Privacy Policy

This policy explains what personal data AiDact collects when you use our service, why we collect it, how long we keep it, and your rights under the EU General Data Protection Regulation (GDPR).

1. Who We Are

AiDact is a compliance documentation service operating at aidact.eu. We generate personalised EU AI Act compliance documentation for organisations based on information they provide. For the purposes of GDPR, AiDact is the data controller for personal data collected through this service.

You can contact us at hello@aidact.eu with any privacy-related queries.

2. What Data We Collect

When you use AiDact, we collect the following information:

Contact information — your email address, used to deliver your compliance pack
Organisation information — your organisation's name, industry, country, and size
AI systems information — details about the AI tools your organisation uses and how you use them
Payment information — processed entirely by Stripe; we do not store card details
Transaction data — Stripe session ID, payment timestamp, and order status

We do not collect special category data (health, biometric, political, religious data) and our intake form is designed to avoid this. Please do not submit such data.

3. Why We Collect It (Legal Basis)

Contract performance (Art. 6(1)(b) GDPR) — we need your email and organisation details to generate and deliver your compliance pack
Legitimate interests (Art. 6(1)(f) GDPR) — we retain order records to fulfil re-delivery requests and resolve disputes

4. How We Use Your Data

Your data is used solely to:

Generate your personalised compliance documentation using the Claude AI model (Anthropic)
Deliver your compliance pack to your email address via Resend
Process your payment via Stripe
Provide customer support and re-deliver documents if requested

We do not use your data for marketing, profiling, or advertising purposes. We do not sell your data to third parties.

5. Third-Party Processors

We use the following sub-processors to deliver our service:

Anthropic (claude.ai) — AI generation of compliance content. Your organisation details and AI usage information are sent to Anthropic's API to generate your documents. Anthropic's privacy policy applies: anthropic.com/privacy
Stripe — payment processing. Card data is handled entirely by Stripe and never passes through our systems. Stripe's privacy policy: stripe.com/privacy
Resend — email delivery of your compliance pack. Your email address and document are passed to Resend for delivery. Resend's privacy policy: resend.com/legal/privacy-policy
Vercel — hosting and file storage. Your order data is stored in Vercel's Blob storage. Vercel's privacy policy: vercel.com/legal/privacy-policy

All processors are contractually bound to process your data only as instructed and in accordance with GDPR.

6. Data Retention

We retain your order data (email, organisation name, generated compliance content) for 12 months from the date of purchase. After this period, order records are deleted from our storage.

Stripe retains payment records in accordance with their own retention policy and applicable financial regulations.

7. Data Transfers

Your data may be processed outside the European Economic Area (EEA) by our sub-processors (Anthropic, Stripe, Resend, and Vercel are US-based companies). Where this occurs, transfers are made under the EU-US Data Privacy Framework or Standard Contractual Clauses as appropriate.

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

Access — request a copy of the data we hold about you
Rectification — ask us to correct inaccurate data
Erasure — request deletion of your data (the "right to be forgotten")
Restriction — ask us to limit how we use your data
Portability — receive your data in a machine-readable format
Objection — object to processing based on legitimate interests

To exercise any of these rights, email us at hello@aidact.eu. We will respond within 30 days.

You also have the right to lodge a complaint with your national data protection authority. In Ireland, this is the Data Protection Commission.

9. Cookies

AiDact does not use tracking cookies or analytics. We do not use Google Analytics, Facebook Pixel, or any similar tracking technology. The only cookies present are those set by Stripe during the payment process, which are necessary for the transaction to function.

10. Important Disclaimer

The compliance documentation generated by AiDact is a starting point based on information you provide. It does not constitute legal advice and does not guarantee compliance with the EU AI Act or any other regulation. We strongly recommend reviewing all generated documents with qualified legal counsel before relying on them for regulatory purposes.

11. Changes to This Policy

We may update this privacy policy from time to time. The date at the top of this page will reflect the most recent update. Continued use of the service after changes constitutes acceptance of the updated policy.