GRC Migrate
  • Guides
  • Tools
  • Blog
  • About
  • Get Started →
GuidesToolsBlogAboutGet Started →
Home›Privacy Policy
Legal

Privacy Policy

Last updated: July 3, 2026

This policy explains what information GRCMigrate LLC ("GRC Migrate," "we," "us") collects through grcmigrate.com and our tools, and what we do with it. Short version: we collect what you give us plus standard analytics, we use it to respond to you and improve the Site, we never sell it, and software vendors never receive it.

What we collect

Information you submit. Form submissions (consultation requests, newsletter signup, assessment responses including the situation you select, scan early-access requests, partner inquiries) — typically your name, email, company, and your answers. Forms are processed by Netlify Forms and, for scheduling and follow-up, HubSpot.

Scan summaries you choose to share. Our Migration Readiness Scan runs locally on your machine; nothing leaves it unless you use the explicit share action, which shows you the exact payload before sending. Shared summaries contain aggregate statistics only (readiness score, record counts by category, flag tallies, platform, complexity tier) plus the email you enter — never record-level data from your systems.

Analytics. We use Google Analytics 4 to understand Site usage (pages viewed, approximate location, device type, and interaction events such as which assessment path visitors choose). GA4 uses cookies; you can block them with standard browser controls and the Site works fine without them.

How we use it

To respond to your requests, deliver assessments and reports you ask for, send the newsletter you signed up for (unsubscribe anytime, one click), qualify and — only with your consent — introduce you to an implementation partner, improve the Site, and publish aggregate research.

Benchmark research. Scan summaries shared with consent contribute to our migration benchmark dataset in anonymized form: stripped of your email, company, and any identifier, and stored separately from your contact information. Published research uses only aggregates.

Partner introductions. If you ask us to connect you with a partner, we share a summary of your situation and your contact details with ONE partner, tell you we did, and disclose that the partner compensates us. We do not sell leads, share your information with multiple firms, or pass it to software vendors.

Who else touches your data

Service providers that process data on our behalf: Netlify (hosting and forms), Google (analytics), HubSpot (CRM and scheduling), and our email provider. Each receives only what its function requires. We don't sell personal information and we don't share it with platform vendors (Vanta, Drata, or anyone else) — independence is the product, and that includes your data.

Your choices and rights

Email us to access, correct, or delete information we hold about you; we'll act on verified requests within 30 days. Unsubscribe links work immediately. California residents: we don't sell or "share" personal information as the CCPA defines those terms, and you may exercise access and deletion rights via the email below without discrimination. If you're in a jurisdiction with additional rights (such as the EU/UK), we'll honor applicable requests the same way.

Retention, security, and children

We keep submissions as long as needed for the purposes above or as law requires, then delete them. We use reputable providers and reasonable safeguards, but no internet service is perfectly secure. The Site is for businesses and is not directed to children under 16; we don't knowingly collect their information.

Changes and contact

We'll post updates here with a new date; material changes to how we handle scan data will be highlighted on the scan page. Questions or requests: hello@grcmigrate.com · GRCMigrate LLC, Sheridan, Wyoming.

GRC Migrate

Independent GRC platform migration advisory and tooling — no vendor commissions. Migration, selection, and renewal.

GRC Migrate is an independent consulting service. We are not affiliated with Vanta, Drata, Secureframe, Sprinto, or any compliance platform vendor. Our recommendations are based on your specific situation, not commercial relationships.

The GRC Migrate Brief

You're in — talk soon.

Leaving Archer

  • Archer → Vanta Guide
  • Archer Alternatives
  • Archer Renewal Cost
  • Exporting Archer Data
  • Migration Checklist
  • All Archer guides →

Working with vCISOs

  • vCISO Deliverables Checklist
  • The vCISO Audit

Outgrowing Spreadsheets

  • Signs You've Outgrown It
  • How to Move Off It
  • What Actually Transfers
  • Migration Checklist

Renewals & Negotiation

  • Vanta Renewal Options
  • Drata Renewal Options
  • Renewal Calculator

Switching Platforms

  • Vanta → Drata Guide
  • Drata → Vanta Guide
  • How to Choose a Platform
  • Vanta vs Drata
  • Signs It Isn't Scaling
  • All comparisons →

Stalled on Your Platform

  • Still Not Compliant?
  • Finish the Implementation
  • Finish or Switch?

Tools

  • All free tools
  • Migration Readiness Scan
  • Migration Assessment
  • Legacy Assessment
  • Cost Calculator

Company

  • About
  • Free Consultation
  • Newsletter
  • Blog

Copyright © 2026 GRC Migrate. All rights reserved. | Not affiliated with any platform vendor. | Terms · Privacy

Before you go — one thing worth knowing

Most compliance platform buyers don't find out what others are actually paying until after they've signed. The GRC Migrate Brief covers pricing trends, renewal tactics, and migration patterns — sent occasionally, no filler.

No spam. Unsubscribe any time.

You're in. We'll be in touch when there's something worth reading.