IDISO Delivered
support@isodelivered.comGet my free readiness scoreFree score

Legal

Privacy Policy

Last updated: April 2026

1. Information We Collect

We collect information you provide directly to us, including:

  • Account information (name, email, company details)
  • Questionnaire responses for ISO documentation generation
  • Payment information (processed securely via Stripe)
  • Communications with our support team

2. How We Use Your Information

We use the information we collect to:

  • Generate customized ISO 9001 documentation based on your responses
  • Process payments and manage your subscription
  • Send important updates about your account and services
  • Improve our services and develop new features
  • Respond to your inquiries and provide customer support

3. Data Storage and Security

Your data is stored securely using industry-standard encryption. We use Supabase for our database infrastructure, which provides enterprise-grade security including encryption at rest and in transit. Payment information is processed by Stripe and is never stored on our servers.

4. Data Sharing & Sub-processors

We do not sell your personal information. We share data only with the sub-processors listed below, all of whom operate under data-processing agreements that restrict use to providing the service we have contracted them for.

  • Supabase — database, authentication, file storage. Holds account, questionnaire responses, and generated documents.
  • Stripe — payment processing & subscriptions. Holds billing details (card data lives at Stripe, never at us).
  • Resend — transactional email delivery. Sees email address and message content.
  • OpenRouter — AI document generation (routes to Kimi K2, Claude Sonnet, and similar models). Receives questionnaire responses and generation prompts.
  • OpenAI — text embeddings for retrieval-augmented generation. Receives anonymised questionnaire text used to compute embeddings.
  • Railway — application hosting. Sees request logs and application metrics.
  • Umami (self-hosted) — privacy-friendly product analytics. Sees aggregate page views (only with your consent).

Beyond these sub-processors, we may share information to comply with legal obligations, protect our rights and safety, or with your explicit consent.

5. AI Processing & Training Opt-Out

ISO Delivered does not use customer content to train models. Our AI providers (OpenRouter, OpenAI) process customer content under their respective terms and may cache for short periods solely to deliver the requested output.

We select AI providers and inference endpoints that offer zero-retention or limited-retention data-handling modes where available, and we do not enable any model-training features on your content.

6. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to processing of your data

You can exercise these rights from your account settings or by contacting us.

7. Cookies & Consent

We group cookies into three categories:

  • Necessary — session, authentication, and secure checkout. Always enabled because the service cannot function without them.
  • Analytics — self-hosted Umami to understand aggregate product usage. Only set after you accept.
  • Marketing — reserved for future use. No marketing cookies are currently set.

On your first visit you will see a consent banner where you can accept, reject, or manage categories individually. Your choice is stored for 180 days and you can change it at any time by clearing the cookie_consent cookie or by contacting us.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide services. You can request deletion of your account and associated data at any time. Some data may be retained for legal or regulatory compliance.

9. Accessibility Statement

ISO Delivered is committed to providing a service that is accessible to the widest possible audience, including users with disabilities. We aim to conform with the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA and the accessibility requirements of the EU Accessibility Act (Directive 2019/882) that apply from 28 June 2025.

If you experience any difficulty using the product, or if an accessibility barrier is preventing you from completing a task, please email accessibility@isodelivered.com and we will respond within 10 business days with a fix, a workaround, or an accessible alternative.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at privacy@isodelivered.com.

See also: Terms of Service