Privacy Policy

1. Information We Collect

1.1 Personal Information You Provide

We collect information that you voluntarily provide to us when you:

• Register for an account: Name, email address, company name, phone number, job title
• Subscribe to our Service: Billing information (processed securely through Stripe), payment history
• Contact us: Name, email address, message content, phone number
• Join our waitlist: Email address, company information, use case details

1.2 Information Automatically Collected

When you access the Service, we may automatically collect:

• Usage Data: Pages visited, time spent, clicks, navigation paths, feature usage
• Device Information: IP address, browser type and version, operating system, device identifiers
• Location Data: Approximate geographic location based on IP address
• Cookies and Similar Technologies: See our Cookie Policy for details

1.3 Conversation Data

If you use our AI assistant features, we collect:

• Customer conversation transcripts and messages
• Customer information shared during conversations (with your permission)
• Conversation metadata (timestamps, duration, outcomes)
• AI performance metrics and training data

2. How We Use Your Information

We use the collected data for the following purposes:

• Service Delivery: To provide, maintain, and improve our Service
• Account Management: To manage your account and provide customer support
• AI Improvement: To train and improve our AI models (using anonymized data)
• Communication: To send you updates, newsletters, and marketing materials (with your consent)
• Analytics: To understand how users interact with our Service and optimize performance
• Security: To detect, prevent, and address technical issues and fraudulent activity
• Legal Compliance: To comply with legal obligations and enforce our Terms of Service

3. Legal Basis for Processing (GDPR)

If you are from the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the data and the context:

• Contract Performance: Processing necessary to provide the Service you requested
• Consent: You have given explicit consent for specific purposes (e.g., marketing emails, analytics cookies)
• Legitimate Interests: Processing necessary for our legitimate business interests (e.g., fraud prevention, service improvement)
• Legal Obligation: Processing required to comply with legal obligations

4. How We Share Your Information

We may share your information in the following situations:

4.1 Service Providers

We employ third-party companies to facilitate our Service:

• OpenAI: For AI/LLM processing and conversation generation
• Vercel: For hosting and infrastructure
• Stripe: For payment processing
• Google Analytics: For usage analytics (with your consent)
• Meta (Facebook): For advertising and analytics (with your consent)

These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

4.2 Business Transfers

If Komplian is involved in a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice before your information is transferred and becomes subject to a different Privacy Policy.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

5. Your Data Protection Rights

5.1 GDPR Rights (EU/EEA Users)

If you are a resident of the European Economic Area (EEA), you have the following data protection rights:

• Right to Access: You can request copies of your personal data
• Right to Rectification: You can request correction of inaccurate or incomplete data
• Right to Erasure: You can request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: You can request that we limit how we use your data
• Right to Data Portability: You can request transfer of your data to another organization
• Right to Object: You can object to our processing of your personal data
• Right to Withdraw Consent: You can withdraw consent at any time where we relied on consent

5.2 CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the CCPA:

• Right to Know: You can request information about the personal information we collect, use, and disclose
• Right to Delete: You can request deletion of your personal information
• Right to Opt-Out: You can opt-out of the sale of your personal information (Note: We do not sell personal information)
• Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption: Data in transit is encrypted using TLS/SSL protocols
• Secure Storage: Data at rest is encrypted and stored on secure servers
• Access Controls: Limited access to personal data on a need-to-know basis
• Regular Audits: Security practices are regularly reviewed and updated
• Employee Training: Staff are trained on data protection and privacy practices

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account Data: Retained while your account is active and for up to 2 years after account deletion
• Conversation Data: Retained for up to 1 year or as configured in your account settings
• Payment Data: Retained as required by tax and accounting regulations (typically 7 years)
• Analytics Data: Retained for up to 14 months (Google Analytics default)

8. International Data Transfers

Your information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.

If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal data, to the United States and process it there.

For EEA users, we ensure that appropriate safeguards are in place for such transfers, including Standard Contractual Clauses approved by the European Commission.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from children without verification of parental consent, we will take steps to remove that information from our servers.

10. Third-Party Links

Our Service may contain links to third-party websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date at the top of this Privacy Policy
• Sending you an email notification (for material changes)

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us:

13. Supervisory Authority

If you are located in the EEA and believe we have not adequately resolved your privacy concerns, you have the right to lodge a complaint with your local data protection authority.

For users in Spain, the supervisory authority is the Spanish Data Protection Agency (AEPD): www.aepd.es