Skip to main content

GDPR Compliance

GDPR Compliant Platform

AIComp.ly is fully compliant with the General Data Protection Regulation (GDPR) and maintains the highest standards of data protection and privacy.

Our GDPR Compliance Framework

Data Protection by Design

Built with privacy as a core principle, implementing data protection measures from the ground up.

Lawful Basis for Processing

Clear lawful basis for all data processing activities, with explicit consent where required.

Data Subject Rights

Full support for all GDPR data subject rights including access, rectification, erasure, and portability.

Data Protection Impact Assessments

Regular DPIAs conducted for high-risk processing activities and new features.

Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal data:

Right of Access (Article 15)

You can request access to your personal data and information about how we process it.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

You can request deletion of your personal data under certain circumstances.

Right to Data Portability (Article 20)

You can request your personal data in a structured, machine-readable format.

Right to Object (Article 21)

You can object to processing of your personal data for direct marketing or legitimate interests.

Data Processing Activities

AIComp.ly processes personal data for the following purposes:

  • Service Provision: AI compliance assessments, expert network access, enterprise onboarding
  • Account Management: User authentication, profile management, subscription handling
  • Expert Network: Verification of 3,300+ compliance specialists, expertise matching
  • Compliance Monitoring: Multi-framework compliance tracking (EU AI Act, SOC 2, FedRAMP)
  • Platform Optimization: Performance monitoring, cost optimization, user experience enhancement
  • Legal Compliance: Meeting regulatory requirements, audit trails, legal documentation

Data Security Measures

We implement comprehensive technical and organizational measures to protect your data:

  • • End-to-end encryption for data transmission and storage
  • • Regular security audits and penetration testing
  • • Access controls and role-based permissions
  • • Data backup and disaster recovery procedures
  • • Employee training on data protection principles
  • • Incident response and breach notification procedures

International Data Transfers

When transferring personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Binding Corporate Rules for intra-group transfers
  • Certification schemes and codes of conduct

Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected:

  • • Account data: Duration of subscription + 7 years for legal compliance
  • • Expert profiles: As long as expert remains in network + 3 years
  • • Compliance assessments: 10 years for audit and regulatory purposes
  • • Technical logs: 12 months for security and performance monitoring

Contact Our Data Protection Officer

For any GDPR-related questions, concerns, or to exercise your rights:

Data Protection Officer
Email: dpo@aicomp.ly
Privacy Team: privacy@aicomp.ly
Enterprise Privacy: enterprise-privacy@aicomp.ly

Response time: We will respond to all GDPR requests within 30 days (1 month) as required by law, and often much sooner.

Zero Synthetic Data Commitment

In compliance with GDPR's data accuracy requirements, AIComp.ly maintains a zero synthetic data policy. All 3,300+ expert profiles and compliance data are sourced from authentic, verified databases, ensuring the highest standards of data accuracy and integrity.