Back

Privacy Policy

Last updated: 1 June 2026

ComplyFine ("we", "us") is operated by Marita (a sole trader / zelfstandige based in Belgium). This policy explains what personal data we process and your rights under the EU General Data Protection Regulation (GDPR).

Who is the data controller

The data controller is the ComplyFine sole trader, Belgium. For any privacy request, contact info@complyfine.com.

What data we collect

We collect: your email address; your business profile (business name, country, business type, team size); the compliance deadlines and obligations you track; documents you upload to the vault; and usage data needed to operate the service.

Legal basis

We process your data to perform our contract with you (providing the service), to comply with legal obligations, and on the basis of your consent where applicable. You may withdraw consent at any time.

Where your data is stored

Your data is hosted in the European Union (Ireland, eu-west-1) via our infrastructure provider Supabase. We do not transfer your personal data outside the EU except as described below.

Third parties we use

We share limited data with processors who help us run the service: Stripe (payment processing), Anthropic (AI compliance assistant, your questions are sent to generate answers), and Resend (transactional email such as login codes and reminders). Each processes data only as needed to provide its function.

Sub-processors

The table below lists every sub-processor we use, what they process, and where. Where processing occurs outside the EU, transfers are covered by Standard Contractual Clauses (SCCs) in line with GDPR Article 46.

  • Supabase (database, authentication & file storage): EU (Ireland, eu-west-1)
  • Vercel (hosting & compute): EU (Dublin, dub1)
  • PostHog (product analytics): EU Cloud (data remains in the EU)
  • Anthropic (AI assistance): United States, Standard Contractual Clauses
  • Resend (transactional email): United States, Standard Contractual Clauses
  • Stripe (payment processing): global (EU entity available; SCCs where applicable)

We review this list as our providers change.

Analytics & cookies

We use PostHog (EU Cloud) for product analytics to understand how ComplyFine is used and where it can be improved. PostHog is initialised in memory-only mode: no tracking cookies are set. Your IP address is processed by PostHog solely to derive anonymised, aggregated usage data; it is not stored in a form that identifies you.

We do not use advertising networks or third-party trackers. The legal basis for this analytics processing is your consent (GDPR Article 6(1)(a)). You can decline or withdraw consent at any time via the banner shown on your first visit. Declining has no effect on your ability to use ComplyFine.

How long we keep your data

We keep your data while your account is active. When you delete your account, your personal data is scheduled for removal; some records may be retained where required by law (for example, tax records).

Your rights

Under GDPR you have the right to access, rectify, export, and erase your personal data, and to object to or restrict processing. You can export your data at any time from Settings (Article 20), and delete your account from Settings (Article 17). To exercise any right, contact info@complyfine.com. You also have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit).

Security

We use industry-standard measures including encryption in transit, row-level security, and access controls. No system is perfectly secure, but we work to protect your data.

Children

ComplyFine is a business tool and is not intended for anyone under 18.

Changes

We may update this policy. Material changes will be communicated through the app or by email.

Contact

Questions about this policy: info@complyfine.com.

ComplyFine provides compliance-tracking guidance only, not legal advice.