Privacy Policy
Last updated: 20/02/2026
1. Data Controller
ComplySafe.io is operated by BitFoundry OÜ, a private limited company registered in Estonia (registry code: 17352996). BitFoundry OÜ acts as the data controller for personal data processed in connection with this website and the ComplySafe service.
Registered office: Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551. Contact: contact@complysafe.io
2. Scope
This Privacy Policy explains how we collect, use, store, and protect personal data when you access our website, create an account, or use the ComplySafe compliance scanning platform.
3. Categories of Data We Process
3.1 Account and Identity Data
- Name and email address provided through authentication providers
- Account settings and preferences
- Subscription and billing status
3.2 Billing Data
Payments are processed by Stripe. We do not store full payment card details. We may process billing identifiers, invoices, and subscription status information.
3.3 Repository and Scan Data
- Website URLs and publicly accessible website content
- Source code uploaded via ZIP archives
- Repository metadata and source code authorized via GitHub App
- Commit metadata, pull request metadata, and file diffs
- Generated scan reports and detected compliance issues
3.4 Technical and Usage Data
- IP address
- Browser type and device information
- Basic usage metrics and error logs
Our infrastructure is hosted on Vercel. We use privacy respectful analytics. We do not use advertising trackers or behavioral profiling cookies.
4. Legal Bases for Processing
We process personal data on the following legal grounds:
- Performance of a contract, when providing access to the ComplySafe platform
- Legitimate interests, including improving security, enforcing fair use, and preventing abuse
- Legal obligations, including accounting and regulatory compliance
- Consent, where required for specific communications
5. How We Use Data
- Provide and operate compliance scanning services
- Generate reports and remediation suggestions
- Manage subscriptions and billing
- Maintain platform security and integrity
- Improve detection logic and product reliability
- Comply with legal requirements
Customer repositories, source code, and scan results are not used to train shared artificial intelligence models.
6. Data Sharing and Processors
We may share data with trusted processors, including:
- Stripe for payment processing
- Vercel for hosting and infrastructure
- GitHub for authorized repository integrations
Data may also be disclosed if required by law or in connection with a merger, acquisition, or restructuring.
Where data is transferred outside the European Economic Area, we rely on appropriate safeguards such as Standard Contractual Clauses.
7. Data Retention
We retain personal data only as long as necessary to provide services and meet legal obligations.
- Trial plans: up to 7 days after expiration
- Starter plans: up to 30 days after expiration
- Pro plans: up to 90 days after expiration
- Billing records: retained as required by law
You may request earlier deletion where legally permissible.
8. Security
- Encryption in transit
- Access controls and role based permissions
- Secure cloud infrastructure
- PCI compliant payment processing via Stripe
9. Your Rights
Under the General Data Protection Regulation, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Request erasure
- Restrict or object to processing
- Request data portability
- Lodge a complaint with a supervisory authority
To exercise your rights, contact contact@complysafe.io.
10. Automated Decision Making
ComplySafe generates automated compliance analysis results. However, these results do not constitute legal advice and do not produce legally binding decisions affecting individuals.
11. Changes to This Policy
We may update this Privacy Policy periodically. The updated version will be published on this page with a revised date.
12. Contact
If you have questions about this Privacy Policy or our data practices, contact:
BitFoundry OÜEmail: contact@complysafe.io