1. Introduction

This Privacy Policy explains how Redress Compliance LLC ("Redress Compliance", "we", "us", "our") collects, uses, shares, and safeguards personal information when you visit redresscompliance.com, download our research, complete one of our assessments, or engage our advisory services. We are an independent, buyer-side enterprise software licensing advisory firm, and we take the privacy of the people who read, download, and engage with us seriously.

Because our work is global — we serve enterprise buyers in the United States, the United Kingdom, the European Economic Area, and more than thirty other jurisdictions — this policy is written to comply with the most protective of the privacy frameworks that apply to us: the EU General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and the privacy laws of the State of Florida where our company is registered.

If you have any question about how we handle your data, the most direct way to reach our privacy function is privacy@redresscompliance.com. Your feedback and questions are always welcome.

2. Who We Are

The data controller for the purposes of GDPR and UK GDPR, and the business for the purposes of CCPA/CPRA, is:

Redress Compliance LLC
1314 E Las Olas Blvd
Fort Lauderdale, FL 33301
United States
Telephone: +1 (239) 402-7397
Email: info@redresscompliance.com

We have not appointed a statutory Data Protection Officer because we are not required to do so under Article 37 GDPR, but our privacy contact point handles all data subject requests and inquiries.

3. Information We Collect

We collect the minimum information necessary to operate our website, deliver the research and assessments you request, respond to your inquiries, and run our enterprise advisory business. We group the personal information we collect into four categories.

3.1 Information you give us directly

When you complete one of our gated download forms — for example, to download a white paper, case study, or assessment tool — we ask for your full name, your job title, and your corporate email address. We do not accept personal or free-provider email addresses on our download forms (we validate and block the most common free-provider domains) because our content is written for enterprise buyers, and because the corporate email address gives us the context to follow up appropriately. When you contact us through the contact form, book a meeting, or email us directly, we also collect the content of your message and any attachments you send us.

3.2 Information we collect automatically

When you visit our website, our servers and analytics tools automatically record certain information, including your IP address (truncated and anonymised before storage where technically possible), the pages you visit, the referring URL, the timestamps of your visit, and basic information about your browser and device. We use this information to understand which of our research pieces are most valuable to readers, to identify and prevent abuse of our download forms, and to improve the performance of the site.

3.3 Cookies and similar technologies

We use cookies and similar technologies for three purposes: strictly necessary cookies that make the site function, analytics cookies that help us understand readership patterns, and advertising/conversion cookies that measure the effectiveness of our paid campaigns on LinkedIn and Google. Our cookie practices are described in detail in Section 11 below.

3.4 Information from engagement and project work

If your organisation engages Redress Compliance for an advisory project, we will inevitably process personal information belonging to your employees — typically name, job title, business contact details, and in some projects further business context relevant to a licensing matter. That processing is covered by the Data Processing Addendum that accompanies the master services agreement with your organisation; this Privacy Policy describes only the personal information we collect in our capacity as the data controller (marketing, research access, and website operation).

4. How We Use Your Information

We use the personal information we collect for the following specific purposes:

  • Delivering research you request. When you submit one of our gated download forms we email (or redirect you to) the specific white paper, case study, or assessment you requested, and we retain a record of that request so we can serve you related research in the future.
  • Responding to your inquiries. When you contact us we use your information to respond to the question you asked and to follow up where a follow-up is appropriate.
  • Sending our newsletters and research updates. Where you opt in, we include you on our newsletter distribution list. Every newsletter email contains a one-click unsubscribe link and you can also email privacy@redresscompliance.com to opt out at any time.
  • Operating and improving the website. We analyse aggregated usage data to understand which research is most useful and to identify technical issues.
  • Marketing our services to enterprise buyers. We run advertising campaigns on LinkedIn and Google and use conversion-measurement pixels to understand which campaigns are effective. We do not sell advertising space on our site.
  • Preventing fraud and abuse. We block submissions from free-provider email addresses, from known disposable-email services, and from automated form-submission bots.
  • Complying with legal obligations. We retain records where we are required to by applicable law, including tax, accounting, and contract-retention rules.

