Privacy Policy

DFS by DreamGRC - Digital Forensics as a Service

Last updated: April 10, 2025

1. Introduction

At DreamGRC, we are committed to protecting your privacy and the security of your data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our DFS by DreamGRC platform.

2. Information We Collect

2.1. Account Information: When you register for an account, we collect your name, email address, organization information, and password.

2.2. Billing Information: For paid subscriptions, we collect payment information through our payment processor, Stripe. We do not store your complete payment information on our servers.

2.3. Uploaded Evidence: When you use our forensic analysis services, you may upload various types of digital evidence including but not limited to memory dumps, network captures, log files, and disk images.

2.4. Usage Data: We automatically collect information about how you interact with our platform, such as the features you use, the time spent on the platform, and your browser information.

2.5. Audit Logs: For security and compliance purposes, we maintain detailed audit logs of actions performed by users on the platform.

3. How We Use Your Information

3.1. To Provide and Improve Our Services: We use your information to deliver the forensic analysis services you request, manage your account, and improve the platform's functionality.

3.2. For Security and Compliance: We use audit logs and account information to maintain the security of the platform and ensure compliance with legal and professional standards.

3.3. For Communication: We may use your email address to send you service-related notifications, updates, and support communications.

3.4. For Billing: We use billing information to process subscription payments and manage your account status.

4. Data Security and Isolation

4.1. Evidence Isolation: We maintain strict separation between evidence data belonging to different users and organizations.

4.2. Security Measures: We implement industry-standard technical and organizational measures to protect your data, including encryption, access controls, and regular security assessments.

4.3. Employee Access: Access to your data by DreamGRC employees is strictly limited, monitored, and only permitted for the purpose of providing technical support when explicitly requested.

5. Data Retention

5.1. Account Information: We retain your account information for as long as your account is active or as needed to provide you with our services.

5.2. Evidence Data: Evidence data is retained for the duration of your subscription plus 30 days after termination, after which it is securely deleted from our systems.

5.3. Audit Logs: We retain audit logs for a period of at least one year to support security investigations and compliance requirements.

6. Sharing of Information

6.1. Service Providers: We may share information with third-party service providers who assist us in operating our platform, processing payments, or providing customer support.

6.2. Legal Compliance: We may disclose your information if required to do so by law or in response to valid legal processes.

6.3. Business Transfers: If DreamGRC is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction.

6.4. With Your Consent: We may share your information with third parties when you have given us your consent to do so.

7. Your Rights

7.1. Access and Control: You have the right to access, correct, or delete your personal information stored on our platform.

7.2. Data Portability: You can download your evidence files and analysis reports at any time.

7.3. Account Termination: You can request the termination of your account at any time, which will result in the deletion of your data according to our retention policy.

8. GDPR Compliance

For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR). This includes providing you with additional rights regarding your data and ensuring we have appropriate legal bases for processing your information.

9. Children's Privacy

Our service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

DreamGRC, Inc.
support@dreamgrc.org
Phone: +1(443)650-8447

© 2025 DreamGRC, Inc. All rights reserved.