Privacy Policy
Last updated: April 6, 2026
What we collect
- Account data — email address and a bcrypt-hashed password when you register.
- AI stack data — the AI services, use cases, and region you select in the scanner. This is stored to track your compliance obligations.
- Generated documents — compliance documents generated for your account are stored so you can access them later.
What we do not collect
- We do not use cookies for tracking or advertising.
- We do not sell, share, or transfer your data to third parties.
- We do not store payment information (handled by Stripe when payment is enabled).
Analytics
We use PostHog for product analytics, hosted in the EU. Anonymous visitors are not tracked as individuals. When you create an account, we associate your user ID, email, company name, and signup date with your product usage to understand how the product is used, improve it, and provide support. We also record login-attempt outcomes (requested, rate-limited, failed) so we can detect abuse and spot delivery problems; these events include your email address (already associated with your account) and a hashed (SHA-256) representation of your IP address. We never store raw IPs in analytics. Our legal basis is legitimate interest under GDPR (Art. 6(1)(f)). You can opt out or request deletion of your analytics data by emailing privacy@aiactstack.com.
Applies only to this browser. For account-wide deletion, email us above.
Session cookies
We use a single session cookie to keep you logged in. This cookie is essential for the application to function and is not used for tracking. It expires when you log out or after your session ends.
Data storage
Your data is stored on servers hosted by Fly.io with encrypted connections (TLS). Passwords are hashed using bcrypt and are never stored in plaintext.
Data retention
Your data is retained as long as your account is active. You can request deletion of your account and all associated data by contacting us.
Your rights
Under the GDPR, you have the right to access, correct, delete, or export your personal data. To exercise these rights, contact us at the address below.
Contact
For privacy-related questions: privacy@aiactstack.com