Privacy Policy

We collect information you provide directly to us, including: • Account Information: When you create an account, we collect your name, email address, and password. • Payment Information: When you subscribe, payment details are processed securely by Stripe. We do not store your full card details. • Business Information: Information about your business type and AI tools you use, to personalize your compliance digests. • Communications: When you contact us, we keep records of your correspondence. We also automatically collect certain information when you use our service: • Usage Data: Pages visited, features used, and time spent on the platform. • Device Information: Browser type, operating system, and IP address. • Cookies: We use essential cookies to maintain your session and preferences.

We use the information we collect to: • Provide, maintain, and improve our services • Send you personalized weekly compliance digests • Process payments and manage your subscription • Send real-time regulatory alerts relevant to your business • Respond to your comments, questions, and support requests • Monitor and analyze trends, usage, and activities • Detect, investigate, and prevent fraudulent transactions and abuse • Comply with legal obligations

Under the UK GDPR, we process your personal data based on the following legal grounds: • Contract Performance: Processing necessary to provide our services to you • Legitimate Interests: For business operations, security, and service improvement • Consent: Where you have given explicit consent (e.g., marketing communications) • Legal Obligation: Where we need to comply with legal requirements You have the right to withdraw consent at any time where we rely on consent for processing.

We do not sell your personal information. We may share your information only in the following circumstances: • Service Providers: With third parties who perform services on our behalf (e.g., Stripe for payments, email providers for digests) • Legal Requirements: When required by law or to respond to legal process • Business Transfers: In connection with any merger, sale, or acquisition • With Your Consent: When you have given us permission to share All third-party service providers are contractually obligated to protect your data.

We implement appropriate technical and organizational measures to protect your personal data: • All data is encrypted in transit using TLS/SSL • Data at rest is encrypted using industry-standard encryption • We use secure, reputable cloud infrastructure • Regular security assessments and updates • Access controls and authentication requirements • Employee training on data protection While we strive to protect your data, no method of transmission over the Internet is 100% secure.

Under UK GDPR, you have the following rights: • Access: Request a copy of your personal data • Rectification: Request correction of inaccurate data • Erasure: Request deletion of your data ("right to be forgotten") • Restriction: Request limitation of processing • Portability: Receive your data in a portable format • Objection: Object to processing based on legitimate interests • Automated Decisions: Not be subject to solely automated decision-making To exercise these rights, contact us at [email protected]. We will respond within 30 days.

We retain your personal data for as long as necessary to: • Provide our services to you • Comply with legal obligations • Resolve disputes and enforce agreements When you cancel your subscription, we retain your data for 90 days in case you wish to reactivate. After this period, your data is securely deleted unless we are required to retain it for legal purposes. You can request immediate deletion of your data at any time by contacting us.