Privacy Policy

Last updated: February 13, 2025

1. Introduction

RegulyAI ("we," "us," or "our") operates the website regulyai.com and provides an AI compliance toolkit (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website or join our waitlist. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

RegulyAI is the data controller for the personal data collected through this website. If you have any questions about this Privacy Policy or our data practices, you can contact us at hello@regulyai.com.

3. Data We Collect

We collect minimal personal data necessary to operate our waitlist and communicate with you:

  • Email address — provided when you join our waitlist
  • Timestamp — the date and time of your waitlist registration
  • Source — referral source indicating where you signed up from (e.g., hero section, CTA)

We do not collect sensitive personal data, financial information, or any data beyond what is listed above.

4. How We Use Your Data

We use the collected data for the following purposes:

  • To manage our waitlist and notify you when RegulyAI launches
  • To send product updates, announcements, and relevant communications
  • To respond to your inquiries or support requests
  • To improve our website and services

The legal basis for processing your data is your consent (Article 6(1)(a) GDPR), which you provide by voluntarily submitting your email address through our waitlist form.

5. Data Storage & Security

Your data is stored securely using the following infrastructure:

  • Supabase — your email address and registration metadata are stored in a Supabase database hosted in the EU (eu-central-1). Access is restricted through Row Level Security (RLS) policies.
  • Resend — we use Resend to send transactional and notification emails. Your email address is shared with Resend solely for email delivery purposes.
  • Vercel — our website is hosted on Vercel. Vercel may process standard server logs (IP addresses, request metadata) as part of normal web hosting operations.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

6. Cookies & Tracking

Our website does not use cookies for tracking or advertising purposes. We do not use any third-party analytics services. Any cookies that may be set are strictly necessary for the technical operation of the website (e.g., hosting infrastructure). We do not engage in cross-site tracking or behavioral profiling.

7. Data Sharing & Third Parties

We do not sell, rent, or trade your personal data. We share your data only with the following service providers, who act as data processors on our behalf:

  • Supabase, Inc. — database hosting and storage
  • Resend, Inc. — email delivery
  • Vercel, Inc. — website hosting

These providers are contractually obligated to process your data only as instructed by us and to maintain appropriate security measures.

8. International Data Transfers

Some of our service providers are based in the United States. Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or the service provider's participation in recognized data protection frameworks.

9. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described in this policy. Specifically, your waitlist data will be retained until the Service launches and you either create an account or request deletion. If you do not create an account, we will delete your waitlist data within 12 months after the Service becomes generally available. You may request deletion at any time.

10. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate or incomplete data
  • Right to erasure — request deletion of your personal data
  • Right to restrict processing — request that we limit how we use your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to withdraw consent — withdraw your consent at any time without affecting the lawfulness of prior processing
  • Right to lodge a complaint — file a complaint with your local data protection authority

To exercise any of these rights, please contact us at hello@regulyai.com. We will respond to your request within 30 days.

11. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify waitlist subscribers of material changes via email. The "Last updated" date at the top of this page indicates when this policy was last revised.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: hello@regulyai.com