SAPAudits is an independent SAP license consulting and security consulting practice. We respect the privacy of every executive, practitioner, and procurement professional who visits our website or engages our team. This policy explains what information we collect, why we collect it, how long we keep it, and the choices you have. We do not sell personal data, we do not share it with SAP SE or any of its resellers, and we operate with no commercial relationship to SAP.
Who we are
SAPAudits is the trading name of an independent advisory firm. Our two service lines are explained on our services page. Our independence position is documented in detail on our why independent page and our governance is described on our about page. The data controller for the personal information described in this policy is SAPAudits.
Information we collect
We only collect the information you choose to provide and a limited set of technical signals required to operate the site.
Information you provide directly
You may give us personal information in the following situations.
- Consultation inquiries. When you submit our contact form you provide your name, job title, company, corporate email address, the channel through which you found us, and the message you wish to send. The form is processed through our forms provider Formspree and routed to a senior advisor.
- White paper requests. When you request one of our 25 gated white papers you provide your name, job title, company, and corporate email address. Upon submission you are redirected to the full paper. We do not deliver white papers by email and we do not generate downloadable files.
- Direct correspondence. If you email a team member directly we will hold the contents of that exchange for record keeping and to respond to your request.
Information collected automatically
When you visit sapaudits.com we collect a small number of technical signals from your browser. These include your approximate location at the city level, the type of device you are using, the pages you visited, the referring page, and the duration of your session. We use this information to measure aggregate traffic and to improve the structure of the site. We do not use cookies for advertising and we do not place third party trackers for advertising networks.
How we use information
We use the information you give us to respond to your inquiry, to deliver the research you requested, to maintain accurate engagement records, and to comply with applicable law. Specifically we use personal data to respond to consultation requests, to provide access to gated research, to invite occasional updates if you have not unsubscribed, to maintain anti spam and security controls on our forms, and to meet our record keeping obligations.
We do not use your information to score, profile, or rank you. We do not enrich your record with third party data brokers. We do not pass your contact details to SAP SE, to SAP resellers, or to any third party that competes with our independent position.
Corporate email requirement
Our forms require a corporate email address. We block free webmail providers including gmail, yahoo, hotmail, outlook, icloud, aol, and protonmail. This is a quality control measure that helps us prioritize executive inquiries and that reduces automated form abuse. We never sell, share, or rent corporate email addresses. The full validation logic is documented in our forms and visible in the markup of the contact page.
How we store information
Personal data submitted through our forms is stored in our forms provider Formspree and in our internal client record system. Both systems use encryption in transit and at rest. Access is restricted to senior advisors who have signed confidentiality agreements. Consulting work product is stored on a separate restricted system that is reviewed quarterly.
How long we keep information
We keep consultation inquiry records for thirty six months from the last contact, after which they are deleted or anonymized. White paper request records are kept for twenty four months. Active client engagement records are kept for seven years to meet professional record keeping standards. Aggregate web analytics are kept for twenty six months.
Your rights
Depending on your jurisdiction you may have the following rights with respect to your personal information.
- The right to know what we hold about you.
- The right to receive a copy of the information we hold.
- The right to correct inaccurate information.
- The right to request deletion of your information subject to professional record keeping obligations.
- The right to object to a particular use.
- The right to withdraw consent for any optional communications.
To exercise any of these rights please reach our team through the contact page. We will respond within thirty calendar days.
Cookies
We use a small number of first party cookies to remember your preferences during a session and to count returning visitors in aggregate. We do not use cross site tracking cookies, advertising pixels, or third party retargeting tags. You can disable cookies in your browser at any time without losing access to any of our research.
Third parties
We use Formspree to operate our contact and white paper request forms. We use a content delivery network to serve our pages. We use a transactional email provider for occasional updates if you have requested them. Each of these processors has been reviewed against our independence standard, our security baseline, and our data protection requirements. We do not use behavioral advertising platforms.
Children
Our services are intended for enterprise procurement professionals, IT executives, internal auditors, and risk officers. We do not knowingly collect information from anyone under the age of eighteen. If you believe a minor has submitted information through one of our forms please contact us so we can remove the record.
International transfers
Our infrastructure is hosted in jurisdictions that meet recognized data protection standards. Where personal data is transferred across borders we rely on standard contractual clauses or equivalent legal mechanisms. We do not transfer personal data to jurisdictions that lack adequate protection without explicit consent.
Changes to this policy
We may update this policy from time to time to reflect changes to our practice, our infrastructure, or applicable law. The effective date at the top of this page indicates the most recent revision. Material changes will be summarized in a notice at the top of the page for at least sixty days.
How to contact us
Privacy questions, data requests, and concerns should be sent through our contact page with the subject line marked as a privacy request. Our senior advisors monitor these requests directly and our standard response time is two business days. For broader questions about our independence position and our governance see our why independent page. For service questions see license consulting or security consulting.