5. Legal Bases for Processing (GDPR and UK GDPR)

If you are located in the European Economic Area or the United Kingdom, we rely on the following legal bases under Article 6 of the GDPR and UK GDPR:

  • Legitimate interests (Art. 6(1)(f)). For operating and securing our website, for responding to inquiries that come to us through a business context, for direct marketing to enterprise buyers where there is an existing business relationship, and for analytics on aggregated and anonymised data. We have undertaken a legitimate-interest assessment for each of these activities and in every case the business interest does not override the data subject's privacy interests.
  • Consent (Art. 6(1)(a)). For non-essential analytics and advertising cookies, for newsletter subscriptions, and for any marketing contact where a pre-existing business relationship does not apply. Where we rely on consent you can withdraw that consent at any time without detriment, and withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
  • Contract (Art. 6(1)(b)). For processing necessary to deliver research you explicitly requested and to perform our advisory services under an engagement contract.
  • Legal obligation (Art. 6(1)(c)). For record-keeping required by tax, accounting, and other regulatory rules applicable to us.

We do not collect or process special-category personal data (racial or ethnic origin, religious beliefs, health data, etc.) through the website, and we do not engage in automated decision-making with legal or similarly significant effects.

6. Who We Share Your Information With

We do not sell personal information. Full stop. That includes not selling it under the CCPA/CPRA meaning of "sale", which is broader than the everyday meaning.

We share personal information only with the following categories of recipients, and only to the extent necessary for the specific purpose:

  • Our service providers. We use carefully vetted third parties to deliver specific technical functions: email delivery (including transactional emails containing your requested downloads), form-processing (our download forms submit to Formspree), website analytics (Google Analytics 4), customer relationship management, and advertising-conversion measurement (LinkedIn, Google Ads). Each of these providers acts as a data processor under GDPR and is contractually bound by a Data Processing Addendum with terms equivalent to Article 28 GDPR.
  • Advisory partners. In limited cases we engage independent contractors who work with us on advisory engagements. Those contractors are bound by confidentiality and data protection terms at least as strict as those in this policy.
  • Professional advisors. Our lawyers, accountants, insurers, and auditors, each bound by their own professional confidentiality obligations.
  • Legal and regulatory recipients. Where we are required to share information by law, court order, or valid regulatory request, or where we need to share to establish, exercise, or defend our legal rights.
  • Corporate transactions. If Redress Compliance is acquired or merges with another business, personal information may transfer to the acquirer as part of the transaction, subject to this Privacy Policy.

7. International Data Transfers

Redress Compliance is a US-based company, and our primary data-processing infrastructure is located in the United States. If you are located in the European Economic Area, the United Kingdom, or Switzerland, your personal information is transferred to the United States when you interact with our website or services. We protect those transfers using the European Commission's Standard Contractual Clauses (SCCs) and, for UK transfers, the UK International Data Transfer Addendum to the SCCs. We conduct transfer impact assessments for the third parties that process data outside the EEA/UK, and we apply supplementary measures (encryption in transit and at rest, access controls, and data minimisation) where appropriate.

8. How Long We Keep Your Information

We retain personal information only for as long as it is necessary for the purposes for which it was collected, or to meet legal, regulatory, or contractual obligations. The retention periods we apply are:

  • Website download records. Three years from the date of the download, unless you are part of an active business conversation or engagement with us, in which case we retain the record until the end of that engagement plus three years.
  • Inquiry and contact-form submissions. Two years from the date of the last substantive contact, unless a business conversation or engagement continues.
  • Newsletter subscribers. For as long as you remain subscribed, plus six months after unsubscription for suppression-list purposes (to make sure we do not re-add you).
  • Engagement records. The duration of the engagement plus seven years, reflecting the typical statutory retention period for business records in the jurisdictions where we operate.
  • Analytics and cookie data. Aggregated analytics data is retained for up to 26 months. Cookie data is retained for the lifetime of the cookie (see Section 11).

9. Your Rights Under GDPR and UK GDPR

If GDPR or UK GDPR applies to the processing of your personal information, you have the following rights, and you can exercise any of them free of charge by emailing privacy@redresscompliance.com:

  • Right of access. You can ask us whether we process your personal information and, if so, receive a copy of it along with supporting information.
  • Right to rectification. You can ask us to correct inaccurate personal information and to complete incomplete personal information.
  • Right to erasure ("right to be forgotten"). You can ask us to delete your personal information where one of the grounds in Article 17 GDPR applies.
  • Right to restrict processing. You can ask us to restrict (pause) the processing of your personal information while a dispute or request is being resolved.
  • Right to data portability. For personal information we process on the basis of consent or contract and by automated means, you can receive the information in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Right to object. You can object at any time to processing based on legitimate interests and to processing for direct marketing purposes. For direct marketing, the objection is absolute.
  • Right to withdraw consent. Where we process on the basis of consent, you can withdraw that consent at any time.
  • Right to lodge a complaint. You can complain to your local data protection supervisory authority. In the UK, that is the Information Commissioner's Office (ico.org.uk). In the EU, that is the supervisory authority in your country of residence or place of work. We would, of course, appreciate the opportunity to address your concerns directly before you escalate.

