Privacy Policy

Last Updated: April 30, 2025 · Effective Date: April 30, 2025

This Privacy Policy explains how NewFrame Legal LLC collects, uses, stores, and protects your personal data when you use Compliora AI. Please read it carefully alongside our Terms and Conditions and Cookie Policy.

1. Data Controller

The data controller responsible for your personal data is NewFrame Legal LLC, a limited liability company incorporated under the laws of Ukraine, Company Identification Number: 46324688. Contact: legal@compliora.ai.

We process personal data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable national data protection law. Although we are incorporated in Ukraine, the GDPR applies to us because we offer services to individuals in the EU and monitor their behaviour (Article 3(2) GDPR).

2. Data We Collect and Why

2.1 Account Registration Data

When you create an Account, we collect your email address and a password (stored as a hashed value — we never store plain-text passwords). Legal basis: performance of contract (Article 6(1)(b) GDPR).

2.2 Project Submission Data

When you submit project information to generate an Assessment, we process the content you provide solely to generate the Report. This data is deleted from active systems upon Report delivery and is not retained in identifiable form. Legal basis: performance of contract (Article 6(1)(b) GDPR). We do not use project submission data for any secondary purpose without your explicit consent.

2.3 Payment and Transaction Data

Payments are processed via card acquiring services. The Company receives transaction confirmation data including: the amount charged, the transaction reference, and the email address provided at checkout. We do not receive, process, or store your payment card details — card data is handled directly by the payment processor and is not transmitted to or stored by the Company. Legal basis: performance of contract and compliance with legal obligations (Article 6(1)(b) and (c) GDPR).

2.4 Communication Data

When you contact us by email or through the Website, we process your email address and the content of your message. Legal basis: our legitimate interests in responding to enquiries and improving the Service (Article 6(1)(f) GDPR).

2.5 Technical and Usage Data

The Website uses a two-tier analytics approach. By default, our server records minimal page-view metadata: the page path visited, the referring URL, your country of origin (derived from Cloudflare infrastructure — your IP address is never stored), and a timestamp. No storage is placed on your device for this tier. Legal basis: our legitimate interests in security monitoring and aggregate usage analysis (Article 6(1)(f) GDPR). No consent is required as no cookies or device-level storage are involved.

Optionally, if you grant consent through the cookie banner or preference manager, we additionally store a randomly generated anonymous identifier in your browser’s localStorage (key rs_vid) and attach it to subsequent page views. This lets us measure how visitors move through our assessment funnel (first-party funnel analytics only). It is never shared with third parties, cannot be used to track you across other websites, and contains no personal data. Legal basis: your consent (Article 6(1)(a) GDPR and Article 5(3) ePrivacy Directive). You may withdraw consent at any time via the Cookie Preference Manager — on withdrawal, the identifier is immediately deleted from your browser. See our Cookie Policy for further details.

2.6 Marketing Communications

If you opt in to marketing communications, we use your email address to send product updates and promotional content. Legal basis: consent (Article 6(1)(a) GDPR). You may withdraw consent at any time by clicking the unsubscribe link in any marketing email or contacting legal@compliora.ai.

3. How We Use Your Data

We use your personal data for the following purposes:

To create and manage your Account and authenticate your identity;
To process your payment and deliver the Report you have purchased;
To send transactional emails, including invoices, Report delivery confirmations, and Account notices;
To respond to your enquiries and provide customer support;
To maintain the security and integrity of the Service and prevent fraud;
To improve the AI System and Service using strictly anonymised, aggregated data only;
To comply with our legal obligations, including tax, accounting, and regulatory requirements;
To send marketing communications where you have opted in.

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

4. Data Sharing and Disclosure

4.1 Service Providers

We share personal data with trusted third-party service providers who process data on our behalf under data processing agreements, including:

Anthropic, PBC — AI model processing (project data processed transiently; not retained by Anthropic beyond immediate inference);
Cloudflare, Inc. — infrastructure, CDN, and security services;
Card acquiring services — for processing payments; card data is handled directly by the payment processor and is not stored by the Company;
Resend (or equivalent) — for transactional email delivery;

All third-party processors are contractually bound to process data only on our instructions and to maintain appropriate security measures.

