Rizzqo is an asset-centric compliance management platform that streamlines ISO 27001 certification. The software automatically translates complex compliance standards into actionable tasks for each asset in your organization.

How does Rizzqo help with ISO 27001 certification?

Rizzqo automates evidence collection, maps compliance requirements to your assets, and provides real-time dashboards for audit progress. This reduces manual work by up to 60% and accelerates certification by 3x.

Where is my data stored?

Rizzqo is Made in Germany and hosted on EU infrastructure. Your data never leaves European borders, ensuring full GDPR compliance and European data sovereignty.

Which compliance frameworks does Rizzqo support?

Rizzqo supports ISO 27001, ISO 27017, NIS2, SOC 2, GDPR, EU AI Act, and custom frameworks. The platform automatically maps your work across multiple standards.

How does risk quantification work?

Rizzqo quantifies security risks in euros and calculates the ROI of security investments. You can prioritize risks by financial impact and show the board the value of compliance investments.

Can I import my existing asset lists?

Yes, Rizzqo provides seamless Excel integration. You can import existing asset lists and export compliance data for reporting with built-in tools.

What is asset-centric compliance?

Asset-centric compliance means focusing on your actual IT assets (servers, laptops, SaaS applications) rather than abstract policies. Rizzqo translates "information shall be protected" into specific tasks like "Enable BitLocker on laptops" or "Enforce TLS on web servers".

How much can I save with Rizzqo?

Organizations using Rizzqo save an average of €45,000 in compliance costs through reduced manual work, faster certification, and lower consulting fees. The platform reduces manual compliance work by 60%.

Back to Home

Privacy Policy

Last Updated: February 5, 2026

1. Introduction and Scope

Rizzqo GmbH ("Rizzqo," "we," "us," or "our") is committed to protecting your privacy and ensuring transparency in how we collect, use, process, and safeguard your personal data. This Privacy Policy explains our data practices in accordance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other applicable privacy laws.

This Policy applies to personal data collected through our website at rizzqo.com, our compliance management platform (the "Services"), email communications, and any other interactions with Rizzqo. By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

Rizzqo GmbH

[Company Address]

Email: [email]

Data Protection Officer: [email]

For questions or concerns about your personal data or this Privacy Policy, please contact us using the details above.

3. Personal Data We Collect

3.1 Information You Provide Directly

We collect personal data that you voluntarily provide when you:

Create an account: Name, email address, password, company name, job title, phone number
Request a demo or contact us: Name, email, company information, inquiry details
Subscribe to newsletters: Email address, communication preferences
Use our Services: Compliance data, asset information, user-generated content, uploaded documents
Participate in surveys or provide feedback: Opinion data, usage feedback
Communicate with support: Support request details, chat logs, email correspondence

3.2 Automatically Collected Information

When you access our website or Services, we automatically collect:

Device information: IP address, browser type and version, operating system, device identifiers
Usage data: Pages visited, features used, time spent, navigation paths, click data, referral sources
Location data: Approximate location based on IP address (country, region, city)
Cookies and tracking technologies: See our Cookie Policy for details
Log data: Access timestamps, error logs, performance metrics

3.3 Information from Third Parties

We may receive personal data from third-party sources including analytics providers (Google Analytics), payment processors (Stripe), CRM systems (HubSpot), and public databases for business contact verification.

4. How We Use Your Personal Data

We process your personal data for the following purposes:

4.1 Service Provision (Legal Basis: Contract Performance, Art. 6(1)(b) GDPR)

Creating and managing your user account
Providing access to and functionality of the Rizzqo platform
Processing and storing your compliance data and asset information
Enabling collaboration features and user interactions
Processing payments and maintaining billing records
Providing customer support and responding to inquiries

4.2 Service Improvement and Development (Legal Basis: Legitimate Interests, Art. 6(1)(f) GDPR)

Analyzing usage patterns to improve user experience and platform performance
Developing new features and functionality
Conducting research and data analysis
Testing, troubleshooting, and debugging

4.3 Communication (Legal Basis: Consent or Legitimate Interests)

Sending transactional emails (account notifications, password resets, billing updates)
Providing product updates and service announcements
Sending marketing communications (with your consent, opt-out available)
Responding to your questions and requests

4.4 Security and Fraud Prevention (Legal Basis: Legitimate Interests and Legal Obligations)

Detecting and preventing security threats, fraud, and abuse
Enforcing our Terms of Service and protecting our rights
Maintaining system security and integrity
Monitoring for suspicious activity and unauthorized access

