Privacy
Policy
1. Introduction
This Privacy Policy describes how AICOMPLYR, Inc. (“AICOMPLYR,” “we,” “us,” or “our”) collects, uses, stores, and protects personal data in connection with your use of the Platform at https://aicomplyr.io. This policy applies to all users of the Platform, including Enterprise Users, Agency Users, and individual authorized users acting on behalf of organizations.
2. Data We Collect and How We Use It
| Data Category | Examples | Purpose | Legal Basis |
|---|---|---|---|
| Account and registration data | Name, email, job title, organization | Account creation, authentication, service delivery | Performance of contract |
| Subscription and billing data | Payment method, billing address, transaction history | Processing payments, subscription management | Performance of contract |
| Platform usage data | Policy actions, tool submissions, compliance evidence, audit trail entries | Delivering services, generating compliance records | Performance of contract |
| Communications data | Support requests, feedback, email correspondence | Responding to inquiries, improving the Platform | Legitimate interests |
| Technical and device data | IP address, browser type, device identifiers, session logs | Security monitoring, fraud prevention, optimization | Legitimate interests |
| Cookie and analytics data | Session cookies, usage analytics | Platform performance, user experience improvement | Consent (where required) |
3. Data Processing in the Context of AI Governance Services
In the context of providing AI governance services, the Company acts as a data processor with respect to any personal data submitted by Enterprise Users and Agency Users as part of their compliance workflows. Each Enterprise User and Agency User acts as the data controller with respect to such data and is responsible for ensuring compliance with all applicable data protection laws.
Users must not submit specially protected categories of personal data — including health data, biometric data, or data relating to criminal convictions — to the Platform without first entering into a Data Processing Agreement with the Company that specifically addresses such data.
4. Data Sharing and Disclosure
We do not sell your personal data to third parties.
Service providers. We share data with trusted third-party service providers who assist us in operating the Platform. All service providers are contractually required to process personal data only on our instructions.
Connected platform users. Enterprise Users and Agency Users who are connected through the Platform may share certain organizational and compliance data with each other as part of the Platform's core governance functionality.
Legal and regulatory requirements. We may disclose personal data where required by applicable law, court order, or regulatory authority.
Corporate transactions. In the event of a merger, acquisition, or sale, personal data may be transferred as part of that transaction, subject to appropriate confidentiality obligations.
5. Data Retention
We retain personal data for as long as necessary to fulfill the purposes described in this policy. Compliance records, audit trail data, and Effective Policy Snapshots may be retained for extended periods consistent with applicable regulatory retention requirements. When personal data is no longer required, we will delete or anonymize it in accordance with our data retention schedule.
6. International Data Transfers
The Platform is operated from the United States. If you are located outside the United States, your personal data will be transferred to and processed in the United States. Where required by applicable law, we implement appropriate safeguards, including Standard Contractual Clauses approved by the European Commission.
7. Your Data Protection Rights
| Right | Description |
|---|---|
| Right of access | Obtain a copy of the personal data we hold about you |
| Right of rectification | Have inaccurate personal data corrected |
| Right of erasure | Request deletion, subject to legal retention obligations |
| Right to restriction | Restrict processing in certain circumstances |
| Right to object | Object to processing based on legitimate interests |
| Right to data portability | Receive your data in a structured, machine-readable format |
| Right to withdraw consent | Withdraw consent without affecting prior lawful processing |
| Right to lodge a complaint | Lodge a complaint with the relevant supervisory authority |
To exercise any of these rights, please contact us at privacy@aicomplyr.com.
8. Data Security
We implement appropriate technical and organizational measures to protect personal data, including encryption of data in transit and at rest, role-based access controls, row-level security policies, tamper-evident audit logging, and regular security assessments.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Platform. Your continued use following the effective date constitutes acceptance of the changes.
AICOMPLYR, Inc.
Privacy inquiries: privacy@aicomplyr.com
EEA Data Subject Requests: email privacy@aicomplyr.com with “EEA Data Subject Request” in the subject line.
Cookie Policy
Last updated: March 4, 2026
The Platform uses cookies and similar tracking technologies. Cookies are small text files stored in your browser that allow the Platform to recognize your browser and provide a more personalized experience.
Cookies We Use
| Category | Purpose | Duration | Can Be Disabled? |
|---|---|---|---|
| Essential / Strictly Necessary | Authentication, session management, security (CSRF, RLS) | Session or up to 1 year | No — required |
| Functional | User preferences, workspace settings, UI configurations | Up to 1 year | Yes, with reduced functionality |
| Analytics | Understanding user interaction to improve performance and usability | Up to 13 months | Yes |
| Security and Fraud Prevention | Detecting unauthorized access, bot activity, fraudulent submissions | Session or up to 13 months | No — required |
You can manage or delete cookies through your browser settings. Where required by applicable law, we will request your consent before placing non-essential cookies.