Privacy Policy
Last updated: June 2026
Your privacy matters. This policy covers the SOC2Start.io marketing site.
1. Overview
This Privacy Policy explains how SOC2Start.io, operated by soc2start LLC (“we”, “us”), handles personal data collected through this marketing website at soc2start.io. It does not cover the SOC2Start product application, which is governed separately.
We collect the minimum necessary data, never sell it, and run no advertising or cross-site ad tracking on this site.
2. Information we collect
Contact form. When you submit the contact form we collect your name, work email, optional company and message, and your inquiry type. These are used only to respond to you.
Technical data. Our hosting provider processes standard request metadata (e.g. IP address) to deliver and secure the site and to rate-limit the contact form. We do not store this for marketing.
Analytics cookies. Google Analytics is loaded in consent mode with analytics storage denied by default; its first-party (_ga) cookie is set only after you accept analytics cookies in our consent banner. We also store a small s2s_consent cookie to remember your choice and, once you accept, a first-party s2s_session cookie recording your first and last visit and a visit count (kept in your browser, never sent to a server). We honour Global Privacy Control signals as a decline, and use no advertising or cross-site trackers.
3. How we use information
- To respond to your enquiries and demo requests.
- To operate, secure and improve this website.
- To prevent spam and abuse of the contact form.
5. Legal bases & your rights (GDPR / CCPA)
Where GDPR applies, our legal basis for processing contact-form data is your consent and our legitimate interest in responding to you. soc2start LLC is a US-based company, and this marketing site is not directed at individuals in the EU or UK, so we have not appointed an Article 27 representative.
You may request access to, correction of, or deletion of your personal data, and (where applicable) object to processing or request portability. California residents have rights under the CCPA, including the right not to be discriminated against for exercising them. We do not sell or “share” your personal information as those terms are defined under the CCPA/CPRA. To exercise any right, email compliance@soc2start.io.
7. Data retention
We keep contact-form correspondence only as long as needed to handle your enquiry and for reasonable follow-up, then delete it.
8. International transfers & DPA
Where data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses. A Data Processing Addendum (DPA) is available on request for product customers.
9. Security
We apply industry-standard safeguards to protect personal data, including transport encryption (HTTPS), a strict content security policy, and least access. See our Security page.
10. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by the “last updated” date above.
11. Contact
Questions about privacy? Email compliance@soc2start.io or use our contact form.
Get audit-ready. Stay in control.
Start free, then pay per framework as you grow. Transparent pricing that doesn't punish you for being early.