ComplyAgent
Sign up

Privacy Policy

Last updated: June 2026

How we collect, use, and protect personal data, and the rights you have under the GDPR.

1. Controller

The data controller for personal data processed about you (e.g. as a visitor or account holder) is MoAli Nexus (registered company number [will be updated soon]; country of incorporation [will be updated soon]; registered office [will be updated soon]), contactable at admin@complyagent.eu. Where you use ComplyAgent to process personal data about your own staff or customers, you are the controller and we are your processor; that relationship is governed by our Data Processing Addendum.

EU representative under GDPR Article 27 (where applicable): [will be updated soon].

2. What we collect

  • Account data: name, work email, organisation, role. Authentication is handled by our provider Clerk.
  • Onboarding profile: country, industry, company size, departments using AI, and your compliance objective.
  • Service content: the AI systems, classifications, documents, evidence, and training records you create.
  • Operational data: an admin audit log, plus basic logs needed for security and reliability.
  • Waitlist data: if you join the waitlist, your email and any optional details you submit.

3. Why we process it (legal bases)

  • Contract (Art. 6(1)(b)): to provide the service you signed up for.
  • Legitimate interests (Art. 6(1)(f)): to secure, maintain, and improve the service, and to communicate about it.
  • Consent (Art. 6(1)(a)): for the waitlist and any optional communications; withdraw any time.
  • Legal obligation (Art. 6(1)(c)): where we must retain records.

4. Where data is stored

Application data is hosted in the EU (Supabase, Ireland / eu-west-1). Some sub-processors may process limited data outside the EU under appropriate safeguards (Standard Contractual Clauses). See our Sub-processor list.

5. AI sub-processing

When you run the classifier or generate documents, the relevant inputs may be sent to our LLM provider (Anthropic) to produce the output. Providers are engaged under terms that prohibit training on your data. Do not paste personal or special-category data into free-text fields unless necessary; the product is designed to minimise this.

6. Retention

We keep your data while your organisation is active. Compliance documents may be retained for up to 10 years to mirror EU AI Act record-keeping expectations, unless you delete your organisation sooner. On deletion we erase tenant data promptly (see Section 8).

7. Sharing

We share data only with the sub-processors needed to run the service (hosting, auth, email, LLM, error tracking, analytics), with authorities where legally required, and in a business transfer subject to this policy. We never sell personal data.

8. Your rights

Under the GDPR you have the right to:

  • Access and receive a copy of your data (Settings to Export, JSON).
  • Rectify inaccurate data.
  • Erase your data (Settings to Delete organisation).
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent.
  • Lodge a complaint with your supervisory authority [name the relevant authority once your establishment is confirmed].

Exercise any right in-app or by emailing admin@complyagent.eu.

9. Security

Encryption in transit and at rest, per-tenant data isolation, least-privilege access, and an audit log of administrative actions. No system is perfectly secure; we work to industry standards and are pursuing formal attestations.

10. Cookies

We use only essential cookies needed to sign you in and keep the service working. See our Cookie Policy.

11. Changes

We will post updates here and notify you of material changes. Contact: admin@complyagent.eu.