This privacy policy explains how Redress Compliance LLC collects, uses, stores, transfers, and protects personal information about website visitors, newsletter subscribers, white paper readers, and clients. Effective date 8 May 2026.
This privacy policy describes the practices of Redress Compliance LLC and any of its affiliates that operate under the Redress Compliance brand. The policy applies to information collected through this website, through our newsletter and white paper download forms, through our consulting engagements, and through any other interaction you have with our team. We collect only what we need to deliver the service you have asked for and we do not sell personal information to anybody.
Redress Compliance LLC is a Delaware limited liability company with offices in Fort Lauderdale, Dublin, and Dubai. The full company information is on the locations page. The company operates as an independent buyer side enterprise software licensing advisory. We do not have reseller margin and we do not hold partner status with the publishers we cover, including Oracle, Microsoft, SAP, Salesforce, IBM, Broadcom, AWS, Google Cloud, ServiceNow, Workday, Cisco, and the major GenAI vendors. The full firm overview is on the about us page and the partner team is on the management team page.
For the purposes of European data protection law, Redress Compliance LLC is the data controller for personal information collected through this website and through our advisory engagements unless we tell you otherwise in writing. Where we process personal information on behalf of a client under a consulting engagement, we act as a data processor and the client is the data controller. The relevant data processing agreement governs any processing in that posture.
The categories of personal information we collect are limited and predictable. We collect what you give us when you fill in a form, what is required to deliver an engagement, and a small amount of technical information to keep the website running.
We use personal information to deliver the service you have asked for and to keep our business running. The legal bases under European data protection law are typically performance of a contract, our legitimate business interests in providing advisory services, or your consent where the law requires it.
The specific uses fall into four categories. First, delivering the resource or service you asked for. Sending you the white paper you downloaded, scheduling the scoping call you booked, running the engagement you signed up for. Second, communicating about related services and resources. Sending the weekly briefing if you have subscribed, sending occasional updates about new white papers or case studies, and inviting you to relevant events.
Third, improving the website and our content. Understanding which articles, white papers, and tools are most useful so that we can prioritize the content road map. Fourth, complying with legal and regulatory obligations. Tax, accounting, anti money laundering, conflict of interest checks, and contractual record keeping. We will only use your information for the purpose for which it was collected unless the law requires otherwise.
We do not sell personal information. We share it only with the parties we need in order to operate the business. The categories are limited.
We do not share personal information with the software publishers we advise on. The independent buyer side posture is the entire commercial premise of our practice and the integrity of that posture is protected through the engagement contract, the partner code of conduct, and the data segregation practices inside our consulting tooling.
This website uses cookies. Cookies are small text files stored by your browser when you visit a website. We use three categories of cookie.
You can control cookies through your browser settings. If you turn off analytics or advertising cookies, the website will continue to function and the content will be unchanged. The only effect is that we will not be able to measure your visit. If you would prefer to opt out of all Google Analytics tracking across the web, you can install the Google Analytics browser opt out add on from the Google website.
Redress Compliance operates from offices in the United States, the European Union, and the United Arab Emirates. Personal information may be transferred between these offices and stored on servers located in any of these regions. Where personal information is transferred from the European Union to a country that is not subject to an adequacy decision by the European Commission, we rely on the European Commission's standard contractual clauses to provide the appropriate level of protection. The current versions of those clauses are incorporated into our data processing agreements with our service providers.
Where personal information about residents of the United Kingdom is transferred outside the United Kingdom, we rely on the UK addendum to the standard contractual clauses or on the UK international data transfer agreement, depending on the recipient. Where personal information about residents of the United Arab Emirates is transferred outside the United Arab Emirates, we follow the cross border transfer rules in the relevant federal law on the protection of personal data.
We keep personal information only for as long as we need it for the purpose it was collected. The retention periods are documented in our internal records management policy. Newsletter subscribers are kept on the list for as long as the subscription is active and for thirty days after unsubscribe to honor the unsubscribe request. White paper download form data is kept for twenty four months from the date of download for the purposes of related communications and content road map analysis.
Engagement records are kept for the duration of the engagement and for the period required under our professional record keeping obligations, which is typically seven years from the close of the engagement. Where a longer period is required by tax, regulatory, or legal obligations, we will keep the records for the longer period. Where the engagement is governed by a data processing agreement that specifies a different retention period, the data processing agreement controls.
You have rights under European data protection law and under most other privacy regimes that apply to you. We will honor the exercise of any of these rights to the extent the law requires us to. The most common rights are the right to access the personal information we hold about you, the right to ask us to correct inaccurate information, the right to ask us to delete information that is no longer necessary, the right to object to processing where the legal basis is our legitimate business interests, the right to withdraw consent where consent is the legal basis for processing, and the right to lodge a complaint with your local data protection authority.
To exercise any of these rights, email our data protection team through the contact page. We will respond within thirty days unless the law gives us a longer period. We may need to verify your identity before processing the request. The verification step is to make sure that we are not disclosing your personal information to somebody else who has asked for it under your name.
We take the security of personal information seriously. The technical and organizational measures we have in place include access controls inside our internal systems, encryption of data in transit and at rest where it is technically feasible, regular vulnerability scanning of the website and the consulting tooling, and regular review of the access rights of partners and consultants who handle personal information. The full security position is documented in our internal information security policy and is reviewed annually by an independent auditor.
No security position is perfect. If a security incident affects personal information that we hold about you and the incident is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant data protection authority within the timelines required by law. The incident response procedure is run by our partner who is responsible for information security.
If you have a question, request, or complaint about how we handle your personal information, the right place to start is the contact page. The contact form goes direct to our coverage team and any privacy specific request will be routed to the partner who is responsible for data protection. We will respond within five business days for most requests. For formal data subject requests under European data protection law, we will respond within thirty days unless the law gives us a longer period.
You can also reach us by post. The current postal addresses for the Fort Lauderdale, Dublin, and Dubai offices are on the locations page. Postal correspondence should be marked for the attention of the data protection partner.
We update this policy from time to time. The effective date at the top of this page tells you when the most recent version took effect. Where the changes are material, we will notify newsletter subscribers and clients by email and we will display a notice on the website for at least thirty days. Where the changes are not material, we will update the effective date and the policy will take effect from the new date. The historic versions of the policy are kept in our records for the period required under our record keeping obligations.
This policy is governed by the laws of the State of Delaware in the United States to the extent the relevant data protection law does not impose a different choice of law. Where European data protection law applies, the relevant European data protection law governs the policy in respect of European residents.
This privacy policy describes the practices of Redress Compliance LLC and any of its affiliates that operate under the Redress Compliance brand.
This privacy policy describes the practices of Redress Compliance LLC and any of its affiliates that operate under the Redress Compliance brand.
The detail above covers the the vendor commercial structure, the buyer side framework, and the moves that hold up in negotiation or audit.
The framework is product agnostic across the the vendor portfolio. The body of the article above maps it to specific products, metrics, and renewal cycles.
Redress Compliance runs the assessment, builds the buyer side baseline, and supports negotiation, renewal, or audit defense across the program. Contact us to scope the engagement.
Twenty years on the buy side. 500+ enterprises. $2B in client savings.
One email per week. Calibrated to the live negotiation table.
