Privacy Policy

Account information. When you create an account, we collect your name, email address, and company name. Authentication is handled through AWS Cognito.

Product and project data. Information you provide about your products, testing needs, and compliance requirements when using the platform.

AI conversations. Questions you ask and responses generated by our AI assistant. These are stored to provide your conversation history and improve the service.

Quote requests. Details you include in requests for quotes from testing labs, including product descriptions and testing requirements.

Email relay messages. When you communicate with labs through our relay system, we process and store those messages to deliver them and maintain conversation history.

Usage data. Basic analytics about how you use the platform, including pages visited, features used, and interactions with the AI assistant.

We use your information to:

• Provide and operate the ComplyOps platform
• Process your AI compliance queries and return relevant answers
• Forward quote requests to testing labs on your behalf
• Relay email communication between you and labs
• Send you service-related notifications (e.g., quote responses, account updates)
• Improve and develop new features
• Detect and prevent misuse of the platform

We do not use your data to train AI models. Your conversations and product information are sent to Anthropic’s API solely to generate responses for you, and are subject to Anthropic’s data processing terms which prohibit training on API inputs.

We use the following third-party services to operate ComplyOps:

• Amazon Web Services (AWS). Authentication (Cognito), database (DynamoDB), email delivery (SES), and infrastructure hosting. Data is processed in accordance with AWS’s data processing terms.
• Anthropic. Powers our AI compliance assistant. Your questions are sent to Anthropic’s API for processing. Anthropic does not use API inputs for model training.
• Vercel. Hosts our web application and handles content delivery.
• Cloudflare Turnstile. Bot protection on forms. Processes minimal data to verify you are a real user.

Each provider processes data according to their own privacy policies and our data processing agreements with them.

We use a minimal number of cookies, primarily for authentication and session management:

• Authentication cookies. Session cookies set by AWS Cognito to keep you logged in. These are essential for the platform to function.
• Preference cookies. To remember your settings and preferences.

We do not use third-party advertising or tracking cookies.

We share your data only in these circumstances:

• With testing labs. When you submit a quote request, we share the product and testing details you provide with the selected lab(s). Your email address is kept private through our relay system unless you choose to share it directly.
• With service providers. As described in Section 3, to operate the platform.
• Legal requirements. If required by law, regulation, or legal process.

We do not sell your personal information to anyone.

We retain your data for as long as your account is active or as needed to provide you with the service. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance reasons.

AI conversation logs and quote request history may be retained in anonymized form for service improvement purposes.

We implement reasonable technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest, secure authentication through AWS Cognito, and access controls on our infrastructure. However, no system is completely secure, and we cannot guarantee the absolute security of your data.

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Object to certain processing of your data

To exercise any of these rights, contact us at contact@complyops.ai. We will respond within 30 days.

ComplyOps is a business tool intended for professionals. We do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

We may update this policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new effective date. Your continued use of ComplyOps after changes are posted constitutes acceptance of the revised policy.

For privacy-related questions or requests, contact us at contact@complyops.ai.