CONTINUITY STRENGTH PRIVACY POLICY

PRIVACY POLICY

Effective Date: November 21, 2025

At Continuity Strength, we are committed to safeguarding the privacy of our clients, website visitors, and platform users. This Privacy Policy outlines how we collect, use, protect, and share information gathered through our website at ContinuityStrength.com and our business continuity planning platform.

1. INFORMATION WE COLLECT

We may collect personal information that identifies you as an individual or relates to an identifiable individual, including but not limited to:

  • Name, email address, phone number, and other contact details

  • Professional information, such as job title, company name, and industry

  • Business information entered into the platform, including:

    • Organizational data and structure

    • Business continuity plans and procedures

    • Vendor information and assessments

    • Risk assessments and resilience data

    • Recovery time objectives and priorities

    • Contact information for key personnel and vendors

  • Account credentials and authentication information

  • Subscription and billing information

  • Technical data (e.g., IP address, browser type, device information, and usage data) when you visit our website or use our platform

  • Platform usage data and analytics

Information You Provide to Us

  • Account registration and profile information

  • Business continuity plan data and documentation

  • Vendor risk assessment responses and data

  • Payment and billing information

  • Support requests and communications

  • Feedback and survey responses

  • Content you create, upload, or share through the platform

Information We Collect Automatically

  • Platform usage data and activity logs

  • Feature utilization and engagement metrics

  • Log files and IP addresses

  • Cookie data and similar tracking technologies

  • Session information and authentication data

  • Performance and diagnostic data

2. HOW WE USE YOUR INFORMATION

Your information is used to:

  • Provide access to and functionality of the Continuity Strength platform

  • Generate automated business continuity plans using AI

  • Calculate resilience scores and vendor risk assessments

  • Process transactions and manage your subscription

  • Send service-related communications, including confirmations, updates, and notifications

  • Provide customer support and respond to your inquiries

  • Improve and enhance our platform features and services

  • Analyze platform usage to optimize user experience

  • Conduct research and development for new features

  • Send marketing communications about our services, in compliance with your preferences and applicable laws

  • Ensure platform security and prevent fraud or abuse

  • Comply with legal obligations and protect our rights

  • Create aggregated, anonymized data for benchmarking and industry insights

Legal Basis for Processing (for users in the EU/UK)

We process your personal information based on:

  • Performance of our subscription agreement with you

  • Our legitimate interests in providing and improving our platform services

  • Your consent, where required

  • Compliance with legal obligations

3. DATA PROTECTION AND SECURITY

We take the security of your information seriously. We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256)

  • Secure access controls and multi-factor authentication

  • Regular security audits and penetration testing

  • Intrusion detection and prevention systems

  • Security monitoring and incident response procedures

  • Employee training on data security and privacy practices

  • Confidentiality agreements with all team members and service providers

  • Secure cloud infrastructure with redundancy and backup

  • Regular software updates and security patches

We implement appropriate technical and organizational measures to protect your personal information against unauthorized or unlawful processing, accidental loss, destruction, or damage. However, no method of transmission over the Internet or method of electronic storage is entirely secure. We cannot guarantee absolute security of your information.

Data Backup and Recovery

We maintain regular backups of platform data to ensure business continuity and data recovery capabilities. Backups are encrypted and stored securely. In the event of data loss, we will make reasonable efforts to restore your data from backups.

Retention of Information

We retain your personal information for as long as:

  • Your account remains active

  • Necessary to provide our platform services

  • Required by our subscription agreement

  • Needed for legitimate business purposes (e.g., analytics, fraud prevention)

  • Required or permitted by law

After account termination, we will retain your data for 90 days to allow for potential reactivation, after which your personal data will be securely deleted or anonymized. We may retain aggregated, anonymized data indefinitely for research and product development purposes.

4. SHARING YOUR INFORMATION

We do not sell your personal information. We may share your information with:

Service Providers: Third-party service providers who perform services on our behalf, such as:

  • Cloud hosting and infrastructure providers (e.g., AWS, Azure)

  • Payment processors and billing services

  • Email service providers

  • Customer support platforms

  • Analytics providers

  • AI and machine learning service providers

  • Security and monitoring services

All service providers are bound by strict confidentiality agreements and data processing agreements, and are only permitted to use your information as necessary to provide services to us.

