Privacy Policy

This service ("The Inertia Audit™") is operated by Mariam Onsi Abdien Mahmoud Ibrahim Fathelbab (the "Seller", "we", "us"). We act as the data controller for personal data collected through this site.

We collect the following categories of personal data:

• Account data: email address and authentication identifiers.
• Audit content: organization name, industry, initiative description, inertia signal scores, and the diagnostic outputs we generate.
• Usage and device data: IP address, browser/device identifiers, and basic telemetry needed to operate and secure the service.
• Support communications: messages you send us.

Payment and billing details (card number, billing address, tax IDs) are collected directly by our reseller Paddle — we do not see or store full card data.

• Provide the service (generate audits, render dashboards, let you re-open prior audits) — legal basis: performance of a contract.
• Security, fraud prevention, and service integrity — legal basis: legitimate interests.
• Customer support — legal basis: performance of a contract and legitimate interests.
• Legal and tax compliance (including records of sales via Paddle) — legal basis: legal obligation.
• Product improvement and aggregated analytics — legal basis: legitimate interests.

We do not sell your data. We share limited data with the following categories of recipients:

• Paddle.com Market Ltd ("Paddle") — our Merchant of Record. Paddle processes payments, manages subscriptions, handles tax compliance, invoicing, and refunds. See Paddle's privacy policy at paddle.com/legal/privacy.
• Hosting and infrastructure provider: Lovable Cloud (managed Postgres + edge hosting), used to store and serve your account and audit data.
• AI provider: a third-party large-language-model provider that processes audit inputs transiently to generate the diagnostic. Inputs are not used to train their models.
• Professional advisers (legal, accounting) where strictly necessary.
• Authorities where required by law.

Data is stored on Lovable Cloud (managed Postgres) with row-level security: only the authenticated user who created an audit can read or modify it. Backups are encrypted at rest. Some recipients (Paddle, our AI provider, hosting) may process data outside your country, including in the EEA, UK, and US. Where required, transfers rely on Standard Contractual Clauses or equivalent safeguards.

• Account data: while your account is active, plus up to 12 months after closure for security and dispute handling.
• Audit content: while your account is active; deleted within 30 days of account deletion.
• Payment and tax records: retained by Paddle and by us for up to 10 years to meet tax and accounting obligations.
• Support communications: up to 24 months.
• Server logs and security telemetry: up to 90 days.

Subject to applicable law (including GDPR where it applies), you have the right to access, rectify, erase, restrict, or port your data, and to object to certain processing. You can also withdraw consent where processing is based on consent, and lodge a complaint with your local data protection authority. To exercise any right, email privacy@inertia-audit.com. We respond within 30 days.

We use appropriate technical and organisational measures, including encryption in transit and at rest, row-level access controls, and least-privilege access for staff.

We use a single session cookie to keep you signed in. We do not run third-party advertising trackers. Paddle's checkout may set its own cookies strictly necessary to process your payment.

Mariam Onsi Abdien Mahmoud Ibrahim Fathelbab — privacy@inertia-audit.com.