Last updated: January 2026
The General Data Protection Regulation (GDPR) gives individuals in the European Union and UK significant rights over their personal data. This page explains those rights and how you can exercise them with ComplyTech.
Controller: ComplyTech Ltd
Jurisdiction: England and Wales (subject to UK GDPR)
Privacy contact: contact@comply-tech.co.uk
ComplyTech acts as a data controller for the personal data of our customers and website visitors. When our customers send data through our compliance API, ComplyTech acts as a data processor on their behalf: we process that data solely to deliver the Service and do not retain it.
Processing your account email, API usage data, and billing information to provide the Service you signed up for.
Security monitoring, fraud prevention, product improvement using aggregated anonymised data, and relevant marketing communications (with opt-out available).
Retaining financial records for the periods required by applicable law.
You have the right to request a copy of all personal data we hold about you, along with information on how we use it (a "Subject Access Request").
Response time: within 30 days
You can request that we correct any personal data we hold that is inaccurate or incomplete. Many details can also be updated directly in your account settings.
Also known as the "right to be forgotten." You can request deletion of your personal data where there is no longer a legitimate reason for us to hold it.
You have the right to receive a copy of your personal data in a structured, commonly used, machine-readable format so you can transfer it to another service.
You can object to processing based on legitimate interests. You can also opt out of marketing communications at any time by clicking "Unsubscribe" in any email we send.
In certain circumstances you can request that we restrict how we process your data, for example while a dispute about accuracy is being resolved.
We may ask you to verify your identity before processing a data subject request. This is to protect your data from unauthorised access.
You can exercise any of your GDPR rights by contacting us directly. We will acknowledge your request within 3 business days and respond fully within 30 days (this may be extended to 60 days for complex requests, with notice).
Email us with your request, specifying which right(s) you wish to exercise and including your account email address so we can locate your records.
contact@comply-tech.co.ukOur primary infrastructure is based in the UK and EU. In limited cases, data may be processed by third-party service providers outside these areas. Where this occurs, we ensure appropriate safeguards are in place, including:
You can request details of any specific transfer by emailing contact@comply-tech.co.uk.
We retain personal data only for as long as necessary. See our Privacy Policy for full retention periods. Once data is no longer required, it is securely deleted or anonymised.
If you are unhappy with how we have handled a data request or believe we are processing your data unlawfully, you have the right to lodge a complaint with your local data protection authority:
We would, however, appreciate the opportunity to address any concerns directly before you contact a supervisory authority. Please reach out to contact@comply-tech.co.uk first.
Zero-knowledge processing
When you send data through our API, we process it entirely in memory and discard it immediately after returning the compliant result. We store only anonymised audit metadata, never your users' raw PII. This architecture means we have minimal exposure and you retain full control over your users' data.
Enterprise customers who require a signed Data Processing Agreement (DPA) should contact contact@comply-tech.co.uk.