Privacy Policy

1. Introduction

Compliable ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI compliance checking API service ("Service").

As a compliance-focused service, we hold ourselves to the highest standards of data protection, including compliance with the GDPR, CCPA, and other applicable privacy regulations.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Name (optional)
• Company name (optional)
• Payment information (processed by Stripe)

2.2 API Usage Data

We collect metadata about API requests:

• API key used
• Timestamp of request
• Request size (token count)
• Response status codes
• IP address (for rate limiting and abuse prevention)

2.3 Content Submitted for Compliance Checking

IMPORTANT: Content you submit to our API for compliance checking is processed in-flight and immediately discarded. We do not store, log, or retain any content you send to the /check endpoint.

We only retain compliance check metadata (timestamp, token count, regulation checked) for billing and usage analytics purposes.

3. How We Use Your Information

We use collected information for:

• Service delivery: Providing API access and compliance checking functionality
• Billing: Processing payments and tracking usage for billing purposes
• Security: Detecting and preventing abuse, fraud, and security threats
• Support: Responding to customer inquiries and technical support requests
• Analytics: Understanding usage patterns to improve our service (aggregated, anonymized data only)
• Legal compliance: Meeting legal obligations and enforcing our Terms of Service

4. Data Sharing and Disclosure

We share your information only with the following third parties:

• Stripe: Payment processing (subject to Stripe's privacy policy)
• Vercel: Hosting and infrastructure (subject to Vercel's privacy policy)
• Ahrefs Analytics: Anonymous website analytics (no personal data)

We do NOT sell, rent, or trade your personal information to third parties for marketing purposes.

We may disclose your information if required by law, court order, or to protect our rights or the safety of others.

5. Your Privacy Rights

5.1 GDPR Rights (EU/EEA Users)

If you are located in the EU or EEA, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Restriction: Request restriction of processing
• Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing of your personal data
• Withdraw consent: Withdraw consent at any time (where processing is based on consent)

5.2 CCPA Rights (California Users)

If you are a California resident, you have the right to:

• Know: Request disclosure of personal information collected, sold, or disclosed
• Delete: Request deletion of personal information
• Opt-out: Opt-out of sale of personal information (we do not sell personal information)
• Non-discrimination: Not be discriminated against for exercising your rights

To exercise any of these rights, contact us at privacy@compliable.dev. We will respond within 30 days.

6. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

• Account data: Retained while your account is active, plus 90 days after account deletion
• Billing records: Retained for 7 years for tax and accounting purposes
• API usage metadata: Retained for 12 months for billing and analytics
• Content submitted for compliance checking: Not retained (processed in-flight only)

7. Data Security

We implement industry-standard security measures:

• TLS/SSL encryption for all data in transit
• Encryption at rest for stored data
• API key authentication and rate limiting
• Regular security audits and monitoring
• Access controls and least-privilege principles

While we strive to protect your data, no method of transmission over the internet is 100% secure. You use the Service at your own risk.

8. International Data Transfers

Our infrastructure is hosted on Vercel, with servers located in the United States and other regions. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States.

We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for transfers of personal data from the EU/EEA to third countries.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@compliable.dev.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last updated" date
• Sending an email to your registered email address (for material changes)

Continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:

Email: privacy@compliable.dev

Support: https://compliable.dev/docs

For GDPR-related inquiries, you may also contact your local data protection authority.