RegMind AI - Compliance AI Copilot

1. Introduction

Welcome to RegMind AI ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered compliance assessment platform.

By using RegMind AI, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide

Account information (name, email address, company name)
Documents uploaded for compliance analysis
Assessment configurations and preferences
Communication data when you contact us

2.2 Information from Google Sign-In

When you sign in using Google, we receive:

Your Google account email address
Your name as provided to Google
Your Google profile picture (if available)
A unique identifier from Google

Google's use of information is governed by Google's Privacy Policy. You can manage your Google account permissions at any time through your Google account settings.

2.3 Information Automatically Collected

Usage data (features used, time spent, interactions)
Device and browser information
IP address and approximate location
Cookies and similar tracking technologies (essential cookies only)

3. How We Use Your Information

We use your information for the following purposes:

Provide and maintain our AI-powered compliance services
Process your documents and generate compliance assessments
Improve our AI models and service quality
Communicate with you about your account and services
Ensure security and prevent fraud
Comply with legal obligations
Analyze usage patterns to enhance user experience

4. AI Processing and Data Usage

RegMind AI uses advanced artificial intelligence to analyze your documents and provide compliance insights. Here's how we handle your data during AI processing:

Documents are processed securely using encrypted connections
AI analysis is performed on our secure servers
We do not use your documents to train our general AI models without explicit consent
Processed data is retained only as long as necessary for service delivery
You can request deletion of your documents and analysis results at any time

5. Third-Party AI Services

We use carefully selected AI service providers to power our compliance analysis. Your documents may be processed by:

Anthropic (Claude) - Advanced reasoning and analysis
OpenAI - Document understanding and processing
Google (Gemini) - Supplementary analysis capabilities
OpenRouter - AI routing and optimization service

Important safeguards:

Documents are processed locally: We never send full documents to AI providers
Only relevant snippets: We extract and send only specific text snippets needed for compliance analysis
Privacy by design: Document processing happens on our servers before any AI interaction
All AI providers are contractually prohibited from training on your data
Data is transmitted using encrypted connections
We do not send personally identifiable information when possible
AI providers process data transiently and do not retain it

6. File Storage and Retention

6.1 Document Storage

Your uploaded documents are:

Stored securely in cloud storage (Cloudflare R2 or DigitalOcean Spaces) with encryption at rest
Not publicly accessible - only you and authorized personnel can access them
Backed up regularly for disaster recovery
Stored in geographically distributed data centers for reliability

6.2 Retention Policy

Active documents: Retained while your account is active
Deleted documents: Permanently removed within 30 days
Account closure: All data deleted within 90 days
Backups: May persist up to 90 days in backup systems
Legal holds: Extended if required by law

6.3 Your Control

You can:

Delete individual documents at any time
Export your data before deletion
Request complete data deletion
Access deletion logs for compliance

7. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following situations:

With your consent or at your direction
With service providers who assist in our operations
To comply with legal obligations or court orders
To protect our rights, privacy, safety, or property
In connection with a business transaction (merger, acquisition)

8. Subprocessors

We use the following third-party service providers ("Subprocessors") to help deliver our services:

Service Provider	Purpose	Location
Cloudflare R2	Document storage	Global
DigitalOcean Spaces	Document storage	United States/Europe
DigitalOcean Droplets	Application hosting & compute	United States/Europe
Google Cloud	Authentication & AI services	United States
Anthropic	AI processing	United States
OpenAI	AI processing	United States
OpenRouter	AI routing service	United States

We ensure all subprocessors maintain appropriate security measures and comply with applicable privacy laws.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

Encryption of data in transit and at rest
Regular security assessments and audits
Access controls and authentication mechanisms
Employee training on data protection
Incident response procedures

10. Your Rights and Choices

Depending on your location, you may have the following rights:

Access your personal information
Correct inaccurate data
Request deletion of your data
Object to or restrict processing
Data portability
Withdraw consent
Opt-out of marketing communications

To exercise these rights, please contact us at [email protected].

11. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations. Retention periods vary based on:

The nature of the data
Legal and regulatory requirements
Business purposes
Your preferences and requests

12. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including:

Standard contractual clauses
Adequacy decisions
Your explicit consent where required

13. Children's Privacy

RegMind AI is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

14. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. For material changes, we will provide additional notice via email or through the platform.

15. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Your CCPA Rights

Right to Know: Request information about personal information we collect, use, and disclose
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt-out of the "sale" of personal information (we do not sell personal information)
Right to Non-Discrimination: Not be discriminated against for exercising your rights

Categories of Information We Collect

Identifiers (name, email, IP address)
Commercial information (subscription details)
Internet activity (usage data)
Professional information (company details)

To exercise your CCPA rights, contact us at [email protected].

16. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

RegMind AI

Email: [email protected]

17. Additional Information for EU Residents

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

Legal basis for processing (legitimate interest, contract performance, consent)
Right to lodge a complaint with supervisory authorities
Data Protection Officer contact (if applicable)