Privacy Policy
Last updated: 10 March 2026. ComplianceRadar ("we", "us", "our") operates the ComplianceRadar service and is committed to protecting your privacy in line with the EU General Data Protection Regulation (GDPR) and applicable data protection laws.
1. Data controller
The data controller responsible for your personal data is ComplianceRadar. You may contact us regarding data protection at the contact details provided on our website.
2. What data we collect and why
We collect the following categories of personal data for the purposes described:
- Email addresses — When you provide an email (e.g. when requesting scan results or signing up), we use it to deliver your scan report, send product-related communications, and for lead generation and marketing with your consent where required by law.
- Website URLs — The URLs you submit for compliance scanning are processed to perform the scan and generate the audit report. We use this information only for providing the service and improving our offering.
- Account and authentication data — If you create an account (e.g. via email/password or Google sign-in), we store the data necessary to authenticate you and link your scans to your account, in accordance with our terms of service.
3. Legal basis
We process your data on the following legal bases under the GDPR: performance of a contract (delivering scans and paid reports), legitimate interests (service improvement, security, fraud prevention), and where applicable your consent (e.g. marketing, optional cookies).
4. Third-party sub-processors
We use the following sub-processors to operate the service. Each is bound by data processing agreements and/or standard contractual clauses where required:
- Stripe — Payment processing. Card and payment data are handled directly by Stripe; we do not store full payment card details. Stripe's privacy policy and DPA apply.
- Google Gemini API — We send only the text extracted from the URLs you scan (and related technical observations) to Google's Gemini API for AI-powered compliance analysis. We do not use your personal data or scan content to train AI models. Google does not use our API data to train its generative models. Processing is for analysis only and is governed by our agreement with Google.
- Vercel — Hosting and serverless execution of our application. Application data (including URLs and scan results) may be processed on Vercel's infrastructure. Vercel provides appropriate safeguards for international transfers.
5. Retention and storage
We retain scan results, account data, and logs only as long as necessary to provide the service, comply with legal obligations, and resolve disputes. You may request deletion of your data subject to applicable retention requirements.
6. Your rights
Under the GDPR you have the right to access, rectify, erase, restrict processing, data portability, and to object to processing. You also have the right to lodge a complaint with a supervisory authority. To exercise these rights, contact us using the details on our website.
7. Security
We implement technical and organisational measures to protect your data. For more detail, see our Security page.
8. Changes
We may update this privacy policy from time to time. The "Last updated" date at the top will be revised, and we will notify you of material changes where appropriate.