Privacy Policy

Last Updated: February 2026

Bridge GRC ("we", "our", or "us") is committed to protecting the privacy of our website visitors, clients, and platform users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

1. Information We Collect

Information You Provide

We collect information you voluntarily provide when you:

• Fill out contact or demo request forms (name, email, company, role)
• Create an account on our platform
• Communicate with us via email or other channels
• Subscribe to our newsletter or marketing communications

Automatically Collected Information

When you visit our website, we may automatically collect:

• Browser type, operating system, and device information
• IP address and approximate geographic location
• Pages visited, time spent, and navigation patterns
• Referral source and search terms

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process demo requests and respond to inquiries
• Send administrative communications about your account or our services
• Analyze usage patterns to improve our website and platform
• Comply with legal obligations and regulatory requirements
• Protect against fraudulent, unauthorized, or illegal activity

3. Data Protection

We implement industry-standard security measures to protect your personal information, including encryption in transit and at rest, access controls, and regular security assessments. As a governance, risk, and compliance company, we hold ourselves to the highest standards of data protection.

4. Saudi Arabia Data Protection

Bridge GRC operates in compliance with the Saudi Arabia Personal Data Protection Law (PDPL) issued by the Saudi Data and Artificial Intelligence Authority (SDAIA). We process personal data lawfully and transparently, and we respect the rights of data subjects as outlined in the PDPL, including the right to access, correct, and request deletion of personal data.

5. Data Sharing

We do not sell your personal information. We may share your information with:

• Service providers who assist in operating our website and services (subject to confidentiality agreements)
• Regulatory authorities when required by law
• Professional advisors such as legal counsel and auditors

6. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Request deletion of your personal data (subject to legal retention requirements)
• Withdraw consent for marketing communications at any time
• Lodge a complaint with the relevant data protection authority

7. Cookies

Our website may use cookies and similar tracking technologies to enhance your browsing experience. You can manage cookie preferences through your browser settings. Essential cookies required for website functionality cannot be disabled.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a revised "Last Updated" date.

9. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at hello@bridgegrc.com or visit our Contact page.