Privacy Policy
Last updated: 30 May 2026
Compliantic takes the protection of your personal data seriously. This policy explains what data we process, for what purpose and on what legal basis, for how long, and the rights you have, in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).
1. Data controller
- Entity: [TO COMPLETE: legal name — e.g. AgentFlowing S.L.]
- Tax ID (NIF/CIF): [TO COMPLETE: tax ID]
- Registered address: [TO COMPLETE: full registered address], Ávila, Spain
- Contact: hello@compliantic.eu
2. What we process, why, and the legal basis
| Processing | Data | Purpose | Legal basis (GDPR) |
|---|---|---|---|
| Contact request / lead | Email address, request source, IP address | Reply to your enquiry and contact you commercially | Consent (Art. 6(1)(a)) |
| Account and subscription | Name, email, user identifier, organization details | Provide the service and manage your account | Performance of a contract (Art. 6(1)(b)) |
| Audits and AI assistants | Company description and any information you enter in the form or chat | Generate the requested compliance analysis | Contract / consent (Art. 6(1)(b)/(a)) |
| Billing | Payment data handled by the provider (we do not store cards) | Charge the subscription | Contract and legal obligation (Art. 6(1)(b)/(c)) |
| Security and technical logs | IP addresses, usage events, rate limits | Security, abuse prevention and service availability | Legitimate interest (Art. 6(1)(f)) |
Please do not enter third parties’ personal data, or special categories of data (Art. 9 GDPR), in company descriptions or the chat unless strictly necessary.
3. Recipients and processors
To provide the service we work with the following processors, bound by contract under Art. 28 GDPR:
- Clerk — authentication and user identity.
- Stripe — payment processing.
- Resend — transactional email delivery.
- Anthropic (Claude) — the AI models that generate the responses and analysis. The text you enter is processed to produce the result.
- Hostinger — infrastructure hosting in data centres in the European Union.
4. International transfers
Some of our providers are based outside the European Economic Area (mainly the United States). Where that is the case, transfers rely on appropriate safeguards under Chapter V GDPR: the European Commission’s Standard Contractual Clauses (SCCs) and/or the EU-US Data Privacy Framework where applicable. Compliantic’s own infrastructure is hosted in the European Union.
5. Retention periods
- Leads: until you withdraw consent or after 12 months of inactivity, whichever comes first.
- Account data: for the duration of the contractual relationship and, thereafter, for the applicable statutory limitation periods.
- Technical logs: only as long as necessary for the security purposes above.
6. Your rights
You may exercise your rights of access, rectification, erasure, objection, restriction of processing and portability, and withdraw your consent at any time, by writing to hello@compliantic.eu. If you believe your request was not handled correctly, you may lodge a complaint with the Spanish Data Protection Agency (AEPD), www.aepd.es.
7. Security
We apply appropriate technical and organisational measures to protect your data (encryption in transit, per-organization access control, data minimisation and security logging). No system is infallible, but we work continuously to reduce risk.
8. Changes to this policy
We may update this policy to reflect legal or service changes. The current version will always be published on this page with its update date.