Skip to main content

Legal

Privacy Policy

Effective Date: March 15, 2026

Template — Pending Legal Review. This Privacy Policy is a working draft provided for informational purposes. It has not yet been reviewed or approved by legal counsel. It should not be relied upon as a final or legally binding document until that review is complete. Please contact privacy@thecontinuum.market with questions.

Continuum ("we," "our," or "us") operates the platform available at thecontinuum.market and related services. This Privacy Policy describes how we collect, use, share, and protect your personal information, and explains the rights you have with respect to your data.

By using the Continuum platform, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, organization name, job title, and any profile details you choose to provide. This information is used to authenticate your identity and personalize your experience on the platform.

Organization & Compliance Data

As part of the verification and compliance scoring process, you or your organization may submit documents, disclosures, corporate filings, regulatory certifications, and other materials. This data forms the basis of your compliance profile and trust score.

Usage Data

We collect information about how you interact with the platform — including pages visited, features used, search queries, and session duration. This data is used to improve platform functionality and is not tied to individual identifiable profiles in analytics systems.

Payment Information

Billing and payment processing is handled exclusively by Stripe, a PCI-DSS compliant payment processor. Continuum does not store your full credit card number, CVV, or bank account details. We retain only the last four digits of your card and your billing address for account records.

Communications

If you contact us via email, form submission, or through the platform's messaging features, we retain those communications to respond to your inquiries and improve our support processes.

2. How We Use Your Data

Compliance Scoring & Verification

The primary purpose of the data you submit is to generate your organization's compliance score and trust rating across our assessment frameworks. This includes regulatory alignment checks (SEC, CFTC, CFPB, FTC), technology assessments (blockchain, AI, quantum), and standards alignment (SOC2, ISO, NIST).

AI-Powered Platform Features

The Continuum platform includes an AI assistant that draws on your submitted compliance documents and organizational profile to answer questions, surface insights, and guide you through verification workflows. This context is scoped to your account and is not shared with other users.

Data Marketplace Participation

With your explicit, opt-in consent, anonymized and aggregated data derived from your compliance profile may be made available through the Continuum data marketplace. You will be presented with a clear consent request before any such participation is enabled, and you may withdraw consent at any time.

Platform Improvement

Aggregated, de-identified usage patterns help us improve the platform's features, scoring algorithms, and user experience. No individual user is identifiable in this analysis.

Communications

We use your email address to send transactional messages (account confirmations, security alerts, billing receipts) and, where you have opted in, product updates and newsletters. You may unsubscribe from marketing communications at any time.

3. Data Ownership & Control

You Own Your Data

All data you submit to Continuum — including compliance documents, organizational filings, and profile information — remains your property. Continuum acts as a custodian of that data on your behalf, not as an owner.

Export

You may request a full export of your account data, including your compliance documents, scoring history, and profile information, at any time through your account settings or by contacting us at privacy@thecontinuum.market.

Deletion

You may request deletion of your account and associated data at any time. Following a deletion request, your data will be retained for up to 30 days to allow for export or reversal, after which it will be permanently removed from our active systems. Certain anonymized, aggregated records may be retained for audit and compliance purposes as required by applicable law.

4. Data Sharing

We Do Not Sell Personal Information

Continuum does not sell, rent, or trade your personally identifiable information (PII) to third parties. This is a foundational commitment of our business model.

Anonymized Marketplace Data

Where you have provided explicit consent, anonymized and aggregated data may be shared through the Continuum data marketplace with qualified institutional buyers. This data does not include your name, organization name, contact details, or any directly identifying information.

Audit Partners

Continuum works with the Bates Group as an audit partner for certain regulatory and compliance review processes. Access to your compliance documents by Bates Group reviewers occurs only with your knowledge and consent as part of specific audit engagements you initiate or approve.

Service Providers

We share limited data with trusted service providers who operate under strict data processing agreements — including Supabase (database infrastructure), Stripe (payments), and hosting providers. These parties process data on our behalf and are prohibited from using it for any other purpose.

Legal Requirements

We may disclose your information if required to do so by law, court order, or valid legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Security

Encryption

All data transmitted between your browser and Continuum's servers is encrypted using TLS 1.2 or higher. Data stored in our database is encrypted at rest using AES-256 encryption.

Access Controls

Our database infrastructure uses Row-Level Security (RLS) enforced by Supabase, ensuring that users can only access data they are authorized to view. Internal access to user data is restricted to authorized personnel and is logged for audit purposes.

SOC2 Alignment

Our security practices are designed to align with SOC2 Type II principles across the Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.

Incident Response

In the event of a data breach that affects your personal information, we will notify you and applicable regulatory authorities within the timeframes required by applicable law.

6. Cookies & Analytics

Functional Cookies Only

Continuum uses a minimal set of cookies necessary for platform operation — including session authentication tokens and preference storage. We do not use third-party advertising cookies or behavioral tracking cookies.

Analytics

We may use privacy-respecting analytics tools to understand aggregate platform usage. Any analytics implementation is configured to minimize data collection, avoid cross-site tracking, and comply with applicable privacy regulations including GDPR and CCPA.

Managing Cookies

You can configure your browser to refuse cookies or to alert you when cookies are being set. Note that disabling session cookies may prevent you from logging in to the platform.

7. Children's Privacy

Not for Minors

The Continuum platform is intended solely for use by individuals who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If we become aware that a user under 18 has provided personal information, we will take steps to delete that information promptly. If you believe a minor has submitted information to us, please contact privacy@thecontinuum.market.

8. Data Retention

Active Accounts

We retain your account data and compliance records for as long as your account remains active. This allows you to maintain continuity of your compliance history and verification record.

Post-Deletion

Following a deletion request, your data is retained for up to 30 days to allow for data export or account reinstatement before permanent deletion from active systems.

Legal & Audit Retention

Certain records may be retained beyond the standard retention period where required by law, regulation, or valid legal process. In such cases, access to retained data is strictly limited.

9. Your Rights

Access

You have the right to request a copy of the personal information we hold about you at any time.

Correction

You have the right to request correction of inaccurate or incomplete personal information in your account.

Deletion

You have the right to request deletion of your personal data, subject to legal retention requirements.

Export & Portability

You have the right to receive your data in a structured, commonly used, machine-readable format.

Consent Withdrawal

Where processing is based on your consent — such as marketplace data participation — you have the right to withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.

Objection & Restriction

You may have additional rights under applicable law, including the right to object to processing or request restriction of processing. These rights may vary by jurisdiction.

10. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or need to report a privacy concern, please contact our privacy team:

Emailprivacy@thecontinuum.market
Platformthecontinuum.market

We aim to respond to all privacy inquiries within 5 business days. For data deletion or export requests, please allow up to 30 days for fulfillment.

This policy was last updated on March 15, 2026. We will notify registered users of material changes via email.