Privacy Policy
This policy explains how Ihkaam handles data within your organization. Ihkaam is deployed on-premises (inPromss) and operates under your organization’s security and operational controls.
1) Scope
This policy applies to the use of Ihkaam within the organization, including the web application, user accounts, and records related to risk, compliance, and audit workflows.
2) Where data is stored
Platform data is stored within the organization’s environment (its servers/network) per the approved deployment configuration. By default, the platform does not transfer data to any cloud services.
3) Types of data
- User account data: name, email, roles and permissions.
- Business data: records, controls, risks, treatment plans, and attachments (if any).
- Operational data: login logs, audit events, and system logs.
4) Access & permissions
Access to data is governed by the permissions configured by your organization. Ihkaam recommends least-privilege access and periodic role reviews.
5) Data sharing with third parties
Ihkaam does not share data with third parties by default. Any external integration (e.g., email, identity systems) is enabled by the organization and remains under its control.
6) Data retention & deletion
Retention and deletion policies depend on the organization’s policies and applicable regulations. Administrators may define retention periods as needed.
7) Security
- Support for role-based access control.
- Event logging for audit and monitoring.
- Recommended use of HTTPS within the organization’s environment.
Note: Overall security depends on your organization’s infrastructure controls (network, backups, access controls, etc.).
8) Contact
For privacy inquiries within the organization, please contact your system administrator or information security team.