Privacy Policy

Also view all our other policies.

Terms of Service
Privacy Policy

SecureRoomz Privacy Policy

Effective Date: 06/01/2026

Welcome to SecureRoomz.

This Privacy Policy explains how SecureRoomz LLC ("SecureRoomz," "we," "our," or "us") collects, uses, stores, processes, and shares information when you use our websites, applications, rooms, collaboration environments, AI-assisted tools, and related services (collectively, the "Services").

SecureRoomz provides configurable digital collaboration environments that may include document sharing, workflow management, room administration, audit logging, AI-assisted processing, external collaboration, notifications, analytics, and related business tools.

By using the Services, you acknowledge that your information may be processed as described in this Privacy Policy.

1. Scope and Roles Under This Policy

This Privacy Policy applies to all individuals interacting with our Services, including:

  1. Visitors to our public websites.
  2. Account holders, room organizers, and platform administrators.
  3. Invited collaborators, participants, and any individuals whose information is uploaded or submitted through the Services.
  4. Users interacting with AI-assisted features or automated workflows.

A. Our Regulatory Role

Depending on the nature of the data and your relationship to SecureRoomz, our legal role varies:

  1. Data Controller: SecureRoomz acts as a Data Controller for Account and Registration Information, billing details, and direct website usage metrics collected for our operational and marketing purposes.
  2. Data Processor: SecureRoomz acts strictly as a Data Processor regarding any files, content, data, or media uploaded, shared, or generated by users within a collaboration environment ("Room Content"). The respective room organizer or enterprise customer remains the Data Controller for that data.

This Policy does not apply to third-party websites, services, or integrations connected to or utilized within our Services.

2. Information We Collect

We collect information across several categories depending on how you interact with the Services.

A. Account and Registration Information

When you create, manage, or access an account, we may collect:

  1. Name, email address, username, and business or organization details.
  2. Billing, subscription details, and payment processing history. (Note: Full payment card numbers are processed directly by third-party payment gateways and are not stored on our infrastructure).
  3. Identity and Authentication Data: If you utilize single sign-on (SSO) frameworks or third-party federated identity provider integrations to access the platform, we collect unique authentication tokens and specific profile metadata (such as your organizational email and permission scopes) synchronized through that identity service to securely validate your user record.

B. Room, Collaboration, and Uploaded Content

Users may upload, create, submit, or organize files and information within collaboration environments, including:

  1. Documents, images, contracts, reports, spreadsheets, messages, comments, checklists, and workflow submissions.
  2. AI prompts and the corresponding generated outputs.
  3. Platform Metadata: We automatically collect administrative audit logs and metadata associated with room activity, including access history, file alterations, permission updates, invitation records, and notification history.

C. AI-Assisted Processing Data

Certain system features utilize artificial intelligence, machine learning, or automated processing tools to generate summaries, analyze uploaded documents, provide classification suggestions, or evaluate workflow submissions.

  1. When you engage these features, all processing is executed strictly within SecureRoomz’s secure, self-hosted cloud infrastructure. We deploy private, internally hosted models directly on our core network nodes; your prompts and uploaded data never leave our secure environment and are never transmitted to third-party AI vendors, platforms, or external APIs.
  2. Enterprise Protection Guarantee: SecureRoomz does not use your proprietary Room Content or customer prompts submitted through our paid Services to train, tune, or improve generalized public AI/ML models.
  3. AI-generated outputs may contain inaccuracies and should be reviewed by a human before being relied upon for legal, compliance, or financial decisions.

D. Device, Usage, and Technical Information

We automatically collect diagnostic, performance, and security telemetry, including:

  1. IP addresses, browser types, device identifiers, and operating system information.
  2. Session activity, access timestamps, referral URLs, and approximate geographic region.

E. Cookies and Similar Technologies

We utilize functional and analytical cookies to maintain active authentication sessions, remember account preferences, monitor service reliability, and prevent fraudulent platform abuse. You can adjust your browser settings to limit cookies, though parts of our platform may not function correctly as a result.

