Privacy Policy
Last updated: February 2026
1. Controller Information
Controller: Regulatio Tech
Address: Kneza Stracimira 22, Serbia
Contact: info@regulatio.com
Regulatio has not appointed a Data Protection Officer.
2. Personal Data Processed
We process:
- Name
- Business email
- Company name
- Job title
- Documentation uploaded relating to AI systems and governance
We do not intentionally process special category data.
3. Roles Under GDPR
- Controller for account, billing, and platform data
- Processor for customer-uploaded documentation
4. Legal Bases
- Contract performance (Art. 6(1)(b))
- Legitimate interests (Art. 6(1)(f))
- Legal obligations (Art. 6(1)(c))
5. Purpose of Processing
- Provide and operate the Service
- Compliance analysis
- Security and fraud prevention
- Customer support
6. Data Retention
- Account data: active term + 12 months
- Uploaded documentation: deleted within 30-90 days after termination
- Aggregated anonymized data: retained indefinitely
7. Security Measures
We implement:
- Encryption in transit
- Access controls
- Least-privilege principles
- Incident response procedures
8. Subprocessors
We use subprocessors such as:
- Cloud infrastructure providers
- Authentication providers
- Analytics services
- Payment processors
A current list is available upon request.
9. International Transfers
Where data is transferred outside the EEA, appropriate safeguards are applied.
10. Data Subject Rights
You have the rights to:
- Access
- Rectification
- Erasure
- Restriction
- Objection
- Data portability
Requests may be sent to info@regulatio.com.
11. Changes
Material changes will be communicated via the Website.