Privacy Policy

Last updated: January 28, 2026

At L Company, we take your privacy and data sovereignty seriously. This policy explains how ComplyAI handles your data, where it is stored, and your rights under the GDPR.

1. Data We Collect

We collect your email address for authentication and the technical descriptions of AI systems you submit for audit. We do not collect sensitive personal data of your employees or customers.

2. Data Usage

Your data is used strictly to provide the compliance audit service. Your project descriptions are processed by our AI providers (Google Cloud) solely for the purpose of generating the analysis and are not used to train their public models.

3. GDPR Compliance

L Company operates from Benin but provides services to European customers. We are fully committed to complying with the General Data Protection Regulation (GDPR) regarding the processing of data from EU residents. You have the right to access, rectify, or delete your personal data at any time via your account settings.

4. Data Storage & Sovereignty

To ensure maximum security and compliance with EU data residency requirements:

• Database Provider: We use Supabase, an enterprise-grade open source backend.
• Infrastructure: Supabase is built upon AWS (Amazon Web Services) infrastructure.
• Data Region: All user data (database and backups) is strictly hosted in the EU (Frankfurt, Germany) region.

This architecture ensures that your critical compliance data remains within the European Union legal framework.

5. Sub-processors

We use the following third-party services:

• Google Cloud (Gemini): AI Processing.
• Lemon Squeezy: Payment processing (Merchant of Record).
• Vercel: Web hosting.