Professional Advisors: Lawyers, accountants, auditors, and other professional advisors who assist us in operating our business, subject to confidentiality obligations.

Legal Authorities: When required by law, legal process, or governmental request, or to:

  • Comply with legal obligations

  • Protect our rights, property, or safety, or that of our users or others

  • Investigate fraud or security incidents

  • Enforce our terms and conditions

Business Transfers: In connection with any merger, acquisition, sale of assets, bankruptcy, or other business transaction, your information may be transferred to the acquiring entity, subject to the same privacy protections.

With Your Consent: We may share your information with third parties when you provide explicit consent for us to do so.

Information We Do Not Share

We do not share identifiable customer business continuity plans, vendor assessments, or other confidential business data with third parties except as described above. We may use aggregated, anonymized data for industry benchmarking and insights.

5. INTERNATIONAL TRANSFERS

Continuity Strength operates primarily in the United States, and our platform infrastructure is hosted in U.S. data centers. Your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate, where data protection laws may differ from those in your jurisdiction.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we will take steps to ensure that your information is treated in accordance with this Privacy Policy and applicable laws, including through the use of:

  • Standard contractual clauses approved by the European Commission

  • Adequacy decisions by regulatory authorities

  • Other legally approved transfer mechanisms

6. YOUR RIGHTS

You have certain rights regarding your personal information, depending on your jurisdiction:

Right to Access: You can request a copy of the personal information we hold about you, including data stored in your platform account.

Right to Correction: You can request that we correct inaccurate or incomplete information. You can also update much of your information directly through your platform account.

Right to Deletion: You can request that we delete your personal information, subject to certain legal exceptions and data retention requirements.

Right to Restriction: You can request that we restrict the processing of your information in certain circumstances.

Right to Object: You can object to our processing of your information based on legitimate interests.

Right to Data Portability: You can request a copy of your business continuity plans and other data in a structured, commonly used, and machine-readable format. The platform also provides export functionality for downloading your data.

Right to Withdraw Consent: Where we have asked for your consent to process your data, you can withdraw this consent at any time.

To exercise any of these rights, please contact us at info@continuitystrength.com. We will respond to your request within the timeframe required by applicable law (typically 30 days).

For California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

  • Right to know what personal information is collected, used, shared, or sold

  • Right to delete personal information

  • Right to opt-out of the sale of personal information (note: we do not sell personal information)

  • Right to non-discrimination for exercising your privacy rights

7. YOUR CHOICES AND OPT-OUT

You have the following choices regarding your information:

Account Access and Update: You can access and update most of your personal information directly through your platform account settings. For information you cannot update yourself, contact us at info@continuitystrength.com.

Marketing Communications: You can opt-out of receiving marketing communications from us by:

  • Following the unsubscribe instructions in any marketing email we send you

  • Contacting us directly at info@continuitystrength.com.

  • Updating your communication preferences in your account settings

Please note that even if you opt-out of marketing communications, we will still send you transactional or service-related communications, such as:

  • Subscription confirmations and renewals

  • Platform updates and maintenance notifications

  • Security alerts

  • Billing statements

  • Support responses

Data Export: You can export your business continuity plans and other platform data at any time using the export functionality within the platform.

Account Deletion: You can request that we delete your account and personal information by contacting us at info@continuitystrength.com. Please note that:

  • We may need to retain some information for legal or regulatory compliance purposes

  • Deletion may take up to 90 days to complete

  • Aggregated, anonymized data may be retained

  • Deletion is irreversible and will result in loss of all platform data

8. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies on our website and platform to enhance your experience and gather usage data. Cookies are small text files stored on your device that help us:

  • Maintain your login session and authentication

  • Remember your preferences and settings

  • Understand how you use our platform

  • Improve platform functionality and performance

  • Deliver relevant content

  • Analyze usage patterns and user behavior

  • Ensure security and prevent fraud

Types of Cookies We Use

Essential Cookies: Required for the platform to function properly, including session management and authentication.

Analytics Cookies: Help us understand how users interact with our platform and website, allowing us to improve the user experience.

Functional Cookies: Remember your preferences, settings, and customization choices.

Security Cookies: Help us detect and prevent security threats, fraud, and abuse.

