations)
  • Process your subscription billing through Stripe
  • Detect abuse, enforce our Terms of Service, and investigate security incidents
  • Improve the Platform based on aggregated, anonymized usage patterns

We do not sell your data. We do not use your compliance data for any purpose other than providing the Platform to you.

Data Storage & Security

  • Database: PostgreSQL on Railway (US region), encrypted at rest
  • Evidence files: Cloudflare R2 with server-side encryption (AES-256)
  • All data in transit protected by TLS 1.2+
  • Access controls enforced by role (RBAC)
  • Audit logs record all data modifications with timestamps and IP addresses

See our Security Overview for full details.

Third-Party Processors

ProcessorPurposeData Shared
StripeBilling & subscriptionsEmail, org name, billing address
Cloudflare R2Evidence file storageUploaded compliance files
RailwayDatabase & hostingAll application data
Email providerTransactional emailName, email

Data Retention

  • Active account data is retained for the lifetime of your organization on the Platform
  • After account deletion, data is removed within 30 days except where legally required
  • Audit logs are retained for 12 months
  • Evidence files are retained until you delete them or your account is deleted

Your Rights

Organization Owners and Admins can manage their data within the Platform. You also have the right to:

  • Request a copy of your personal data
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Object to data processing where applicable

Contact: [email protected]

Contact

Anchor Cyber Security LLC
Biddeford, Maine 04005
[email protected]