Privacy Policy
Last updated: 23 June 2026
Compliantic takes the protection of your personal data seriously. This policy explains what data we process, for what purpose and on what legal basis, for how long, and the rights you have, in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).
1. Data controller
- Controller: Compliantic, a project operated by an independent sole trader (“autónomo”) based in Spain (European Union).
- Legal form: Compliantic is not yet incorporated as a company (limited company or otherwise). Once incorporation is complete, the legal name, tax ID and registry details will be published on this page.
- Contact: support@compliantic.ai
The controller’s full identity (name and tax ID) is available, free of charge, to the competent authorities and to any data subject exercising their rights, on request to the contact address above.
2. What we process, why, and the legal basis
| Processing | Data | Purpose | Legal basis (GDPR) |
|---|---|---|---|
| Contact request / lead | Email address, request source, IP address | Reply to your enquiry and contact you commercially | Consent (Art. 6(1)(a)) |
| Account and subscription | Name, email, user identifier, organization details | Provide the service and manage your account | Performance of a contract (Art. 6(1)(b)) |
| Audits and AI assistants | Company description and any information you enter in the form or chat | Generate the requested compliance analysis | Contract / consent (Art. 6(1)(b)/(a)) |
| Billing | Payment data handled by the provider (we do not store cards) | Charge the subscription | Contract and legal obligation (Art. 6(1)(b)/(c)) |
| Security and technical logs | IP addresses, usage events, rate limits | Security, abuse prevention and service availability | Legitimate interest (Art. 6(1)(f)) |
Please do not enter third parties’ personal data, or special categories of data (Art. 9 GDPR), in company descriptions or the chat unless strictly necessary.
3. Recipients and processors
To provide the service we work with the following processors, bound by contract under Art. 28 GDPR:
- Clerk — authentication and user identity.
- Stripe — payment processing.
- Resend — transactional email delivery.
- Anthropic (Claude) — the AI models that generate the responses and analysis. The text you enter is processed to produce the result.
- Hostinger — infrastructure hosting in data centres in the European Union.
4. International transfers
Some of our providers are based outside the European Economic Area (mainly the United States). Where that is the case, transfers rely on appropriate safeguards under Chapter V GDPR: the European Commission’s Standard Contractual Clauses (SCCs) and/or the EU-US Data Privacy Framework where applicable. Compliantic’s own infrastructure is hosted in the European Union.
5. Retention periods
- Leads: until you withdraw consent or after 12 months of inactivity, whichever comes first.
- Account data: for the duration of the contractual relationship and, thereafter, for the applicable statutory limitation periods.
- Technical logs: only as long as necessary for the security purposes above.
6. Your rights
You may exercise your rights of access, rectification, erasure, objection, restriction of processing and portability, and withdraw your consent at any time, by writing to support@compliantic.ai. If you believe your request was not handled correctly, you may lodge a complaint with the Spanish Data Protection Agency (AEPD), www.aepd.es.
7. Security
We apply appropriate technical and organisational measures to protect your data (encryption in transit, per-organization access control, data minimisation and security logging). No system is infallible, but we work continuously to reduce risk.
8. Cookies
Compliantic does not use analytics, advertising or third-party tracking cookies. We only use technical cookies strictly necessary for the site to work, which under Article 22(2) of the Spanish LSSI-CE are exempt from consent:
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
compliantic_locale | Technical (first-party) | Remember your language preference (English / Spanish) | 12 months |
| Clerk session cookies | Technical (processor) | Keep your session securely signed in after login | Session / per provider |
As these are exempt technical cookies, we do not show a consent banner. If we add non-essential cookies in the future (e.g. analytics), we will update this policy and request your prior consent through a mechanism that lets you accept or reject them just as easily. You can configure or delete cookies from your browser settings; disabling technical cookies may prevent login and some features from working.
9. Changes to this policy
We may update this policy to reflect legal or service changes. The current version will always be published on this page with its update date.