Privacy Policy

1. Introduction

Welcome to AIGC Compliance ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our API service and website.

This policy complies with the European General Data Protection Regulation (GDPR) and the Spanish Organic Law on Data Protection (LOPD-GDD).

2. Data Controller Information

3. Information We Collect

3.1 Personal Information

When you register for our service, we collect:

• Name and email address
• Account credentials
• Company information (if applicable)
• Billing and payment information

3.2 Automatically Collected Information

We automatically collect certain information when you use our service:

• IP address and device information
• Browser type and version
• Usage data and analytics
• API request logs

4. How We Use Your Information

We use your personal information for the following purposes:

• Service Provision: To provide and maintain our API service
• Account Management: To manage your account and provide support
• Billing: To process payments and send invoices
• Communication: To send important service updates and notifications
• Improvement: To analyze usage and improve our service
• Legal Compliance: To comply with legal obligations

5. Legal Basis for Processing

Under GDPR, we process your personal data based on:

• Contract Performance: Processing necessary to provide our services
• Consent: Where you have given explicit consent
• Legitimate Interests: To improve our service and prevent fraud
• Legal Obligation: To comply with applicable laws

6. Data Sharing and Third Parties

We may share your information with:

• Payment Processors: Stripe for payment processing
• Email Services: SendGrid for transactional emails
• Cloud Infrastructure: Railway, Supabase for hosting
• Analytics: Service usage analytics (anonymized where possible)

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the EU Commission
• Adequacy decisions by the EU Commission
• Privacy Shield certification (where applicable)

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to certain processing activities
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at privacy@aigc-compliance.com

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Typically:

• Account data: Retained while your account is active
• Billing records: 7 years (legal requirement)
• API logs: 90 days
• Marketing data: Until you unsubscribe

10. Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption in transit (TLS/SSL) and at rest
• Access controls and authentication
• Regular security audits
• Employee training on data protection
• Incident response procedures

11. Cookies and Tracking

We use cookies and similar technologies to improve your experience. For detailed information, please see our Cookie Policy.

12. Children's Privacy

Our service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through our service.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us:

15. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD):