ComplyAI

Privacy Policy

Comply AI — how we collect, use, and protect your data

Last updated: February 5, 2026

Comply AI ("we", "us", "our") is committed to protecting your privacy and ensuring compliance with GDPR, UK Data Protection Act, and relevant financial-sector expectations regarding data handling. This Privacy Policy explains how we collect, use, store, and protect personal data.

1. Data we collect

1.1 Information you provide

  • Name, email, organisation, and account details
  • Uploaded documents, messages, and compliance materials
  • Billing and payment information
  • Support requests or communication logs

1.2 Automatically collected data

  • Device information, browser type, session logs
  • Usage analytics, IP address, authentication events

1.3 Cookies

We use cookies for functionality, security, analytics, and session management.

2. How we use your data

We process your data to:

  • Deliver the Service and generate AI-based analysis
  • Improve accuracy, reliability, and performance
  • Personalise your user experience
  • Provide customer support
  • Ensure platform security and fraud prevention
  • Manage billing and account administration
  • Comply with legal obligations

We do not sell personal data.

4. Data storage & security

Comply AI uses bank-grade technical and organisational measures, including:

  • AES-256 encryption at rest, TLS 1.3 encryption in transit
  • Zero-trust architecture, network isolation
  • Role-based access control (RBAC)
  • Logging and audit trails, regular penetration testing
  • Secure cloud infrastructure, GDPR-compliant hosting regions

Financial institutions may request an enhanced security overview or due-diligence pack.

5. Data retention

We retain data for the duration of your use of the Service unless:

  • You request deletion
  • Retention is required by law
  • Aggregated anonymised data is retained for model improvement

Uploaded content may be automatically deleted after a defined period for compliance best practice (configurable).

6. Sharing of data

We may share data with:

  • Cloud hosting providers (GDPR-compliant)
  • Payment processors, security partners
  • Approved subprocessors (listed on our website)

We will never sell, rent, or share your data for advertising. We do not share user documents with any foundation model provider for training purposes.

7. International data transfers

Data may be stored in the UK or EU. If transferred outside these regions, we use Standard Contractual Clauses (SCCs), adequacy decisions, and additional encryption safeguards.

8. Your rights

Under GDPR, you have the right to access your data, rectify inaccurate data, request deletion, restrict processing, port your data, object to processing, and withdraw consent.

Requests can be sent to privacy@complyai.co.

9. Children's data

Comply AI is not intended for individuals under 18. We do not knowingly collect data from minors.

10. Changes to this policy

We may update this Policy periodically. Continued use of the Service constitutes acceptance of the updated terms.

11. Contact

For privacy questions or concerns:

support@complyai.chat
Elevate AI Tech, Apollo House, Hallam Way, Whitehills Business Park, Blackpool, United Kingdom, FY45FS