Privacy Policy

Last updated: March 2026 · NewFrame Legal

1. Data Controller

NewFrame Legal is the data controller for personal data processed through RegScope AI ("the Service"). This policy explains what data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR).

2. Data We Collect

When you use the Service, we may collect:

Project information — questionnaire answers, free-text descriptions, and any documents you upload to generate an assessment
Email address — if you voluntarily provide it to receive a report link
Payment data — processed by WayForPay; we do not store card details
Technical data — IP address, browser type, and access logs collected automatically by Cloudflare infrastructure
Session data — a unique session ID stored in your browser to allow report retrieval

3. How We Use Your Data

We use the data you submit:

To generate the regulatory assessment you requested
To send you a link to your completed report (if email provided)
To maintain service quality and debug technical issues
To comply with our legal obligations

We do not use your project information to train AI models. We do not sell your data to third parties.

4. AI Processing

Project information you submit is processed by Anthropic's Claude API to generate assessments. Anthropic processes this data as a data processor on our behalf. Anthropic's data processing is subject to their enterprise data handling policies, which include commitments not to use API inputs to train models. For details, see anthropic.com/privacy.

5. Data Retention

Assessment data is retained for 12 months from the date of generation, after which it is deleted from our systems. You may request earlier deletion by contacting us.

6. Your Rights Under GDPR

You have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data
Object to processing of your data
Lodge a complaint with your national data protection authority

To exercise any of these rights, contact us at newframelegal.com.

7. Cookies

We use minimal cookies for session management only. See our Cookie Policy for details.

8. Security

We use Cloudflare infrastructure which provides encryption in transit (TLS), DDoS protection, and access controls. API keys and credentials are stored as encrypted secrets and never exposed to the public internet.

9. Changes to This Policy

We may update this policy from time to time. The date at the top of this page reflects the most recent revision. Continued use of the Service after changes constitutes acceptance of the revised policy.

10. Contact

For privacy-related questions, contact NewFrame Legal at newframelegal.com.