Privacy Policy

Effective date: January 1, 2025 · Last updated: 2025

1. Introduction & Who We Are

Complify, Inc. ("Complify," "we," "us," or "our") operates an AI-powered SaaS compliance platform that helps organizations generate compliance documents and assessments. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By using Complify, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our Service.

2. Information We Collect

We collect several types of information from and about users of our Service:

  • Account Information: Name, email address, company name, job title, and other information you provide when creating an account
  • Company Data: Information about your company, including industry, size, location, tech stack, and business operations
  • Assessment Answers: All responses and data you provide during compliance assessments, including answers to questions about your practices, policies, and procedures
  • Usage Data: Information about how you interact with our Service, including pages visited, features used, and time spent
  • Payment Information: Billing address and payment method details (processed securely by our payment provider; we do not store full payment card numbers)
  • Technical Data: IP address, browser type, device information, and other technical identifiers

3. How We Use Your Information

We use the information we collect to:

  • Service Delivery: Provide, operate, and maintain our compliance assessment and document generation platform
  • AI Document Generation: Process your assessment data through AI systems to generate customized compliance documents, reports, and recommendations
  • Service Improvement: Analyze usage patterns and feedback to improve our Service, develop new features, and enhance user experience
  • Communications: Send you service-related notices, updates, support messages, and respond to your inquiries
  • Payment Processing: Process payments, manage subscriptions, and handle billing
  • Legal Compliance: Comply with legal obligations, enforce our terms, and protect our rights and the rights of our users

4. AI & Automated Processing

Complify uses artificial intelligence, including Claude AI (provided by Anthropic), to process your assessment data and generate compliance documents. This processing is automated and occurs without human review of your specific data or answers.

Your assessment responses and company information are processed by AI systems to:

  • Analyze your compliance posture and identify gaps
  • Generate customized policy documents tailored to your company
  • Create risk assessments and implementation roadmaps
  • Provide recommendations based on your industry and company profile

No human employees review your individual assessment answers or generated documents unless you explicitly request support or we need to investigate a technical issue.

5. Document Storage & Delivery

Generated compliance documents are stored securely in your account and delivered to you via:

  • Secure download links accessible through your Complify dashboard
  • Email delivery to your registered email address (for certain document types)
  • Export functionality allowing you to download documents in PDF, Word, or other formats

Documents are retained in your account for the duration specified in our Data Retention section below. You can access, download, and delete your documents at any time through your account dashboard.

6. Data Sharing

We share your information only as necessary to provide our Service:

  • Stripe: We use Stripe to process payments. Stripe receives payment information and billing details in accordance with their privacy policy. We do not store full payment card numbers.
  • Anthropic: We use Anthropic's Claude AI to process your assessment data and generate documents. Data sent to Anthropic is subject to their privacy practices and our data processing agreements. Anthropic does not use your data to train their models for other customers.
  • Service Providers: We may use third-party service providers for hosting, analytics, customer support, and other operational functions. These providers are contractually obligated to protect your data.
  • Legal Requirements: We may disclose information if required by law, court order, or to protect our rights, property, or safety.

We do not sell your personal information to third parties. We do not share your data for advertising or marketing purposes unrelated to our Service.

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or United Kingdom, you have certain rights under the General Data Protection Regulation (GDPR):

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements
  • Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format
  • Right to Object: Object to processing of your personal data for certain purposes
  • Right to Restrict Processing: Request restriction of processing in certain circumstances
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@complify.com. We will respond within 30 days.

8. Your Rights Under CCPA

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

California residents may exercise these rights by contacting us at privacy@complify.com or through your account settings.

9. Data Security

We implement industry-standard technical and organizational measures to protect your data:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and monitoring
  • Secure infrastructure and hosting environments
  • Employee training on data protection

In the event of a data breach that may affect your personal information, we will notify affected users and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

10. Data Retention

We retain your information for the following periods:

  • Account Data: Retained while your account is active and for a reasonable period thereafter to comply with legal obligations
  • Generated Documents: Retained in your account for 2 years from the date of generation, after which they may be archived or deleted
  • Payment Records: Retained for 7 years as required by tax and accounting laws
  • Assessment Data: Retained while your account is active and for 2 years after account closure

You may request deletion of your data at any time, subject to legal retention requirements.

11. Cookies & Tracking

We use minimal cookies necessary for Service functionality:

  • Essential Cookies: Required for authentication, session management, and core functionality
  • Analytics Cookies: Used to understand how users interact with our Service (anonymized)

We do not use advertising cookies or tracking pixels. We do not share data with advertising networks or engage in cross-site tracking.

12. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

13. International Transfers

Your information may be transferred to and processed in the United States, where our servers are located and where our service providers operate. If you are located outside the United States, please note that we transfer data to the United States.

For users in the EEA and UK, we rely on appropriate safeguards for international transfers, including Standard Contractual Clauses approved by the European Commission, to ensure your data receives adequate protection.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We may also notify you via email or through your account. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at: privacy@complify.com

Terms of Service · Back to Home