3. How We Use Information and Lawful Bases

We process information under two frameworks depending on where you are located and how you interact with our Services.

A. Business and Operational Purposes (Primary Framework)

For users globally, and primarily within the United States, we use the information we collect for the following core business and operational purposes:

  1. Operating and Providing the Services: Authenticating users, managing digital collaboration environments, processing subscriptions/payments, and enforcing system permissions.
  2. Platform Communications: Delivering administrative notifications, responding to support requests, and sending relevant system updates.
  3. Powering AI-Assisted Features: Running the automated summaries, document extractions, classifications, and workflow optimizations you or your administrators initiate.
  4. Platform Performance and Analytics: Generating aggregated or de-identified data to understand platform performance, optimize usability, and plan infrastructure scaling.
  5. Security and Abuse Prevention: Maintaining system audit trails, monitoring security logs, detecting fraud or unauthorized access, and investigating policy violations.
  6. Legal and Compliance Obligations: Complying with applicable laws, responding to valid legal requests, resolving disputes, and protecting the safety, rights, and property of our users, clients, or SecureRoomz.

B. International Processing and Lawful Bases (Jurisdiction-Specific)

If you utilize our Services from the European Economic Area (EEA), United Kingdom, or jurisdictions with similar regulatory frameworks, we rely on specific legal grounds ("Lawful Bases") under data protection laws to process your personal data:

  1. Performance of a Contract: Processing is necessary to deliver the Services you or your organization contracted us to provide (e.g., identity authentication, routing files, and executing AI-assisted tools).
  2. Legitimate Interests: Processing is necessary for our legitimate business interests, provided they do not override your fundamental privacy rights. This includes maintaining platform security, detecting fraud, and optimizing application performance.
  3. Legal Obligation: Processing is necessary to comply with legal frameworks, such as maintaining tax records or responding to a mandatory corporate audit or subpoena.
  4. Consent: In specific instances where you grant explicit permission (such as opting into optional marketing communications or certain tracking technologies), we process data based on your consent, which can be withdrawn at any time.

4. Organizational Control and Room Administration

Many of our digital collaboration environments are managed directly by enterprise clients, organizations, or individual room administrators.

Depending on the configuration, these platform administrators possess structural permissions to add or remove participants, alter access levels, view complete activity audit trails, and export Room Content. If you participate in a managed room, your activity and metadata are transparent to that room’s administrator. SecureRoomz is not responsible for the independent privacy practices of customer organizations.

5. Sharing and Disclosure of Information

We do not 'sell' or 'share' your personal information as those terms are defined under applicable US state privacy laws (including the California Consumer Privacy Act and the Texas Data Privacy and Security Act). We share information only under the following transparent parameters:

  1. Service Providers and Subprocessors: We share data with trusted vendors that support our core operations, including cloud infrastructure hosting, identity authentication services, and billing management. Because our AI-assisted tools are hosted internally on our primary cloud infrastructure, we do not utilize or share data with third-party AI processing engines. All active subprocessors are contractually bound to strict data protection, confidentiality, and security standards, and are explicitly prohibited from using your data for any other purpose.
  2. User-Directed Sharing: Information is visible to fellow room participants, collaborators, or external recipients explicitly authorized by you or your organization’s administrator.
  3. Legal and Corporate Transfers: We may disclose details to comply with valid legal processes (e.g., subpoenas), protect platform integrity, or fulfill obligations during a corporate merger, asset sale, or restructuring event.

6. Data Retention and Deletion

We retain personal data only for as long as necessary to fulfill contractual commitments, meet security benchmarks, maintain operational continuity, or comply with legal preservation requirements.

  1. Account administrators can review our detailed data retention schedules and access a real-time directory of active system subprocessors inside the dedicated Compliance Room hub located within the platform administration panel. Other covered individuals may request this information by emailing privacy@secureroomz.com.
  2. Please note that when content or accounts are marked for deletion, data may persist temporarily in encrypted, non-indexed system backups or disaster recovery arrays for a standard operational tail before permanent erasure.

