Privacy Policy

1. Introduction

Welcome to ComplyGuard. We are an EU-based company operating from Croatia, providing AI-powered compliance scanning services for businesses. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website complyguard.eu and use our services.

We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

ComplyGuard is the data controller responsible for your personal data. Our contact details are:

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the details above.

3. What Data We Collect

3.1 Account Data

When you create an account with ComplyGuard, we collect:

• Email address
• Full name
• Company name (optional)
• Password (stored in encrypted form)

3.2 Usage Data

When you use our service, we automatically collect:

• Pages and features you access
• Scan history and compliance reports generated
• Time and date of your visits
• Time spent on different sections of the platform

3.3 Technical Data

We automatically collect certain technical information:

• IP address
• Browser type and version
• Device type and operating system
• Referring website (how you found us)
• General geographic location (country/region level)

3.4 Communication Data

When you contact us, we collect:

• Email correspondence with our support team
• Feedback and survey responses
• Any other information you choose to provide

3.5 Newsletter Data

If you subscribe to our newsletter, we collect:

• Email address
• Subscription preferences
• Email engagement data (opens, clicks)

3.6 Scanned Website Data

When you submit a website for compliance scanning, we process the URL and publicly available information from that website. This is business data used to generate your compliance reports. We do not collect personal data of third parties from scanned websites.

4. Legal Basis for Processing

Under Article 6 of the GDPR, we process your personal data based on the following legal grounds:

5. How We Use Your Data

We use your personal data to:

• Provide our services: Create and manage your account, perform compliance scans, generate reports
• Communicate with you: Send compliance reports, service updates, and respond to your inquiries
• Improve our platform: Analyze usage patterns to enhance features and user experience
• Ensure security: Detect and prevent fraud, abuse, and security threats
• Send marketing communications: Only with your consent, share product updates and compliance tips
• Comply with legal obligations: Meet regulatory requirements and respond to legal requests

6. Data Sharing & Third Parties

We do not sell your personal data. We only share your data with third parties when necessary to provide our services or as required by law.

6.1 Service Providers (Data Processors)

We work with the following categories of service providers:

• Hosting provider: For secure infrastructure and data storage within the EU
• Email service provider: For transactional emails and newsletter delivery
• Analytics tools: Privacy-friendly analytics to understand platform usage
• Payment processor: For secure payment processing (when applicable)
• AI/ML processing: For compliance scanning analysis — data is processed but not stored beyond what's necessary

All our service providers are bound by data processing agreements and are required to protect your data in accordance with GDPR.

6.2 Legal Requirements

We may disclose your data if required by law, court order, or governmental authority.

7. International Data Transfers

Your personal data is primarily processed and stored within the European Union/European Economic Area (EU/EEA).

If any data transfer outside the EEA is necessary (for example, using a service provider based outside the EU), we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where the destination country provides adequate data protection

8. Data Retention

We retain your personal data only for as long as necessary:

9. Your Rights

Under the GDPR (Articles 15-22), you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Request that we limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interest
• Right to Withdraw Consent: Withdraw consent at any time (for consent-based processing)

To exercise any of these rights, please contact us at info@complyguard.eu. We will respond within 30 days.

Right to Lodge a Complaint: If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Croatian Data Protection Authority:

10. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify the relevant supervisory authority (AZOP — Croatian Data Protection Authority) within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33.

If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay via email to the address associated with your account, as required by GDPR Article 34.

Our breach notification will include:

• The nature of the personal data breach
• The likely consequences of the breach
• The measures taken or proposed to address the breach
• Contact details for obtaining further information

We maintain internal breach detection, investigation, and reporting procedures to ensure timely identification and appropriate response to any personal data breaches.

11. Cookies

We use cookies and similar technologies to enhance your experience on our website. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

12. Security Measures

We implement appropriate technical and organizational measures to protect your data:

• Encryption of data in transit (TLS/SSL) and at rest
• Access controls and authentication requirements
• Regular security assessments and vulnerability testing
• Employee training on data protection
• Incident response procedures

While we strive to protect your personal data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.

13. Children's Privacy

ComplyGuard is a business service not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If you believe we have inadvertently collected data from a child, please contact us immediately, and we will delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes:

• We will update the "Last updated" date at the top of this page
• For significant changes, we will notify you via email or a prominent notice on our website
• We encourage you to review this policy periodically

15. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us:

We aim to respond to all inquiries within 30 days.