ComplyPanel

This Privacy Policy explains how ComplyPanel (“we”, “us”, “our”) collects, uses, and protects personal data when you use our services.

We are committed to protecting your privacy and processing personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

If you have any questions about this Privacy Policy, please contact us at support@complypanel.app.

1. Roles Under GDPR

When you use ComplyPanel, we act in two different capacities:

Data Controller: For your account information (name, email, organization details), billing data, and our own analytics, we are the Data Controller. We determine the purposes and means of processing this data to provide and improve our service.
Data Processor: For the content you upload and manage within ComplyPanel (e.g., security descriptions, uploaded policy documents), you are the Data Controller, and we are the Data Processor. We process this data on your behalf and according to your instructions. You are responsible for ensuring you have a legal basis to process any personal data contained within that content.

2. Personal Data We Collect

2.1 Account and Organization Information

When you create a ComplyPanel account, we collect your full name, email address, password, and organization name to create and manage your account and communicate with you.

2.2 Billing Information

When you subscribe to a paid plan, our payment processor (Stripe) collects your payment information. We do not store your full credit card details but do store subscription details and billing history for administrative purposes.

2.3 Content You Provide

We store the compliance information you enter into the dashboard, such as security practice descriptions, certification statuses, and any documents you upload. You are responsible for the lawfulness of any personal data within this content.

2.4 Technical and Usage Data

We collect basic technical information like IP addresses, browser types, and usage data to operate, secure, and improve our service.

3. Legal Bases for Processing (GDPR)

We process your personal data based on:

Performance of a contract: To provide the ComplyPanel service to you.
Legitimate interests: For security, service improvement, and analytics.
Legal obligations: For compliance with tax and accounting laws.
Consent: For non-essential cookies or marketing communications, where applicable.

4. Data Sharing and Sub-processors

We do not sell your personal data. We use trusted third-party sub-processors to provide our service, such as Google (for hosting and database via Firebase), Stripe (for payments), and Vercel (for deployment). We ensure all sub-processors have strong data protection standards.

5. International Data Transfers

Your data may be processed in countries outside of the EU/EEA. We use mechanisms like Standard Contractual Clauses (SCCs) to ensure that your data is protected to a standard equivalent to that of the GDPR.

6. Cookies

We use essential cookies for authentication and to operate the service. We will ask for your consent for any non-essential analytics or marketing cookies. You can manage cookie preferences in our cookie banner or your browser settings.

7. Data Retention

We retain your personal data for as long as you have an active account with us. After you close your account, your data will be deleted in accordance with our data retention policy, except where we are legally required to retain it (e.g., for financial records).

8. Your Rights Under GDPR

You have the right to access, rectify, erase, restrict processing of, and port your personal data. You also have the right to object to processing and to withdraw consent. To exercise these rights, please contact us at support@complypanel.app.

9. Security

We implement robust technical and organizational measures to protect your data, including encryption, access controls, and regular security reviews.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of any material changes by email or through the service.