← Back to ComplianceIQ

Privacy Policy

Last updated: March 18, 2026

1. Who We Are

ComplianceIQ is an API-first EU AI Act compliance tool operated by Avi Pilcer ("we," "us," "our"). You can reach us at avi@ultradeep.tech.

2. What Data We Collect

  • Email address — collected when you request a free API key or sign up. Used to send your API key and service updates.
  • API usage metadata — timestamps, endpoints called, and request counts. Used for rate limiting and billing.
  • Payment information — handled entirely by Stripe. We never see or store raw card data.
  • Authentication data — managed by Clerk. We store a user identifier to associate API keys with accounts.

3. What We Do NOT Store

AI system descriptions and other input you submit to the classification, obligation mapping, gap analysis, or documentation endpoints are processed in-memory and immediately discarded after the response is returned. We do not store, log, train on, or share your AI system descriptions.

4. How We Use Your Data

  • To provide and operate the ComplianceIQ API service
  • To enforce rate limits and usage quotas associated with your API key
  • To process payments and manage subscriptions via Stripe
  • To send transactional emails (API key delivery, billing receipts)
  • To notify you of material changes to the service or these terms

5. Legal Basis (GDPR)

For users in the European Economic Area, we process personal data under the following lawful bases:

  • Contract performance — to provide the API service you signed up for
  • Legitimate interests — to prevent abuse, enforce rate limits, and improve the service
  • Legal obligation — to comply with applicable laws and regulations

6. Data Sharing

We do not sell your data. We share data only with the following service providers under data processing agreements:

  • Stripe — payment processing
  • Clerk — authentication and user management
  • Cloudflare — hosting and infrastructure

7. Data Retention

API usage metadata is retained for as long as your account is active and for up to 12 months after account deletion for billing reconciliation. Email addresses are retained until you request deletion. You may request deletion at any time by emailing avi@ultradeep.tech.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, email avi@ultradeep.tech. We will respond within 30 days.

9. Cookies

We use only essential cookies required for authentication (Clerk session tokens) and payment flow (Stripe). We do not use tracking or advertising cookies.

10. Security

API keys are hashed before storage. All data is transmitted over TLS. We follow industry-standard security practices for our infrastructure. No system is 100% secure; if you believe your API key has been compromised, rotate it immediately via the API or by contacting us.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by email to registered users. The "last updated" date at the top reflects the most recent revision.

12. Contact

Questions or concerns? Email avi@ultradeep.tech.