OC
OrgCentral

Privacy Policy

Last updated: March 1, 2026

1. Introduction

OrgCentral ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services (collectively, the "Service"). By accessing or using the Service, you agree to the terms of this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when using the Service, including:

  • Account information: name, email address, organization name, and role when you register for an account.
  • Organizational data: certification records, asset details, training records, policy documents, and employee information that you or your organization upload or enter into the Service.
  • Communications: any information you provide when contacting our support team or responding to surveys.
  • Payment information: billing details processed securely through our third-party payment providers.

2.2 Information Collected Automatically

When you access the Service, we automatically collect:

  • Usage data: pages viewed, features used, timestamps, and interaction patterns.
  • Device information: browser type, operating system, device identifiers, and screen resolution.
  • Log data: IP address, access times, and referring URLs.
  • Cookies and similar technologies: session cookies for authentication and preference cookies for user experience.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Process transactions and manage your account.
  • Send administrative notifications such as certification expiration alerts, assignment reminders, and system updates.
  • Respond to your inquiries and provide customer support.
  • Monitor usage patterns to improve performance and security.
  • Comply with legal obligations and enforce our terms.
  • Generate aggregated, anonymized analytics to improve our Service.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Within your organization: administrators in your organization can view member data, certifications, asset activity, training records, and policy acknowledgments as part of the Service functionality.
  • Service providers: we share information with trusted third-party vendors who assist us in operating the Service (e.g., cloud hosting, email delivery, payment processing). These providers are contractually obligated to protect your data.
  • Legal requirements: we may disclose your information if required by law, regulation, legal process, or governmental request.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS/SSL), encryption at rest, role-based access controls, and regular security assessments. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Organizational data (certifications, assets, training records, policies) is retained for the duration of your organization's subscription. Upon account deletion, we will remove your personal data within 90 days, subject to legal retention requirements.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or delete your personal information.
  • Object to or restrict certain processing of your data.
  • Request data portability (export your data in a machine-readable format).
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a data protection authority.

To exercise any of these rights, please contact us at privacy@orgcentral.com.

8. Cookies

We use essential cookies to maintain your authenticated session and preferences. We do not use third-party advertising cookies. You can configure your browser to refuse cookies, but this may limit your ability to use certain features of the Service.

9. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete such information promptly.

10. International Data Transfers

Your information may be processed and stored in the United States or other countries where our service providers operate. By using the Service, you consent to the transfer of your information to these jurisdictions, which may have different data protection laws than your country of residence.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

OrgCentral
Email: privacy@orgcentral.com