7. Security Safeguards

SecureRoomz deploys robust technical, organizational, and physical infrastructure protections designed to safeguard corporate data. These safeguards include industry-standard encryption protocols for data both in transit and at rest, multi-factor authentication integration, rigorous access controls, continuous security monitoring, and regular vendor risk assessments. While we maintain aggressive protection standards, no internet-based architecture can guarantee absolute immunity from security risks.

8. International Data Transfers

SecureRoomz and its cloud hosting nodes are primarily located in the United States. By using the Services, you acknowledge that your information may be transferred to and processed in jurisdictions outside your home nation. For cross-border transfers originating from the EEA, UK, or Switzerland, SecureRoomz utilizes approved Standard Contractual Clauses (SCCs) or verified adequacy frameworks to ensure that your information receives an equivalent standard of protection wherever it is processed.

9. Your Global and Regional Privacy Rights

Depending on your geographic location (such as the European Union, United Kingdom, or US states like California and Texas), you may possess specific statutory rights regarding your personal data. These typically include:

  1. The Right to Know/Access: Request a copy of the specific personal data we hold about you.
  2. The Right to Correct: Request remediation of incomplete or inaccurate profile records.
  3. The Right to Delete: Request erasure of personal data under certain conditions.
  4. The Right to Portability: Request a structured machine-readable transfer of your data.
  5. The Right to Opt-Out: Object to processing or opt-out of potential tracking or automated profiling mechanisms.

Exercising Rights Over Room Content: If your request pertains to files, messages, or metadata hosted within a managed room, SecureRoomz operates as a processor. You must direct your request to the customer organization controlling that environment. If you submit a direct request to us regarding Room Content, we will route it to the appropriate platform administrator.

A. US State-Specific Disclosures (California, Texas, and Other Applicable States)

Under US state privacy laws, including the California Consumer Privacy Act (CCPA) and the Texas Data Privacy and Security Act (TDPSA), we are required to disclose the categories of Personal Information we collect and disclose for an operational business purpose.

Over the preceding 12 months, SecureRoomz has collected and disclosed the following categories of personal information to our service providers and subprocessors for the business purposes outlined in Section 3:

  1. Identifiers: Legal name, business email address, username, and unique single sign-on (SSO) authentication tokens.
  2. Commercial Information: Enterprise subscription tiers, billing history records, and payment processing details.
  3. Internet or Other Electronic Network Activity Information: IP addresses, browser types, operating systems, platform access logs, session tracking activity, and security telemetry data.
  4. Professional or Employment-Related Information: Employer name, corporate entity details, and assigned platform permission scopes or administrative roles.

We do not "sell" your personal information for monetary or other valuable consideration, nor do we "share" your personal information for cross-context behavioral advertising.

Right to Appeal: If you submit a statutory request to exercise any of your privacy rights and we are unable to verify or fulfill it, you have the right to challenge our determination. If we deny a rights request, you may appeal our decision by contacting us using the information in Section 12.

10. Children's Privacy and Eligibility

The Services are intended solely for adult professional use. In strict alignment with our corporate platform eligibility rules, users must be at least 18 years of age to create an account or utilize the Services. We do not knowingly market to or collect personal information from individuals under the age of 18. If we discover that an account has been established by a minor, we will terminate the access credentials and permanently purge associated registration data immediately.

11. Policy Modifications

We may periodically update this Privacy Policy to mirror platform alterations, emerging legal requirements, or evolving technical capabilities. The top of this policy will display the most recent revision date. For material modifications that substantially shift how we process your information, we will deliver a prominent notice through the application interface or via your registered administrative email before changes take effect.

12. Contact Information

For privacy-related inquiries, legal inquiries, or to submit a consumer rights verification request, please reach out to our team:

privacy@secureroomz.com

SecureRoomz LLC