Privacy policy

Last updated · April 2, 2026

1 · Who we are

CompliPath is operated from Romania within the European Union.

Contact: contact@localhost

2 · What data we collect

• Email addresses — only when you voluntarily subscribe to our regulatory digest.
• We do not use cookies.
• We do not use analytics or tracking tools.
• We do not use third-party scripts that collect data.
• We do not process your IP address or any device information.
• We do not load any external resources — all fonts and assets are self-hosted.

3 · Why we collect it

Your email address is used solely to send you regulatory update digests.

Legal basis: your explicit consent (GDPR Article 6(1)(a)).

4 · Where your data is stored

Your email address is stored on infrastructure located in Romania, within the European Union.

No data is transferred outside the European Economic Area.

5 · AI processing

CompliPath uses OpenAI to summarise publicly available regulatory texts and to generate assessment roadmap guidance for signed-in paid users.

• Assessment profile inputs and relevant context may be sent to OpenAI for processing.
• We do not use this data for advertising or tracking.
• Only required AI requests are processed server-side.

6 · Your rights

Under GDPR, you have the right to:

• Access your data — request what we store about you.
• Rectify your data — correct your email address.
• Erase your data — request deletion; we will remove your email within 72 hours.
• Withdraw consent — unsubscribe from digests at any time.

To exercise any of these rights, email contact@localhost.

7 · Data retention

We retain your email address only while you are subscribed.

Upon unsubscription, your email is deleted within 30 days.

8 · Changes to this policy

We will update this page if our practices change. The "last updated" date at the top will reflect the most recent revision.