Legal

Privacy Policy

Effective June 8, 2026

PliOS ("PliOS," "we," "us," or "our") operates the compliance management platform available at plios.co(the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website, create an account, or use the Service.

1. Information We Collect

We collect information in the following categories:

  • Account and profile information — name, work email address, password (stored in hashed form by our authentication provider), organization name, job title, and team membership details.
  • Institution and compliance data — information you enter into the Service, including institution profiles, assessment responses, policies, procedures, risk assessments, exam materials, vendor records, filing deadlines, and related documents you upload.
  • Billing information — subscription plan, billing status, and payment metadata. Payment card details are collected and processed directly by Stripe; we do not store full card numbers on our servers.
  • Usage and device information — log data such as IP address, browser type, pages viewed, features used, timestamps, and error diagnostics to operate and improve the Service.
  • Communications — messages you send to us (for example, support requests) and transactional emails we send to you (account verification, billing notices, product updates).
  • AI interactions — prompts and content you submit to AI-assisted features, and the outputs generated in response, to provide those features and maintain quality and safety.

2. How We Use Information

We use the information we collect to:

  • Provide, maintain, and improve the Service;
  • Authenticate users and manage accounts and team access;
  • Process subscriptions and payments;
  • Generate AI-assisted drafts, assessments, and recommendations you request;
  • Send transactional and service-related communications;
  • Monitor performance, troubleshoot issues, and protect against fraud or abuse;
  • Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information. We do not use your confidential compliance documents to train public AI models.

3. How We Share Information

We may share information with:

  • Service providers who help us operate the Service, including hosting, authentication, email delivery, payment processing, and AI inference. These providers process data on our behalf under contractual obligations.
  • Your organization — if you use the Service through a team account, other authorized users in your organization may access data you submit within that workspace.
  • Legal and safety — when required by law, regulation, legal process, or to protect the rights, property, or safety of PliOS, our users, or others.
  • Business transfers — in connection with a merger, acquisition, reorganization, or sale of assets, subject to appropriate confidentiality protections.

4. Subprocessors

We use trusted third-party providers to deliver the Service. Depending on the features you use, data may be processed by providers such as:

  • Supabase (authentication and file storage);
  • Stripe (payment processing);
  • Resend (transactional email);
  • Anthropic (AI-assisted features).

We select providers with appropriate security practices and limit their access to what is necessary to perform their services.

5. Data Retention

We retain account and compliance data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymize your data within a reasonable period, except where we must retain it for legal, billing, audit, or security purposes.

6. Security

We implement administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, or misuse. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

7. Your Choices and Rights

Depending on where you live, you may have rights to:

  • Access, correct, or delete personal information we hold about you;
  • Export data you have submitted to the Service;
  • Opt out of non-essential marketing communications;
  • Object to or restrict certain processing.

To exercise these rights, contact us at hello@plios.co. We may need to verify your identity before responding. If you are a California resident, you may also have rights under the CCPA/CPRA. We do not sell personal information as defined by those laws.

8. Cookies and Similar Technologies

We use cookies and similar technologies to keep you signed in, remember preferences, and understand how the Service is used. You can control cookies through your browser settings, though disabling certain cookies may affect functionality.

9. International Users

PliOS is operated from the United States. If you access the Service from outside the U.S., your information may be transferred to, stored in, and processed in the United States or other countries where our service providers operate.

10. Children

The Service is intended for business and professional use and is not directed to children under 16. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the effective date. Material changes may be communicated by email or in-app notice. Continued use of the Service after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions or requests, contact us at hello@plios.co.

See also our Terms of Service.

Questions? Contact us at hello@plios.co.