Privacy Policy

Last updated: August 20, 2025

1. Information We Collect

We collect information you provide directly to us, such as when you create an account, use our AI governance assessments, or contact us for support.

Personal Information

  • Account information (name, email address, password)
  • Company information (organization name, industry, role)
  • Assessment data (AI system descriptions, risk classifications, maturity evaluations)
  • Communication data (support requests, feedback)

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our AI governance services
  • Generate risk assessments and maturity evaluations
  • Send you technical notices, updates, and administrative messages
  • Respond to your comments, questions, and customer service requests
  • Comply with legal obligations and regulatory requirements

3. Data Processing Legal Basis (GDPR)

We process your personal data based on:

  • Contract performance: To provide our AI compliance services
  • Legitimate interests: To improve our services and communicate with you
  • Consent: For marketing communications (where required)
  • Legal obligation: To comply with applicable laws and regulations

4. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this policy. Assessment data is retained for 7 years to support audit requirements.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • AES-256 encryption for data at rest
  • TLS encryption for data in transit
  • Regular security audits and vulnerability assessments
  • Role-based access controls and audit logging

6. Your Rights (GDPR)

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests

7. International Transfers

Your data is processed within the European Economic Area (EEA). Any transfers outside the EEA are protected by appropriate safeguards, including Standard Contractual Clauses.

8. Cookies and Tracking

We use essential cookies to provide our services and analytics cookies to improve user experience. You can manage cookie preferences through our cookie banner.

9. Contact Information

For privacy-related questions or to exercise your rights, contact us at:

  • Email: privacy@regulatory-ai.com
  • Data Protection Officer: dpo@regulatory-ai.com
  • Address: Regulatory AI, Legal Department, [Address]

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

Regulatory AI Navigator
Hi! I'm Regulatory AI Navigator, your AI governance assistant. I can help you navigate EU AI Act compliance, risk assessments, maturity evaluations, and enterprise governance features. How can I assist you today?