Managing Cookies

You can control the use of cookies at the individual browser level. Most browsers allow you to:

  • View what cookies are stored

  • Delete cookies

  • Block all or certain cookies

  • Set preferences for specific websites

Please note that disabling essential cookies will prevent you from using the platform. Disabling other cookies may affect platform functionality and your user experience.

For more information about cookies and how to manage them, visit www.aboutcookies.org or www.allaboutcookies.org.

9. THIRD-PARTY LINKS AND INTEGRATIONS

Our platform may contain links to third-party websites or integrate with third-party services (such as single sign-on providers or data sources). This Privacy Policy does not apply to those third-party sites or services. We are not responsible for the privacy practices or content of third parties. We encourage you to review the privacy policies of any third-party sites or services you use.

When you enable third-party integrations, you authorize data sharing between Continuity Strength and those third parties in accordance with the integration's functionality.

10. CHILDREN'S PRIVACY

Our platform is designed for business use and is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without proper authorization, we will take steps to delete that information.

11. AI-POWERED SERVICES AND DATA PROCESSING

Our platform uses artificial intelligence and machine learning to automatically generate business continuity plans, calculate resilience scores, assess vendor risks, and provide recommendations. When you use these AI-powered features:

Data Processing: Your business data, vendor information, and risk assessments are processed by AI algorithms to generate outputs. This processing occurs on secure servers with appropriate data protection measures.

AI Training: We may use aggregated, anonymized data derived from platform usage to improve our AI models and algorithms. We do not use identifiable customer data to train AI systems that serve other customers.

Third-Party AI Services: We may use third-party AI service providers (such as cloud-based AI platforms) to power certain features. These providers are bound by data processing agreements and confidentiality obligations.

Accuracy and Limitations: AI-generated outputs are based on algorithms and data models that may contain errors or limitations. You remain responsible for reviewing, validating, and customizing all AI-generated content before implementation.

Human Review: While our AI systems are designed to provide high-quality outputs, they should not replace human judgment and professional expertise in business continuity planning.

12. BUSINESS CONTINUITY DATA

The business continuity plans, vendor assessments, and related data you create and store in our platform remain your property. We act as a data processor for this information.

Your Responsibilities:

  • You are responsible for the accuracy and completeness of data you input

  • You must ensure you have the right to upload third-party data (e.g., vendor information)

  • You should maintain your own backups of critical data

  • You are responsible for managing user access and permissions within your organization

Our Commitments:

  • We will protect your business data with industry-standard security measures

  • We will not use your identifiable business continuity plans for purposes beyond providing the platform service

  • We will provide data export functionality

  • We will securely delete your data upon request (subject to retention requirements)

13. DATA BREACH NOTIFICATION

In the event of a data breach that affects your personal information or business continuity data, we will:

  • Investigate the incident promptly

  • Take immediate steps to contain and remediate the breach

  • Notify affected users without undue delay

  • Provide information about the nature of the breach and steps being taken

  • Comply with all applicable breach notification laws

  • Cooperate with regulatory authorities as required

14. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Effective Date" at the top of this policy will indicate when it was last revised.

If we make material changes to this Privacy Policy, we will notify you by:

  • Posting a prominent notice on our website and platform

  • Sending an email to the address associated with your account

  • Providing in-platform notifications

  • Other appropriate means

We encourage you to review this policy periodically to stay informed about how we protect your information. Your continued use of the platform after changes are posted constitutes acceptance of the revised policy.

15. DATA PROTECTION OFFICER

For questions about this Privacy Policy or our data practices, or to exercise your privacy rights, you may contact our data protection team:

Email: info@continuitystrength.com
Website: www.continuitystrength.com

If you are in the European Economic Area and have concerns about our data processing practices, you have the right to lodge a complaint with your local data protection authority.

16. CONTACT US

If you have any questions about this Privacy Policy, our data practices, or would like to exercise your privacy rights, please contact us at:

Continuity Strength
Email: info@continuitystrength.com
Website: www.continuitystrength.com

We will respond to your inquiry as promptly as possible and within the timeframe required by applicable law (typically within 30 days).

Last Updated: November 21, 2025

By using our platform or services, you acknowledge that you have read and understood this Privacy Policy.