Privacy Policy - ComplyTech

1. Who we are

ComplyTech Ltd ("ComplyTech", "we", "us", "our") operates the ComplyTech compliance API platform at comply-tech.co.uk. We are the data controller for personal information collected through our website and services.

For any privacy-related queries, contact us at contact@comply-tech.co.uk.

2. Data we collect

Information you provide

Email address: collected when you sign up for API access or join the waitlist.
Payment information: processed securely by our payment provider (Stripe). We do not store card details.
Communications: emails you send to our support or sales team.

Information collected automatically

API usage data: request counts, error rates, and processing volume (not the content of data you process).
Log data: IP address, browser type, pages visited, and timestamps for security and debugging purposes.
Cookies: essential cookies for session management. See our Cookie Policy for details.

Important: We do not store the data you send to our compliance API. Your users' PII is processed in memory and immediately discarded. Nothing is persisted after the API response.

3. How we use your data

Purpose	Legal basis	Data used
Providing API access and managing your account	Contract performance	Email, usage data
Sending essential service communications (account updates, security alerts)	Contract performance	Email
Processing payments	Contract performance	Billing information
Sending product updates and relevant content (with opt-out available)	Legitimate interest	Email
Security monitoring and fraud prevention	Legitimate interest	Log data, IP address
Improving our services	Legitimate interest	Aggregated, anonymised usage data

4. Data sharing

We do not sell your data. We share personal data only in limited circumstances:

Service providers: companies that help us deliver our service (cloud hosting, payment processing, email delivery). These are bound by data processing agreements.
Legal requirements: when required by law, court order, or to protect the safety of users or the public.
Business transfers: in the event of a merger or acquisition, with prior notice to you.

5. Data retention

Account data: retained for the duration of your account, plus 30 days after deletion.
API request logs: retained for 90 days for debugging and security purposes, then automatically deleted.
Billing records: retained for 7 years as required by financial regulations.

6. Your rights

Depending on your location, you may have the following rights:

Right of access

Request a copy of the personal data we hold about you.

Right to rectification

Correct inaccurate or incomplete personal data.

Right to erasure

Request deletion of your personal data where no legitimate basis exists for retention.

Right to portability

Receive your data in a structured, machine-readable format.

Right to object

Object to processing based on legitimate interests, including marketing.

Right to restrict

Limit how we process your data in certain circumstances.

To exercise any of these rights, email contact@comply-tech.co.uk. We respond within 30 days.

7. Security

We implement industry-standard security measures including TLS 1.3 encryption in transit, AES-256 encryption at rest, and role-based access controls.

8. International transfers

ComplyTech is based in the United Kingdom. If we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the relevant supervisory authority.

9. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or via a prominent notice on our website, with at least 30 days notice before changes take effect.

10. Contact

Privacy queries: contact@comply-tech.co.uk

General contact: contact@comply-tech.co.uk

If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority (in the UK: ICO; in the EU: your national DPA).