Scroll to discover
Schedule Live Demo
Skip to content

Privacy Policy

IriusRisk SL (“IriusRisk”, “The Company” or “we/us”), is committed to protecting the privacy of the users our Services and visitors of our website (“You/r”). This Privacy Policy is part of IriusRisk’s Terms of Use and explains our practices regarding the use of personal data collected and processed through our Services.

Commercial Communications

If you tick the corresponding boxes and submit forms across our website, you also consent to receiving commercial communications from us regarding our and other services (see below). If later you do not wish to receive commercial Information about IriusRisk and other services (defined below), you can expressly opt out by sending a notification to or by clicking the unsubscribe link in our email communications.


The entity responsible for processing personal data (Data Controller) on and in communications with us is IriusRisk SL, with address at Parque Tecnológico Walga, Ctra. Zaragoza N-330A, Km. 566, 22197 Cuarte (Huesca), Spain. All communications regarding the processing of personal data by IriusRisk shall be directed to our Privacy Manager, on


2.1 Data collected

Through our website and other communications with you, we collect and process the following data:

  1. Demo Registration. On registering to our website for use of our Demo Services, we will collect the following personal data: first name, last name, email, company name, password. These data are mandatory and if they are not provided, an account cannot be created.
  2. Contact us. If you fill the form to contact us, we will collect the following data: First name, last name, company name, email, number of applications built per year (optional).
  3. Newsletter. If you wish to receive our newsletter, IriusRisk gives you the option to subscribe to receive the latest news by providing us with your email address.
  4. Use of our products and services. On using our products and services, we may collect the following data that may be associated with your client account: internet protocol (“IP”), connection times, activity, communications, and other data associated with your account during the course of service provision.
  5. IriusRisk Community Edition Registration. On registering to IriusRisk Community Edition, we will collect the following personal data: first name, last name, email, password. These data are mandatory and if they are not provided, an account cannot be created.

It is important that the personal data we hold about you is accurate and current. You are responsible for the accuracy of the information you provide to us and you are expected to update any information you provide us with.

2.2 Data use

We use your personal data to:
  • Management of your relationship with us.
  • Contact you and manage all the request you are asking us.
  • Provide our Services, as described in our Terms.
  • Creating and managing your demo account.
  • Measure and improve our services and features.
  • Provide you with customer contact and support.
  • Send any newsletters, notification emails or commercial communications in general about our products and services and any new features, offers or promotions offered by us, when applicable.

2.3 Legal basis

The legal basis of this processing is the provision of our services and our legitimate interest to contact you and respond to your requests. If you opt-in to our newsletter, or submit a form that explicitly states that it requires your email address to deliver the information you have requested from us, the legal basis is your consent.


We treat your personal data with strict confidentiality in accordance with applicable law. However, we shall disclose any personal or other data you provide us in compliance with a legal obligation or in order to correctly deliver our Services or perform other obligations in accordance to the applicable regulations and rules set forth in the website Terms, or in the event of a sale of change of control of the Company. IriusRisk will ensure that your identity will be kept strictly confidential and will not be passed to a third party outside of what has been stated and agreed herein and in the Terms of Use.


If you request our newsletter, you consent to receiving commercial communications including our newsletters, notification emails or other communications in general about us and our products and any new features, offers or promotions offered by us. If later you no longer wish to receive commercial Information about IriusRisk and our services, you can expressly opt out by sending a notification to or by clicking the unsubscribe link in our email communications.


We use third party technological services for the provision of Services, whose providers may process your Data collected in the course of providing us their services indicated below, as sub-processors. These entities may be in jurisdictions that may not provide adequate safeguards in relation to the processing of personal data. However, we have entered into contracts with such entities that do include such safeguards, including the EC model clauses. For more information, please contact You specifically authorize us to subcontract the following services and the corresponding transfer of User Data to Google, Hubspot, Salesforce, Leadfeeder, Pipedrive, Atlassian, Slack, and AWS which are within the EU-US Privacy Shield.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.


We will retain the personal data submitted through registration and collected during the course of the Demo and Community Services until termination of the Demo and Community Agreement and deactivation of your Account either by you or us. Once such personal data is no longer used for the purpose mentioned above, it will be deleted.

Also, we may retain personal data beyond the aforementioned periods for legal or administrative reasons, such as defending our responsibility and complying with mandatory legal obligations, subject to applicable law.


We have adopted technical and organizational measures in accordance with applicable law to preserve and protect your personal information from unauthorized use or access and from being altered, lost or misused, taking into account the technological state of art, the features of the information stored and the risks to which information is exposed. However, due to the nature of the information and related technology, we cannot ensure or guarantee the security of your personal information and expressly disclaims any such obligation. If we learn of a security breach, then we will attempt to notify you electronically so that you can take appropriate steps.


You have the following rights under the data protection laws in relation to your personal data:

  • Request access to your personal data (commonly known as a “data subject access request”).
  • Request correction of the personal data that we hold about you.
  • Request erasure of your personal data.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party).
  • Request restriction of processing of your personal data.
  • Request the transfer of your personal data to you or to a third party (right to data portability).
  • Withdraw consent at any time where we are relying on consent to process your personal data.
  • The aforementioned rights may be effective by contacting us at or at IriusRisk S.L., Parque Tecnológico Walga, Ctra. Zaragoza N-330A, Km. 566, 22197 Cuarte (Huesca), Spain, provided that you include a digital copy of your identification document such as your ID card or passport.
You also have the right to make any complaint to the competent authority, in this case the Spanish Data Protection Agency (Agencia Española de Protección de Datos), C/. Jorge Juan, 6, 28001 Madrid, Spain. Please, for more information visit:


We reserve the right to amend the terms of this Privacy Policy and will notify you by providing a clear notice of these changes by email or on our Website, and in this Privacy Policy. If you continue to use our Services after such update, you will be deemed to accept the new terms. If you do not accept the update, please notify us and we will terminate your Account and remove any of your personal data (except as required to be maintained for legal purposes), and you will not be able to continue to use our Services.

Unless a specific local regulation sets forth to the contrary, the Privacy Policy is governed by the laws of Spain.