Privacy Policy

Last updated: April 3, 2026 · Daruma Tech LLC

1. Who we are

OctoComply is a product of Daruma Tech LLC, a Florida limited liability company headquartered in Boca Raton, Florida ("Daruma Tech," "we," "us," or "our"). This Privacy Policy describes how we collect, use, and share information when you use the OctoComply platform, including civiccomply.com, app.civiccomply.com, the OctoComply API, and the embeddable DocTool (collectively, the "Service").

2. Information we collect

Account information

When you create an account, we collect your name, email address, password (stored as a bcrypt hash — never in plaintext), and organization name and domain.

Usage data

We collect information about how you use the Service, including pages visited, scans initiated, reports generated, and features accessed. We use Google Analytics to collect aggregate analytics on our marketing site.

Scan data

When you run an accessibility scan, we crawl and analyze your website and documents. We store scan results — URLs scanned, issues found, and compliance scores — in our database associated with your account.

DocTool data

The DocTool collects information submitted by your website visitors (constituents): name, email (optional), page URL, accessibility issue description, and format requested. This data is stored on your behalf and is accessible only to your account.

Document data

Documents you upload for remediation are stored in Azure Blob Storage in encrypted-at-rest containers. Document content is processed by the Claude API (Anthropic) for accessibility analysis and remediation. Processed documents are retained in your account.

3. How we use your information

  • To provide, operate, and improve the Service
  • To send transactional emails (account verification, scan completion, report generation)
  • To process payments via Stripe
  • To generate accessibility reports and compliance certificates
  • To respond to your inquiries and support requests
  • To comply with legal obligations

We do not sell your personal information. We do not use your data to train AI models. Scan results and document content are used only to deliver the Service to your account.

4. How we share your information

We share information only with service providers necessary to operate the Service:

  • Microsoft Azure — cloud hosting, database, and blob storage (United States)
  • Anthropic — AI processing of document content for accessibility remediation
  • Stripe — payment processing
  • SendGrid — transactional email delivery
  • Google Analytics — aggregate marketing site analytics

We may disclose information if required by law, court order, or government request, or to protect the rights and safety of Daruma Tech, our users, or the public.

5. Data retention

Account data is retained for as long as your account is active. Scan results, reports, and certificates are retained indefinitely in your account to support your compliance record. You may request deletion of your account and associated data by contacting us at privacy@civiccomply.com. DocTool data is retained on behalf of your organization; deletion is your responsibility per your jurisdiction's records retention requirements.

6. Security

We implement industry-standard security measures including TLS encryption in transit, bcrypt password hashing, JWT-based authentication with short-lived access tokens, and Azure-managed encryption at rest. No method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Cookies

We use a session cookie for the admin panel authentication and HttpOnly cookies for JWT refresh tokens. The marketing site uses Google Analytics cookies for aggregate usage statistics. We do not use advertising or tracking cookies.

8. Your rights

You may access, correct, or request deletion of your personal information by contacting us at privacy@civiccomply.com. If you are in the European Economic Area, you have additional rights under the GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority.

9. Children's privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the Service after changes constitute acceptance of the updated policy.

11. Contact

For privacy-related inquiries: privacy@civiccomply.com
General inquiries: hello@civiccomply.com
Daruma Tech LLC, Boca Raton, FL