1. Who We Are
ActComply ("we", "us", "our") operates the platform at getactcomply.com. We are the data controller for personal data collected through this Service.
Contact: privacy@getactcomply.com
2. Data We Collect
- Account data: Email address, name (when provided)
- Payment data: Billing details processed by Stripe — we do not store card numbers
- Assessment data: Descriptions of AI systems you submit for compliance analysis
- Usage data: Pages visited, features used, timestamps — collected via cookies
- Communications: Support emails and messages you send us
3. How We Use Your Data
- To provide and operate the Service
- To process payments and manage subscriptions
- To generate AI Act compliance assessments using your submitted information
- To send transactional emails (account confirmation, invoices, alerts)
- To improve the platform through aggregated usage analytics
- To comply with legal obligations
4. Legal Basis (GDPR)
For users in the European Economic Area and United Kingdom, we process your data under the following legal bases:
- Contract performance: Processing necessary to deliver the Service you subscribed to
- Legitimate interests: Analytics, security, fraud prevention
- Legal obligation: Retaining transaction records as required by law
- Consent: Non-essential cookies (you may withdraw consent at any time)
5. Third-Party Services
We share data with the following trusted processors:
- Supabase — database and authentication (EU data residency available)
- Stripe — payment processing (PCI DSS compliant)
- Resend — transactional email delivery
- Anthropic — AI processing of your assessment submissions (no data used for training)
- Vercel — platform hosting
All processors are bound by data processing agreements and comply with GDPR requirements.
6. Data Retention
We retain your personal data for as long as your account is active. After account deletion, data is purged within 30 days except where retention is required by law (e.g. financial records retained for 7 years).
7. Your Rights
Under GDPR and UK GDPR, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your data
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interests
- Restriction — request we limit processing in certain circumstances
To exercise any right, email privacy@getactcomply.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
8. Cookies
We use the following cookies:
- Essential: Authentication session cookies — required for the Service to function
- Functional: Preferences and settings (consent to this category via our cookie banner)
You can withdraw consent for non-essential cookies at any time by clearing your browser cookies.
9. International Transfers
Some of our processors operate outside the EEA. Where data is transferred internationally, we ensure appropriate safeguards are in place including Standard Contractual Clauses (SCCs) approved by the European Commission.
10. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you by email of material changes at least 14 days before they take effect.