Privacy Policy

Last updated: February 2026

Who We Are

ComplyOne is a compliance intelligence platform operated from Switzerland.

  • Data controller: ComplyOne (legal entity registration pending)
  • Address: Switzerland (registered address to be confirmed)
  • Contact: ops.manager@complyone.io
  • Data Protection Officer: No Data Protection Officer has been appointed as we are below the statutory threshold.

What Data We Collect

CategoryWhat specificallyWhen collected
Business profileCompany name, website URL, employee count, countries of operation, headquarters, industry, data processing activities, AI usage, data types handled, compliance approach, top concernCompliance health check form
Contact informationEmail addressAll forms (waitlist, compliance check, newsletter)
Waitlist dataEmail, company name, employee count, countries, top concern, founding customer flagWaitlist signup
Newsletter preferenceOpt-in/outCompliance check form checkbox
Marketing attributionUTM source, medium, campaign, referral sourceCaptured from URL parameters on all form submissions
Analytics dataPage views, click events, scroll depth, form interactions, device type, browser, approximate location (country-level)PostHog analytics (only after cookie consent)
Technical dataIP address (anonymised), browser user agentServer logs

Legal Basis for Processing

Processing activityLegal basisGDPR Article
Delivering compliance reportLegitimate interest — providing the service you requestedArt. 6(1)(f)
Waitlist managementLegitimate interest — communicating about product availabilityArt. 6(1)(f)
NewsletterConsent — opt-in checkbox (pre-unchecked)Art. 6(1)(a)
Analytics (PostHog)Consent — cookie banner acceptanceArt. 6(1)(a)
Website hosting and securityLegitimate interest — maintaining a secure serviceArt. 6(1)(f)

Sub-Processors

ServicePurposeLocationData processed
SupabaseDatabase (PostgreSQL)EU regionAll form submission data
PostmarkTransactional email deliveryUS (SCCs in place)Email addresses, email content
PostHogPrivacy-focused analyticsEU CloudAnonymised usage data, only with consent
VercelWebsite hostingFrankfurt, GermanyPage requests, server logs

Cookies

CookieTypePurposeDurationLoaded without consent?
PostHog analyticsAnalyticsPage views, funnels, A/B testsSession / 1 yearNo — only after “Accept”
Cookie consent choiceEssentialRemembers your cookie preference1 yearYes (essential)
Form stateEssentialSaves compliance check progressSessionYes (essential, localStorage)

We do not use advertising cookies. We use Google Analytics with anonymised IP addresses for website performance monitoring only. We do not share your data with advertisers or third-party tracking networks.

Data Retention

DataRetention
Compliance check submissionsUntil product launch + 12 months after last interaction, then deleted
Waitlist signupsUntil product launch + 12 months, then deleted
Newsletter subscribersUntil you unsubscribe
Analytics dataPostHog default (typically 12 months)

Your Rights

Under GDPR and the Swiss Federal Act on Data Protection (FADP), you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Restrict processing
  • Data portability (receive your data in machine-readable format)
  • Object to processing
  • Withdraw consent at any time (without affecting prior processing)
  • Lodge a complaint with the FDPIC (Switzerland) or your relevant EU supervisory authority

Contact: ops.manager@complyone.io — we respond within 30 days.

International Transfers

All primary infrastructure is EU/Swiss-based. Where sub-processors operate outside the EU/EEA (Postmark — US), EU Standard Contractual Clauses (SCCs) are in place.

Governing Law

Swiss law. Jurisdiction: courts of Zurich, Switzerland.

Updates

Last updated: February 2026. We will notify users of material changes via email or website notice.

Questions about your data? ops.manager@complyone.io · Terms of Service · Imprint

Free compliance check — find out which EU regulations apply to your business