Privacy Policy

Last updated: January 7, 2026

1. Introduction

ComplyDeck, Inc. ("ComplyDeck", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered compliance automation platform ("Service").

By using ComplyDeck, you consent to the data practices described in this policy. If you do not agree, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address: Used for authentication and communication
  • Full name: For personalization and team collaboration
  • Company/Organization name: To set up your project workspace
  • Password: Securely hashed and stored for authentication

2.2 Content You Upload

When you use the Service, we process:

  • Policy documents: PDFs and documents you upload to your knowledge base
  • Questionnaire files: CSV files containing compliance questions
  • Q&A database entries: Approved responses you save for reuse
  • Evidence URLs: Links to public documents you provide

2.3 Usage Data

We automatically collect:

  • IP address and device information
  • Browser type and version
  • Pages visited and features used
  • Time and date of access
  • Processing statistics (questions processed, time saved)

2.4 AI Processing Data

When generating responses, we process:

  • Your uploaded documents (to extract relevant context)
  • Questionnaire questions (to generate answers)
  • Your edits and approvals (to improve response quality)

3. How We Use Your Information

We use your information to:

  • Provide the Service: Process documents, generate answers, store your data
  • Improve accuracy: Learn from your approved responses to provide better answers
  • Communicate: Send service updates, security alerts, and support responses
  • Analyze usage: Understand how users interact with our platform
  • Ensure security: Detect and prevent fraud, abuse, and security threats
  • Comply with law: Meet legal obligations and respond to lawful requests

4. Data Storage and Security

4.1 Where We Store Data

Your data is stored using industry-leading cloud providers:

  • Authentication & Metadata: Supabase (PostgreSQL database)
  • Document Storage: S3-compatible cloud storage (encrypted at rest)
  • Vector Embeddings: Zilliz Cloud (for semantic search)
  • Application Hosting: Google Cloud Run (US regions)

4.2 Security Measures

We implement robust security practices:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Secure authentication with session tokens
  • Project-level data isolation
  • Regular security audits and monitoring
  • Access controls and audit logging

5. Data Sharing and Third Parties

5.1 AI Processing

To generate responses, your document content and questions are sent to:

  • Google Gemini API: For AI-powered answer generation

Google processes this data according to their Privacy Policy. We do not share your data for AI model training purposes.

5.2 Service Providers

We use trusted third-party services:

  • Supabase: Authentication and database
  • Cloudflare: CDN, security, and hosting
  • Google Cloud: Application infrastructure
  • Zilliz: Vector database for semantic search

5.3 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information or uploaded content to third parties for marketing purposes.

5.4 Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights, safety, or property.

6. Data Retention

  • Account data: Retained while your account is active
  • Uploaded documents: Retained until you delete them or close your account
  • Q&A database: Retained until you delete entries or close your account
  • Usage logs: Retained for up to 12 months
  • After account closure: Data deleted within 90 days (except as required by law)

7. Your Rights

Depending on your location, you may have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate information
  • Deletion: Request deletion of your data
  • Export: Download your data in a portable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain processing activities

To exercise these rights, contact us at [email protected].

8. Cookies and Tracking

We use essential cookies for:

  • Authentication and session management
  • Security and fraud prevention
  • Remembering your preferences

We do not use third-party advertising or tracking cookies.

9. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers.

10. Children's Privacy

ComplyDeck is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or prominent notice in the Service. Your continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

For GDPR-related inquiries, you may also contact us at [email protected].