Privacy Policy

1. Introduction

Acompli ("we", "our", "us") is the controller for the personal data we process through our GDPR compliance platform. If you have any questions about this notice or how we handle your information, contact us at privacy@acompli.co.

2. Information We Collect

2.1 Information you provide

• Account and profile data: name, email address, job title, organisation and any details you add.
• Communications: information shared when you contact us for support or feedback.
• Platform content: assessment details, risk entries, RoPA records and related documentation you create or upload.

2.2 Information we collect automatically

• Usage data: how you interact with the platform, including timestamps, features used and navigation patterns.
• Technical data: IP address, browser type, device identifiers and error diagnostics.

3. How We Use Your Information

• Service delivery: to provide, maintain and improve Acompli.
• Account administration: to set up accounts, authenticate users and offer support.
• AI assistance: to power features such as drafting support, risk extraction and RoPA generation.
• Communications: to send service updates, respond to enquiries and gather feedback.
• Analytics and security: to monitor performance, prevent abuse and ensure platform integrity.
• Legal compliance: to meet regulatory requirements and enforce agreements.

4. Legal Bases for Processing

• Contract: to deliver the services you or your organisation has requested.
• Legitimate interests: to operate the platform, ensure security and improve functionality.
• Consent: where you explicitly agree to optional processing.
• Legal obligation: to comply with applicable laws and regulations.

5. Sharing Your Data

We do not sell personal data. We may share information with:

• Service providers who help us deliver the platform (e.g., hosting, AI services) under strict confidentiality and security obligations.
• Professional advisers such as lawyers or auditors when necessary.
• Authorities where required by law or to protect rights.
• Business transfers if we restructure, merge or sell part of our business.

6. Data Security

We implement technical and organisational measures including encryption in transit and at rest, role-based access controls, monitoring, and secure software development practices. While we strive to protect your information, no system is completely immune to risk.

7. Data Retention

We retain personal data while it is needed to provide the service, comply with legal obligations or resolve disputes. When information is no longer required, we delete or anonymise it in line with our retention schedule.

8. Your Rights

You have the right to:

• Access your personal data.
• Rectify inaccurate information.
• Erase data where there is no compelling reason to retain it.
• Restrict processing in certain circumstances.
• Object to processing based on legitimate interests.
• Data portability where technically feasible.
• Withdraw consent at any time without affecting prior processing.
• Lodge a complaint with your supervisory authority (in the UK, the ICO).

To exercise these rights, contact us at privacy@acompli.co.

9. International Transfers

Your data may be transferred to and processed in countries outside the UK or EEA. Where this happens, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via the platform or by email. Continued use of Acompli after updates constitutes acceptance of the revised policy.

11. Contact Us

If you have questions or concerns about this policy or our data practices, please contact:

Email: privacy@acompli.co
Address: 123 Compliance Lane, London, UK