4.5 Legal Compliance (Legal Basis: Legal Obligation, Art. 6(1)(c) GDPR)

Complying with applicable laws, regulations, and legal processes
Responding to lawful requests from public authorities
Maintaining records for tax and accounting purposes
Defending against legal claims

5. Data Sharing and Disclosure

We do not sell your personal data. We share your information only in the following circumstances:

5.1 Service Providers

We engage trusted third-party service providers who process data on our behalf under strict confidentiality agreements:

Cloud hosting: Amazon Web Services (AWS) / Google Cloud Platform (data stored in EU region)
Analytics: Google Analytics (anonymized IP addresses)
Payment processing: Stripe (PCI-DSS compliant)
Email services: SendGrid / Amazon SES
Customer support: Zendesk / Intercom
CRM and marketing: HubSpot

5.2 Business Transfers

If Rizzqo is involved in a merger, acquisition, reorganization, asset sale, or bankruptcy, your personal data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your personal data if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to lawful requests by public authorities.

5.4 With Your Consent

We may share your personal data with third parties when you explicitly consent to such sharing.

6. International Data Transfers

Your personal data is primarily processed and stored within the European Economic Area (EEA). However, some of our service providers are located outside the EEA, particularly in the United States. When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses for transfers to third countries
Adequacy Decisions: We transfer data to countries recognized by the EU Commission as providing adequate data protection
Certification mechanisms: We work with providers certified under recognized frameworks (e.g., Privacy Shield successors)

You may request a copy of the safeguards we have implemented for international transfers by contacting [email].

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Account data: Retained for the duration of your account plus 30 days after termination, except for billing records (kept for 10 years for tax compliance)
Customer Data in our platform: Retained during your subscription period and 30 days after termination (exportable upon request)
Marketing communications: Until you unsubscribe or request deletion
Website analytics: Retained for 26 months (Google Analytics default)
Support correspondence: 3 years for quality and legal purposes
Security logs: 90 days unless required for investigations

After the retention period expires, we securely delete or anonymize your personal data in accordance with our data deletion procedures.

8. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

8.1 Right of Access (Art. 15 GDPR)

You can request confirmation of whether we process your personal data and obtain a copy of your data.

8.2 Right to Rectification (Art. 16 GDPR)

You can request correction of inaccurate or incomplete personal data. You can also update most information directly through your account settings.

8.3 Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)

You can request deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes it was collected, you withdraw consent, or you object to processing. Note that we may retain certain data when required by law or for legitimate business purposes.

8.4 Right to Restriction of Processing (Art. 18 GDPR)

You can request that we limit how we use your personal data while we investigate your concerns about accuracy or lawfulness of processing.

8.5 Right to Data Portability (Art. 20 GDPR)

You can request to receive your personal data in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible.

8.6 Right to Object (Art. 21 GDPR)

You can object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds.

8.7 Right to Withdraw Consent (Art. 7(3) GDPR)

Where processing is based on consent, you can withdraw your consent at any time. This does not affect the lawfulness of processing prior to withdrawal.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement. In Germany, you can contact your state data protection authority or:

Federal Commissioner for Data Protection and Freedom of Information (BfDI)

Graurheindorfer Str. 153, 53117 Bonn, Germany

To exercise your rights, please contact us at [email]. We will respond to your request within one month, which may be extended by two additional months in complex cases. We may request verification of your identity before processing your request.

9. Data Security

We implement comprehensive technical and organizational security measures to protect your personal data:

Encryption: TLS 1.3 for data in transit, AES-256 encryption for data at rest
Access controls: Role-based access control (RBAC), multi-factor authentication (MFA), principle of least privilege
Infrastructure security: ISO 27001-certified data centers, regular security audits, penetration testing
Application security: Secure coding practices, vulnerability scanning, regular security updates
Monitoring and logging: 24/7 security monitoring, intrusion detection systems, audit logs
Employee training: Regular security awareness training, confidentiality agreements
Incident response: Documented incident response procedures, breach notification protocols
Backup and recovery: Regular encrypted backups, disaster recovery plan

Despite our best efforts, no method of transmission over the Internet or electronic storage is 100% secure. If you have reason to believe your interaction with us is no longer secure, please immediately notify us at [email].

10. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email]. We will promptly delete such information from our systems.

11. Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you, as defined under Article 22 of the GDPR. Any analytics or data processing we perform is for improving our Services and does not result in automated decisions about individuals.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. We will notify you of material changes by posting a notice on our website or sending an email to your registered email address at least 30 days before the effective date. The "Last Updated" date at the top of this Policy indicates when it was last revised. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Rizzqo GmbH

[Company Address]

Email: [email]

Data Protection Officer: [email]

Website: rizzqo.com