4.2 Legal Disclosure

We may disclose personal data to law enforcement, regulatory authorities, or courts where required by applicable law, a court order, or to protect the rights, property, or safety of the Company, its Users, or third parties.

4.3 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of the Company or its assets, personal data may be transferred to the acquirer, subject to equivalent privacy protections. We will notify affected Users of any such transfer.

4.4 No Sale of Personal Data

We do not sell personal data to any third party. We do not disclose identifiable project submission data to third parties for any purpose other than as described in this Policy.

5. International Data Transfers

NewFrame Legal LLC is incorporated in Ukraine. When we transfer Personal Data of EU residents to countries outside the European Economic Area (including Ukraine and the United States for AI model processing), we ensure appropriate safeguards are in place in accordance with GDPR Chapter V, including:

Standard Contractual Clauses (SCCs) adopted by the European Commission, where applicable;
Adequacy decisions by the European Commission, where applicable;
Other appropriate safeguards as required by applicable law.

You may request a copy of the relevant transfer mechanism by contacting legal@compliora.ai.

6. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy:

Account data (email, hashed password): retained for the duration of your Account plus 12 months after deletion request, to comply with legal obligations;
Project submission data: deleted from active systems upon Report delivery;
Transaction and invoice records: retained for 7 years to comply with tax and accounting legal obligations;
Communication records (support emails): retained for 2 years;
Technical/usage logs: retained for up to 12 months for security and operational purposes.

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised.

7. Your Rights Under the GDPR

If you are in the EU or EEA, you have the following rights under the GDPR:

Right of access (Article 15): to obtain a copy of your personal data and information about how it is processed;
Right to rectification (Article 16): to have inaccurate or incomplete data corrected;
Right to erasure (Article 17): to have your data deleted where it is no longer necessary, or where you withdraw consent;
Right to restriction of processing (Article 18): to restrict processing in certain circumstances;
Right to data portability (Article 20): to receive your data in a structured, machine-readable format;
Right to object (Article 21): to object to processing based on legitimate interests, including for direct marketing;
Right to withdraw consent (Article 7(3)): to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at legal@compliora.ai. We will respond within 30 days. We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with your national supervisory authority. For EU residents, the relevant authority is the data protection authority of your country of habitual residence. A list of EU supervisory authorities is available at edpb.europa.eu.

8. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction, including:

Encryption of data in transit (TLS) and at rest;
Access controls limiting data access to authorised personnel only;
Regular security assessments of our infrastructure;
Hashed storage of passwords (no plain-text passwords stored);
Cloudflare security services for DDoS protection and web application firewall.

No method of electronic transmission or storage is 100% secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security.

9. Children

Compliora AI is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected such data, please contact us at legal@compliora.ai and we will delete it promptly.

10. Automated Decision-Making

The Assessments and Reports generated by Compliora AI involve automated processing of the project information you submit. However, this does not constitute solely automated decision-making producing legal or similarly significant effects within the meaning of Article 22 GDPR, because: (a) the output is informational only and does not produce binding legal effects; and (b) the final decision on any regulatory or compliance matter rests entirely with the User and their legal advisers. No Assessment is acted upon without human review.

11. Cookies

We use cookies and similar tracking technologies. Please see our Cookie Policy for full details. You can manage your cookie preferences at any time via the Cookie Preference Manager.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email (if you have an Account) and by posting the updated Policy on the Website with a revised “Last Updated” date. Continued use of the Service after the effective date of any update constitutes acceptance of the revised Policy.

13. Contact and Supervisory Authority

13.1 Contact Us

NewFrame Legal LLC

Company Identification Number: 46324688

Incorporated under the laws of Ukraine

Website: https://compliora.ai

Data protection enquiries: legal@compliora.ai

13.2 Right to Complain

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the competent supervisory authority in your country of habitual residence. For EU residents, this is the national data protection authority (e.g., CNIL in France, BfDI in Germany, ICO in the UK). A list of EU supervisory authorities is available at edpb.europa.eu.