Privacy Policy
Last updated: July 3, 2026
This policy explains what information GRCMigrate LLC ("GRC Migrate," "we," "us") collects through grcmigrate.com and our tools, and what we do with it. Short version: we collect what you give us plus standard analytics, we use it to respond to you and improve the Site, we never sell it, and software vendors never receive it.
What we collect
Information you submit. Form submissions (consultation requests, newsletter signup, assessment responses including the situation you select, scan early-access requests, partner inquiries) — typically your name, email, company, and your answers. Forms are processed by Netlify Forms and, for scheduling and follow-up, HubSpot.
Scan summaries you choose to share. Our Migration Readiness Scan runs locally on your machine; nothing leaves it unless you use the explicit share action, which shows you the exact payload before sending. Shared summaries contain aggregate statistics only (readiness score, record counts by category, flag tallies, platform, complexity tier) plus the email you enter — never record-level data from your systems.
Analytics. We use Google Analytics 4 to understand Site usage (pages viewed, approximate location, device type, and interaction events such as which assessment path visitors choose). GA4 uses cookies; you can block them with standard browser controls and the Site works fine without them.
How we use it
To respond to your requests, deliver assessments and reports you ask for, send the newsletter you signed up for (unsubscribe anytime, one click), qualify and — only with your consent — introduce you to an implementation partner, improve the Site, and publish aggregate research.
Benchmark research. Scan summaries shared with consent contribute to our migration benchmark dataset in anonymized form: stripped of your email, company, and any identifier, and stored separately from your contact information. Published research uses only aggregates.
Partner introductions. If you ask us to connect you with a partner, we share a summary of your situation and your contact details with ONE partner, tell you we did, and disclose that the partner compensates us. We do not sell leads, share your information with multiple firms, or pass it to software vendors.
Who else touches your data
Service providers that process data on our behalf: Netlify (hosting and forms), Google (analytics), HubSpot (CRM and scheduling), and our email provider. Each receives only what its function requires. We don't sell personal information and we don't share it with platform vendors (Vanta, Drata, or anyone else) — independence is the product, and that includes your data.
Your choices and rights
Email us to access, correct, or delete information we hold about you; we'll act on verified requests within 30 days. Unsubscribe links work immediately. California residents: we don't sell or "share" personal information as the CCPA defines those terms, and you may exercise access and deletion rights via the email below without discrimination. If you're in a jurisdiction with additional rights (such as the EU/UK), we'll honor applicable requests the same way.
Retention, security, and children
We keep submissions as long as needed for the purposes above or as law requires, then delete them. We use reputable providers and reasonable safeguards, but no internet service is perfectly secure. The Site is for businesses and is not directed to children under 16; we don't knowingly collect their information.
Changes and contact
We'll post updates here with a new date; material changes to how we handle scan data will be highlighted on the scan page. Questions or requests: hello@grcmigrate.com · GRCMigrate LLC, Sheridan, Wyoming.