ComplianceOnline Privacy Policy


ComplianceOnline is a service provided by MetricStream Inc. In this Privacy Policy, "ComplianceOnline", "us", "we" and "our" refers to MetricStream Inc dba ComplianceOnline.

ComplianceOnline is committed to protecting your privacy and to give you a secure online experience. This privacy statement explains ComplianceOnline's data collection and use practices. By accessing this site, you agree to the terms of this Privacy Policy. This policy does not override any terms directly established between you and ComplianceOnline.

ComplianceOnline International Compliance

This Privacy Policy also explains how we will store your information in the United States, in the European Economic Area (EEA), and in other locations outside of the EEA. Any transfer of your data to the United States or another location outside the European Economic Area will be in compliance with applicable European data protection laws and in respect of transfers to the United States comply with the E.U. - U.S. Privacy Shield Framework, details of which are set out below.

Collecting Personal Information

We will ask you when we need information that personally identifies you (personal information) or allows us to contact you. Generally, this information is requested when you are ordering e-mail newsletters, joining a limited-access premium site, or purchasing products or services. Personal information collected by ComplianceOnline often is limited to name, e-mail address, phone number, country or location, but may include other information when needed to fulfill your request or order.

ComplianceOnline may ask you to provide certain information about yourself by filling out and submitting an online form. It is completely optional for you to engage in these activities. If you elect to engage in these activities, however, ComplianceOnline may ask that you provide us personal information, such as your first and last name, mailing address (including ZIP code), e-mail address, employer, job title and department, telephone and fax numbers, and other personal information.

When ordering products or services, you may be asked to provide a credit card number. Depending upon the activity, some of the information that we ask you to provide is identified as mandatory and some as voluntary. If you do not provide the mandatory data with respect to a particular activity, you will not be able to proceed with that activity.

When you buy and install the new products, we may ask you to register your purchase electronically. When you do, we keep this registration information on file with any information you've already given us on previous visits to our Web site. This is considered your personal profile.

This site may use technology that lets ComplianceOnline collect certain technical information, such as IP addresses, browser types, traffic patterns and the address of any referring Web sites, and uses HTTP cookies for systems administration. However, if you do not wish to receive cookies, or want to be notified of when they are placed, you may set your Web browser to do so, if your browser so permits.

ComplianceOnline may monitor how a visitor arrives at the Web site, but cannot and will not gather information about other sites you have been on. ComplianceOnline does not link IP addresses to anything personally identifiable.

Use of Personal Information

ComplianceOnline may use your personal information for the following purposes:

To make the site easier for you to use by entering your personal information only once;

To provide information to allow ComplianceOnline to create and publish content most relevant to its customers; and to alert its customers to product upgrades, special offers, updated information and other new products and services.

You may remove your name from any ComplianceOnline's distribution list by clicking on a link provided within each electronic communication, or by replying to the email with the subject line "unsubscribe".

If you supply ComplianceOnline with your telephone number online, you may receive telephone contact from us with information regarding new products and services or upcoming events. If you do not wish to receive such telephone calls, please let us know by calling the telephone number below.

Links to Other Sites

ComplianceOnline website may provide links that can take you to other Web sites, which may include ComplianceOnline's partner Web sites. You should review the privacy and other policies at third party sites you visit, since those sites are not bound by ComplianceOnline's privacy policy, and ComplianceOnline has no control over the content of these other sites, nor the usage of information they gather.

This Privacy Policy covers the privacy practices by ComplianceOnline, and does not cover the privacy practices of third party websites or features. ComplianceOnline is not responsible for the privacy policies and/or practices of third parties.

Analytics partners

ComplianceOnline works with companies that provide services to us to determine whether users who saw or clicked on an ad or content later bought the item displayed in the ad (or took some other action ComplianceOnline wanted them to take). To do this, these companies may collect information about the content or ads users view, how long they spend on different pages, how they arrived on a particular page (e.g., through a search query, link from another page, or a bookmark), and how they respond to the ads we show them. ComplianceOnline also may share portions of our log file data, including IP address, with these partners for analytics purposes. In the event your IP address is shared, this information may be used to estimate general location and other technographics such as connection speed, whether you have visited ComplianceOnline website in a shared location, and type of the device used to visit ComplianceOnline website. These partners provide information about our advertising and what you see using ComplianceOnline to provide auditing, research and reporting for us.

The analytics provider with whom we work is listed below. For more information, please review their privacy policy.

Legal Compliance

We reserve the right to access and disclose your information when we believe in good faith that such disclosure is necessary to: (a) enforce legal rights and comply with the law; (b) comply with an order from a government entity or other competent authority, (c) prevent or address potential or actual injury or interference with our rights, property of ComplianceOnline and its family of Web sites, operations, users or others who may be harmed or may suffer loss or damage; (d) protect our rights, prevent fraud and/or comply with judicial proceeding, court order, or legal process served on MetricStream.

California Privacy Disclosures
Effective as of January 1, 2021

In this Additional California Privacy Disclosures, "ComplianceOnline", "us", "we" and "our" refers to MetricStream Inc. dba ComplianceOnline. ComplianceOnline is committed to protecting your privacy. By accessing ComplianceOnline's websites, you agree to the terms of Privacy Policy posted at This Supplement provides additional privacy disclosures and informs you of your additional rights as a California resident, and should be read in conjunction with our Privacy Policy. The California Consumer Privacy Act ("CCPA") gives you certain rights with respect to the processing of your personal information.

