Privacy Policy

Last updated: 5/13/2026

At WeComply.chat, we are committed to protecting the privacy of our users and the integrity of the organizational data we process. This policy outlines our standards for Human Risk Management (HRM) data.

1. Information We Collect

Beyond basic contact and billing information, WeComply.chat collects behavioral assessment data, training performance metrics, and Human Risk Scores (HRS). This data is used to provide individualized training roadmaps and organizational risk visibility.

2. Data Controller and Processor

Under GDPR and POPIA, your organization acts as the Data Controller for employee data uploaded or generated through training. WeComply.chat acts as the Data Processor (or Operator), processing this information solely to deliver the AI-orchestrated HRM service.

3. POPIA Compliance (South Africa)

For our South African clients, we adhere strictly to the Protection of Personal Information Act (POPIA). We ensure that personal information is processed lawfully, with appropriate security safeguards, and respect the rights of data subjects regarding their personal information.

4. AI Data Processing

We use anonymized behavioral data to refine our Faculty personas and improve assessment accuracy. No personally identifiable information (PII) is used to train global AI models without explicit, separate consent from the Data Controller.

5. Data Retention & Security

We retain HRM data only as long as an active subscription exists to maintain longitudinal risk records. We utilize industry-standard encryption and protocols (aligned with ISO 27001 and SOC2 standards) to safeguard all data.

6. Your Rights

Users have the right to access, rectify, or request the deletion of their personal data. Requests should be directed to your organization's internal compliance officer or our privacy team.