GDPR Compliance
ComplyAI is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). This page explains how we handle your data and your rights under GDPR.
Your Rights Under GDPR
As a data subject under GDPR, you have the following rights regarding your personal data.
Right to Access
You have the right to request a copy of the personal data we hold about you.
Right to Rectification
You can request that we correct any inaccurate or incomplete personal data.
Right to Erasure
You can request that we delete your personal data (the right to be forgotten).
Right to Restrict Processing
You can request that we limit how we use your personal data.
Right to Data Portability
You can request a copy of your data in a structured, machine-readable format.
Right to Object
You can object to the processing of your personal data in certain circumstances.
How to Exercise Your Rights
To exercise any of your GDPR rights, you can submit a request through the following methods:
- Email: Send a request to [email protected]
- In-App: Use the "Privacy Settings" section in your account dashboard
- Form: Complete our Data Subject Request Form below
We will respond to your request within 30 days. In complex cases, we may extend this period by up to two additional months, but we will notify you of any extension.
To protect your privacy, we may need to verify your identity before processing your request.
Data Subject Request Form
Legal Basis for Processing
Under GDPR, we must have a legal basis for processing your personal data. The legal bases we rely on include:
Contract Performance
Processing necessary to perform our contract with you, including providing our services, managing your account, and processing payments.
Legitimate Interests
Processing necessary for our legitimate interests (or those of a third party), provided these interests don't override your fundamental rights. This includes:
- Improving and developing our services
- Marketing our services to existing customers
- Protecting against fraud and abuse
- Network and information security
Consent
Where you have given us explicit consent to process your data for specific purposes, such as marketing communications or certain cookies.
Legal Obligation
Processing necessary to comply with our legal obligations, such as tax reporting or responding to lawful requests from authorities.
International Data Transfers
ComplyAI is based in the United States, and your data may be transferred to and processed in the US and other countries outside the European Economic Area (EEA).
When we transfer your data outside the EEA, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs): We use EU-approved SCCs with our service providers and partners.
- Adequacy Decisions: Where applicable, we transfer data to countries deemed adequate by the European Commission.
- Additional Safeguards: We implement technical and organizational measures to protect your data during transfer.
You can request a copy of the safeguards we use by contacting us at [email protected].
Contact Our Data Protection Team
If you have any questions about how we handle your data or wish to exercise your GDPR rights, please don't hesitate to contact us.