Privacy Policy

Effective Date: September 19, 2025

Last Updated: September 19, 2025

1. Introduction

ComplyAct ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://complyactai.com and use our EU AI Act compliance platform services.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site or use our services.

2. Information We Collect

We collect information you provide directly to us, such as when you create an account, use our services, or contact us for support.

Personal Information

  • Name and contact information (email address, phone number)
  • Company/Organization details
  • Account credentials (username and password)
  • Billing and payment information (processed securely through Stripe)
  • Professional information related to your role in AI compliance

AI System Information

  • AI system specifications and documentation
  • Risk assessments and compliance data
  • Technical documentation uploaded to the platform
  • Compliance reports and assessments

Automatically Collected Information

  • Device and browser information
  • IP address and location data
  • Usage data and analytics
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide, operate, and maintain our compliance platform
  • Generate AI Act compliance documentation and assessments
  • Process transactions and manage subscriptions
  • Send administrative information and updates
  • Respond to customer service requests and support needs
  • Improve our services and develop new features
  • Monitor and analyze usage patterns and trends
  • Ensure platform security and prevent fraud
  • Comply with legal obligations and regulatory requirements
  • Send marketing communications (with your consent)

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

Service Providers

We may share your information with third-party service providers who perform services on our behalf, including:

  • Payment processing (Stripe)
  • Email communication services (Resend)
  • Cloud hosting and infrastructure (Replit)
  • Analytics services (Google Analytics)
  • AI services (OpenAI) for compliance assessment features

Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Security

We implement appropriate technical and organizational security measures to protect your information, including:

  • Encryption of data in transit and at rest
  • Regular security audits and assessments
  • Access controls and authentication measures
  • Secure development practices and code reviews
  • Employee training on data protection

However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security of your data.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain business records for analysis and auditing

When your account is closed, we will delete or anonymize your personal information within 90 days, unless we are required to retain it for legal purposes.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

European Union (GDPR) Rights

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a structured format
  • Restriction: Request limited processing of your data
  • Objection: Object to certain uses of your data
  • Automated Decision-Making: Opt-out of automated processing

Account Information

You can review and update your account information at any time by logging into your account settings.

Marketing Communications

You can opt-out of marketing emails by clicking the unsubscribe link in any marketing email or by updating your communication preferences in your account settings.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain user sessions and authentication
  • Remember user preferences and settings
  • Analyze usage patterns and improve our services
  • Provide personalized content and features

Types of Cookies We Use

  • Essential Cookies: Required for platform functionality
  • Analytics Cookies: Help us understand usage patterns
  • Preference Cookies: Remember your settings and choices
  • Marketing Cookies: Used with your consent for targeted content

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect platform functionality.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your country.

We implement appropriate safeguards for international data transfers, including:

  • Standard contractual clauses approved by the European Commission
  • Data processing agreements with service providers
  • Compliance with applicable data protection frameworks

10. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

11. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date
  • Sending an email notification for significant changes

Your continued use of our services after changes indicates acceptance of the updated Privacy Policy.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

ComplyAct

Email: privacy@complyactai.com

Website: https://complyactai.com

Contact Form: https://complyactai.com/contact

Data Protection Officer: For privacy-related inquiries, you may also contact our Data Protection Officer directly at dpo@complyactai.com

14. Legal Basis for Processing (GDPR)

If you are in the European Economic Area, our legal bases for processing your personal information include:

  • Contractual Necessity: To provide our services and fulfill our agreement with you
  • Legitimate Interests: To improve our services, ensure security, and conduct business operations
  • Legal Obligations: To comply with applicable laws and regulations
  • Consent: Where you have given explicit consent for specific processing activities