By availing yourself of the rights set forth below, you are declaring you are a California resident:

The Right to Know Your Personal Information
You have the right to request that we disclose personal information we collect, use, disclose and "sell" about you over the prior twelve (12) months. Under the CCPA, a "sale" means providing to a third-party personal information for valuable consideration. ComplianceOnline does not sell your personal information. To make a verifiable request for information about the personal information we have collected about you, please email [email protected]. We will not discriminate against you for exercising any of your rights under the CCPA.

Law Enforcement

Under certain circumstances, we may be required to disclose your information to government or law enforcement officials in response to a lawful request by a public authority or if we have to do so to comply with a legal obligation, including to meet national security or law enforcement requirements. We can also disclose your information in order to apply or enforce our terms and conditions or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent or prevent any illegal activity (including for the purposes of fraud protection and credit risk reduction).

You will be notified when any identifying information about you is collected or shared by any third party that is not our service provider, so you can make an informed choice as to whether to share your information with that party. If you do not wish to have your information shared and want to opt out from receiving further communications from any third party that is not our agent or service provider, please contact that third party directly.


Protecting your privacy and your information is a top priority at ComplianceOnline. ComplianceOnline has taken appropriate measures to prevent the loss, misuse and alteration of your information. Once ComplianceOnline receives information that is entered into its Web site, it is stored behind a firewall. All ComplianceOnline employees are aware of the company's privacy and security policies. Your information is only accessible to those employees who need it in order to perform their jobs.

EU-US Privacy Shield

For the personal data that we receive from EEA, we remain compliant with EU-US Privacy Shield as specified by the United States Department of Commerce pertaining to personal data collection, retention and use from EU countries. We adhere to the Privacy Shield principles of notice, choice, accountability for onward transfers, security, data integrity & purpose limitation, access and recourse, enforcement and liability when processing personal data from the EEA in the US.

Visitors to our website from outside the US must be aware that they are sending information to the US where our servers are located. Further, this information may be transferred to other countries depending on the type of information and the way it is stored by us. US or the countries that the data is being sent to may or may not have data protection acts that are as protective or comprehensive as your country, but our privacy policy will continue to govern the usage, storage and collection of personal data.

Accountability and Liability for Onward Transfer

ComplianceOnline is required to take certain steps when transferring personal data received from the European Union to third parties (such as including contractual provisions in our third party contracts which require them to provide the same level of protection the Privacy Shield requires and limiting their use of the data to the specified services provided on our behalf).

We take reasonable and appropriate steps to ensure that third parties process personal data in accordance with our Privacy Shield obligations and to stop and remediate any unauthorized processing.

Under certain circumstances, we may remain liable for the acts of third parties who perform services on our behalf in connection with their handling of personal data that we transfer to them(including where we transfer personal data to them pursuant to the Privacy Shield).

Privacy Complaints Handling, Recourse and Enforcement

In compliance with the Privacy Shield Principles, ComplianceOnline commits to resolve complaints about your privacy and our collection or use of your personal information (without charge to you). European Union individuals with inquiries or complaints regarding this Privacy Policy should first contact us at: [email protected]

We will respond to any complaints as soon as possible and within 45 days.

You may also refer a complaint to your local data protection authority and we will work with them to resolve your concerns.

Please note that if your complaint is not resolved through these channels, in certain limited circumstances, a binding arbitration option may be available provided that you have taken the following steps: (1) raised your compliant directly to us using the contact details above and provided us the opportunity to resolve the issue; and (2) raised the issue through the relevant data protection authority and allowed the U.S Department of Commerce an opportunity to resolve the complaint at no cost to you.

ComplianceOnline is subject to the investigatory and enforcement powers of the Federal Trade Commission in the case of any failure to comply with the Privacy Shield.

Access to information

You have the right to access the personal data we collect about you in the EEA and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where we must comply with legal requirements or if providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access.

If you would like to request access to, correction, or deletion of your personal data collected in the EEA, you can submit a written request using the contact information provided below. We may request specific information from you in order to confirm your identity. In some circumstances, we may charge a reasonable fee for access to your information.

Processing information for our customers and GDPR:

Where we process personal information in connection with the provision of our services and solutions to our customers, we only collect, process and store personal information to support and provide those solutions. We act as data processors on behalf of our customers and do not use such information for our own purposes.

ComplianceOnline as Data Processor

As a service provider to its customers, ComplianceOnline applications may capture personal data (name, email address, contact info, company affiliation) to track the records entered into the system from an authentication and authorization perspective. In this capacity, ComplianceOnline acts as a data processor on behalf of its customers.

As a data processor, ComplianceOnline has put in place appropriate technical and organizational measures to help ensure that its processing activities meet the requirements of GDPR, some of which we have described in this statement.

ComplianceOnline has implemented various security measures including controls and application and network level security audits by third-parties as well as robust standard operating procedures to manage any security incidents.

ComplianceOnline is committed to ensuring that it has data transfer and data management mechanisms in place as required by the GDPR. Further, as an ISO 27001 and SSAE16 SOC 2 certified organization, ComplianceOnline adheres to all necessary controls to protect customer data.


ComplianceOnline may, in its discretion, alter or add to this Privacy Policy. You should check this part of ComplianceOnline's Web periodically to determine if there has been a change. If we make material changes to this Privacy Policy, we will notify you here, by email, or by means of a notice on our home page.


This Privacy Policy reflects ComplianceOnline's internal guidelines, and is not a contract.

ComplianceOnline Contact Information

Questions regarding this policy and any requests to access or modify data should be directed to our data privacy team at the following email address: [email protected], Or you can mail, phone, mail to: ComplianceOnline, 6201 America Center Drive, Suite 240, San Jose, CA 95002, USA, Phone: 650-332-0333, Email: [email protected]

Last Update

January 22, 2021