Complyance
Get Started Free

Privacy Policy

Last Updated: March 9, 2026

Introduction

Complyance.io ('we', 'us', 'our') is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our AI compliance management platform.

By using Complyance, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

What Data We Collect

Account Information

  • Email address
  • Name (optional)
  • Company or organization name
  • Target markets for compliance tracking

AI System Data

  • AI system descriptions and technical details you provide
  • Documents you upload for classification assistance (PDFs, DOCX, etc.)
  • Risk classification results and compliance gap analysis

Technical Data

  • IP address and geolocation data
  • Browser type, version, and device information
  • Usage analytics (pages visited, features used, session duration)
  • Error logs and diagnostic data (via Sentry)

How We Use Your Data

  • Provide and maintain the Complyance platform
  • Perform AI risk classification and gap analysis using Claude API
  • Generate compliance reports and technical documentation
  • Respond to support requests and customer inquiries
  • Improve platform features and user experience via analytics
  • Process payments and manage subscriptions via Paddle
  • Comply with legal obligations and enforce our Terms of Service

Third-Party Services We Use

We share your data with the following third-party service providers only as necessary to operate the platform:

Anthropic (Claude API)

AI risk classification and document analysis

Data Shared: AI system descriptions and uploaded documents (NOT your account email or personal details)

Training: Anthropic does NOT use your data for model training (per our Commercial Terms agreement)

AWS S3 / Cloudflare R2

Encrypted file storage

Data Shared: Uploaded documents (PDFs, evidence files) encrypted with AES-256

Paddle

Payment processing (Merchant of Record)

Data Shared: Email, billing address, payment method (handled by Paddle, not stored by us)

Resend

Transactional email delivery

Data Shared: Email address and message content (password resets, compliance alerts, notifications)

PostHog

Product analytics and feature usage tracking

Data Shared: Anonymized usage events (features used, clicks, navigation patterns)

Sentry

Error monitoring and debugging

Data Shared: Error logs, stack traces, request metadata (personal data is scrubbed)

Cookies & Tracking

We use cookies and similar technologies to maintain your session and improve the platform. Types of cookies used:

  • Essential Cookies: Required for authentication, session management, and security (cannot be disabled)
  • Analytics Cookies: Optional cookies to track usage patterns and improve user experience (PostHog)

Data Retention

  • Account Data: Retained as long as your account is active
  • Generated Documents & Evidence: Retained for 30 days after subscription cancellation, then permanently deleted
  • Analytics Data: Anonymized usage data retained for up to 12 months
  • Backups: Backup data retained for 90 days for disaster recovery purposes

Your GDPR Rights (EU Users)

If you are located in the European Union, you have the following data protection rights under GDPR:

  • Right to Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ('right to be forgotten')
  • Right to Data Portability: Request export of your data in machine-readable format (JSON)
  • Right to Object: Object to processing of your personal data for specific purposes

To exercise any of these rights, contact us at privacy@complyance.app

Security Measures

  • All data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • EU-based infrastructure (Railway, AWS EU region) for GDPR compliance
  • Role-based access controls and audit logging for all data access
  • 24/7 security monitoring and automated threat detection

International Data Transfers

Your data is primarily stored in the EU (Railway, AWS EU region). However, some third-party services (Anthropic, Sentry) may process data in the US under Standard Contractual Clauses (SCCs) and GDPR-compliant safeguards.

Children's Privacy

Complyance is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at privacy@complyance.io and we will delete it.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated 'Last Updated' date. If changes are material, we will notify you via email. Continued use of the platform after changes constitutes acceptance of the updated policy.

Contact Us

Email: privacy@complyance.app

Website: complyance.app