To protect your information, we will need to verify your identity before responding to a rights request. We aim to respond within 30 days, although in complex cases we may extend this period by up to a further 60 days, and we will notify you if we need to do so.

10. Your Rights Under CCPA/CPRA (California Residents)

If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act gives you the following rights with respect to the personal information we hold about you:

  • Right to know. You have the right to know the categories of personal information we collect, the categories of sources, the business or commercial purposes for collection, the categories of third parties with whom we share it, and the specific pieces of personal information we have collected about you in the preceding twelve months.
  • Right to delete. You have the right to request deletion of personal information we hold about you, subject to certain exceptions (for example, we may retain information necessary to complete a transaction, to detect security incidents, or to comply with a legal obligation).
  • Right to correct. You have the right to ask us to correct inaccurate personal information.
  • Right to opt out of sale or sharing. You have the right to opt out of the "sale" or "sharing" of your personal information. Redress Compliance does not sell or share personal information in the CCPA/CPRA meaning of those terms, and we have not done so in the preceding twelve months.
  • Right to limit the use of sensitive personal information. We do not collect or process sensitive personal information as defined by CPRA.
  • Right to non-discrimination. We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise any of these rights, email privacy@redresscompliance.com. We will verify your identity against information we already hold about you before responding. You may use an authorised agent to submit a request on your behalf, provided you give the agent written permission that we can verify.

11. Cookies and Tracking Technologies

Our website uses cookies and similar technologies in three categories:

11.1 Strictly necessary cookies

These cookies are essential to the operation of the website — for example, to maintain form state while you complete a download form, to remember your cookie-consent preferences, and to protect against automated abuse. They are set without consent because without them the site cannot function as you have requested. They expire at the end of the browser session or within 12 months.

11.2 Analytics cookies

We use Google Analytics 4 to understand aggregated readership patterns. Analytics cookies are only set where you have given consent through our cookie banner (or where consent is not legally required for the jurisdiction you are visiting from). You can withdraw analytics consent at any time by clicking the cookie settings link in the footer.

11.3 Advertising and conversion cookies

We use conversion pixels from LinkedIn Ads and Google Ads to measure the effectiveness of our paid campaigns. These are set only with consent, and you can withdraw consent at any time via the cookie settings link in the footer. We do not use these pixels for retargeting to individuals across the open web.

Most browsers allow you to control cookies through their settings. Blocking cookies may affect the functionality of the site — in particular, our download forms require strictly necessary cookies to function.

12. Security

We apply appropriate technical and organisational measures to protect personal information against unauthorised access, alteration, disclosure, or destruction. Our measures include encryption of data in transit (TLS 1.2 or higher on all public endpoints) and at rest where the data is stored in systems that support it, role-based access controls within our CRM and file stores, multi-factor authentication on administrative accounts, vendor due diligence on each data processor, and documented incident-response procedures. No method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security; but we take the protection of the personal information we hold seriously.

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where the risk is high, notify affected individuals without undue delay.

13. Children's Privacy

Our website and services are directed at enterprise buyers and licensing professionals, not at children. We do not knowingly collect personal information from anyone under the age of 16. If you believe a child has provided us with personal information, please contact us at privacy@redresscompliance.com and we will delete that information promptly.

14. Third-Party Websites and Services

Our website contains links to third-party websites — vendor documentation, regulator portals, partner sites — which are outside our control. This Privacy Policy does not apply to those websites. We encourage you to review the privacy policy of any third-party website you visit from ours.

15. Changes to This Policy

We review this Privacy Policy regularly and may update it from time to time to reflect changes to our practices, to our services, or to applicable law. The "Last updated" date at the top of this page reflects the most recent revision. Where the change is material, we will notify you either by email (if we have one for you) or by prominent notice on the homepage before the change takes effect.

16. How to Contact Us

For any privacy-related question, complaint, or request, please contact us at:

Privacy contact
Email: privacy@redresscompliance.com
Postal: Redress Compliance LLC — Privacy, 1314 E Las Olas Blvd, Fort Lauderdale, FL 33301, USA
Telephone: +1 (239) 402-7397

We aim to acknowledge all privacy inquiries within five business days and to provide a substantive response within 30 days of verification.

Questions about this policy or our advisory services?

Our team is happy to walk you through anything in this document.
Contact Us →