This is the privacy policy for the URIP product (urip.adaptive-mind.com), operated by Adaptive Mind. URIP is a B2B platform sold to businesses; almost all data we hold is your business data, not consumer personal data. This policy explains what we collect, why, and what we do with it.
What we collect
Account data — email, name, role, MFA secret, hashed password. Required to authenticate you.
Tenant data — your organisation's name, your security tools' API credentials (encrypted at rest), risk findings ingested from your tools, controls and evidence you upload, audit logs. This is your data; we hold it on your behalf.
Usage telemetry — page hits, feature usage, error logs. We use this to improve the product. We do not sell it.
What we do with it
Authenticate you and gate access using RBAC.
Run risk-scoring, threat-intel enrichment, and compliance mapping on your behalf.
Operate the platform: backups, performance monitoring, incident response.
Communicate about your account: account changes, security advisories, billing.
We do not sell your data. We do not use your tenant data to train models. We do not share your data with third parties except as listed below.
We do not transfer your tenant data to any sub-processor not listed above. On-premises and hybrid deployments keep your tenant data on your network and bypass our SaaS sub-processors.
Your rights
If you are an EU/UK individual, you have GDPR rights to access, rectify, port, or erase data we hold about you. Adaptive Mind is the controller for our marketing data; for tenant data we are a processor and your employer is the controller. Submit requests in either role to info@adaptive-mind.com.
URIP supports a built-in GDPR erasure flow inside the platform — your security/compliance team can run it from the admin panel.
Retention
Account data: retained while your tenant is active; deleted within 90 days of account termination.
Audit logs: retained 7 years (compliance requirement).