Privacy Policy

Effective Date: May 26, 2026

Company: PSRIO Engine Global (“PSRIO Global”, “we”, “our”, “us”)

PSRIO Engine Global is committed to protecting personal data and privacy across our global operations. This Privacy Policy outlines how we collect, use, disclose, and safeguard information when organizations and their authorized users utilize the PSRIO™ Engine, its modular intelligence applications (including Privacy-CentraRISQ™ and PrivMind™), and associated global web properties (collectively, the “Platform”).

We process personal information in compliance with applicable global data protection laws, including the European Union and United Kingdom General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), and other regional privacy mandates.

1. Scope and Roles (Controller vs. Processor)

Depending on how you interact with our Platform, our legal obligations vary:

  • As a Data Controller: PSRIO Global acts as a Data Controller for account configuration data, administrative credentials, platform billing information, and usage analytics generated directly by users interacting with our services.
  • As a Data Processor (Service Provider): When enterprise customers input corporate data, employee profiles, Personal Information (PI), or Personal Health Information (PHI) into the Platform to execute Privacy Impact Assessments (PIA), Threat Risk Assessments (TRA), or compliance workflows, the customer organization remains the Data Controller (or Business). PSRIO Global acts strictly as a Data Processor (or Service Provider), handling this data solely on behalf of, and according to the documented instructions of, the customer organization.

2. Information We Collect

We may collect and process the following categories of information:

  • Account and Profile Information: Full name, corporate email address, job title, phone number, and organization details.
  • Platform Usage and Security Audit Logs: Metadata, operational activity trails, IP addresses, browser types, access assignments, and interaction metrics processed within the software infrastructure.
  • Customer-Driven Compliance Data: Information entered directly into the Platform modules by users, including privacy risk signals, data flow descriptions, incident details for breach tracking, and training completion data.
  • Billing and Transaction Data: Corporate billing addresses, invoicing records, and limited transaction metadata. Full payment card processing is securely routed through certified third-party payment gateways.

3. Purpose of Processing

We utilize the collected data to maintain a secure, optimized, and compliant GRC4 orchestration environment:

  • To deliver, operate, and maintain the corporate Platform and its modular intelligence tools.
  • To automate and track privacy impact assessments, threat risk analytics, and evidence mapping.
  • To power real-time executive dashboards, access-to-information request management, and breach logging.
  • To enforce system security, prevent fraudulent activities, and maintain immutable audit logs.
  • To distribute critical system alerts, technical updates, and customer support communications.

4. User and Organizational Responsibility

Customer organizations and their designated administrators are responsible for ensuring that all data populated within the Platform is collected and uploaded in full compliance with local jurisdictional laws, including obtaining any required subject consents or establishing valid lawful bases for processing.

5. Disclosure and Global Sub-processors

PSRIO Global does not sell, lease, rent, or trade personal data to third parties for marketing purposes. We may share information only under the following limited conditions:

  • To Authorized Sub-processors: We engage enterprise third-party service providers (such as secure cloud hosting environments and database infrastructure networks) to support core Platform delivery. All sub-processors are bound by strict contractual obligations, confidentiality agreements, and data processing addendums (DPAs) requiring equivalent privacy safeguards.
  • For Legal Compliance: We may disclose data if required to do so by applicable international law, valid subpoenas, or binding governmental orders.

6. International Data Transfers and Residency

PSRIO Global utilizes high-security, enterprise-grade cloud environments (such as Microsoft Azure) to deploy our intelligence layer.

  • Data is stored in secure regional cloud data centers based upon our enterprise customer agreements and localized data residency requirements (e.g., Azure Canada regions for Canadian accounts, or regional U.S./E.U. zones where designated).
  • For international cross-border data transfers originating from the European Economic Area (EEA) or the United Kingdom to jurisdictions without an adequacy decision, PSRIO Global ensures appropriate safeguards are in place, including the implementation of Standard Contractual Clauses (SCCs) or equivalent legal frameworks.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the specific operational purposes outlined in this policy, comply with our overarching legal and structural obligations, resolve corporate disputes, and enforce our formal enterprise service agreements. Upon contract termination, customer-driven data is securely deleted or anonymized in accordance with our system data-wiping protocols.

8. Global Privacy Rights

Depending on your geographic residency (such as the EEA, UK, California, or Canada), you may possess specific statutory rights regarding your personal data under the GDPR, CCPA/CPRA, or PIPEDA. These rights may include:

  • The Right of Access: The right to request copies of your personal data.
  • The Right to Rectification: The right to request the correction of inaccurate or incomplete data.
  • The Right to Erasure (“Right to be Forgotten”): The right to request data deletion under specific legal thresholds.
  • The Right to Restrict or Object to Processing: The right to limit how we handle your information.
  • The Right to Data Portability: The right to request the transfer of collected data to another organization.
  • The Right to Opt-Out: The right to direct a business not to sell or share your personal data (Note: PSRIO Global does not sell or share data).

To exercise any of these rights, or if you are an end-user whose data was uploaded by an organization acting as the Data Controller, please contact your organization’s primary privacy administrator or submit a formal request to our privacy desk.

9. Security and Safeguards

PSRIO Global enforces stringent administrative, technical, and physical security measures aligned with institutional standards (including SOC 2 and ISO 42001 AI Governance roadmaps). These layers include:

  • Cryptographic Protocols: Advanced encryption for data at rest (AES-256) and data in transit (TLS 1.3).
  • Identity Management: Role-based access controls (RBAC) and mandatory secure multi-factor authentication (MFA).
  • System Monitoring: Continuous threat tracking, vulnerability scanning, and isolated network infrastructures.

10. Privacy Breach Notification

In the event of a security incident or privacy breach affecting personal data under our direct custody or control, PSRIO Global will fully comply with applicable international notification laws. For data processed on behalf of an enterprise client, we will notify the impacted customer organization’s primary contact without undue delay within the legally mandated timeframes (e.g., under the GDPR 72-hour framework) to allow them to meet their regulatory disclosure duties.

11. Contact and Administration

For inquiries, data rights requests, or clarifications regarding this policy, please connect with our global data protection coordinator at:

Email: admin@canadaprivacycentral.ca