This policy explains what Tensor Compliance collects, how we use it, and the protections we apply. We design our product so that we collect the minimum data needed to deliver continuous compliance.
We collect account information (name, work email, company) when you create an account or request a demo. When you connect Tensor to your cloud, identity provider, or HR system, we read configuration and metadata required to evaluate your controls — for example, role assignments, encryption settings, MFA enforcement, and asset inventories. We do not ingest customer end-user content unless explicitly required by a control you enable.
All Tensor integrations are read-only by default. We do not modify your systems. Where a write scope is required for a specific capability, you opt in explicitly and can revoke it at any time. Credentials are stored encrypted and never in plaintext.
We use the data we collect to evaluate controls, produce evidence, generate reports, alert you to drift, and improve the service. We do not sell customer data. We do not use customer data to train external models.
Customer environments are logically isolated. Access to production data is least-privilege, MFA-enforced, and fully logged. All access is reviewed on a recurring basis.
You may request access to, correction of, or deletion of personal data we hold about you. You may also request a copy of the sub-processors we use. To exercise these rights, email contact@tensorcompliance.com.
We retain customer security data while your account is active and for the period required to support audits you may be undergoing. Upon termination, we delete or return customer data per the terms of your subscription agreement.
Questions about this policy? Email contact@tensorcompliance.com.