Privacy Policy

1. Data controller

ComplySafe.io is operated by BitFoundry OÜ, an Estonian private limited company (registry code 17352996). BitFoundry OÜ acts as the data controller for personal data processed through this website and the ComplySafe service.

Registered office: Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551, Estonia
Contact: contact@complysafe.io

2. Scope

This policy explains how we collect, use, store, and protect personal data when you visit our website, create an account, or use ComplySafe compliance scanning services.

3. Data we process

  • Account and identity data such as name, email address, settings, and subscription status
  • Billing data processed through Stripe, including invoices and subscription identifiers
  • Website scan data, repository metadata, uploaded ZIP archives, pull request metadata, and generated reports
  • Technical data such as IP address, browser type, device information, basic usage metrics, and error logs

We host infrastructure on Vercel and use privacy-friendly analytics. We do not use advertising trackers or behavioral profiling cookies.

4. Legal bases

We process personal data on the basis of:

  • contract performance when providing the service
  • legitimate interests, including security, abuse prevention, and product reliability
  • legal obligations, including accounting and regulatory compliance
  • consent where required for specific communications

5. How we use data

We use data to provide the service, generate reports and remediation guidance, manage billing, maintain platform security, improve reliability, and comply with legal obligations.

Customer repositories, source code, and scan results are not used to train shared AI models.

6. Sharing and processors

We may share data with trusted processors such as Stripe for payments, Vercel for hosting, and GitHub for authorized repository integrations. We may also disclose data when required by law or in connection with a merger, acquisition, or restructuring.

Where data is transferred outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses.

7. Retention and security

We retain personal data only as long as needed to provide the service and meet legal obligations.

  • Trial data: up to 7 days after expiration
  • Starter data: up to 30 days after expiration
  • Pro data: up to 90 days after expiration
  • Billing records: retained as required by law

Security measures include encryption in transit, access controls, role-based permissions, secure cloud infrastructure, and PCI-compliant payment processing through Stripe.

8. Your rights

Under GDPR, you may request access, rectification, erasure, restriction, objection, portability, and you may lodge a complaint with a supervisory authority.

To exercise your rights or ask questions about this policy, contact contact@complysafe.io.

Privacy Policy | ComplySafe.io | ComplySafe.io