Privacy Policy

RegulatoryIQ LLC ("we," "us," or "our") operates the website regulatoryiq.ai. This Privacy Policy explains how we collect, use, and protect your personal information when you visit our website or purchase our products.

Information We Collect

We collect information that you provide directly to us in connection with your use of our services:

• Name and email address provided during purchase via Stripe or newsletter signup
• Business name collected at checkout (optional)
• Payment information processed entirely by Stripe. We never receive, access, or store credit card numbers, CVVs, or other payment card data.
• Document content submitted for AI gap analysis. Documents are processed in real time and discarded immediately after analysis. No document content is stored.
• Email communications when you contact our support team
• Website usage data if and when analytics tools are implemented (see Cookies section below)

How We Use Your Information

We use the information we collect for the following purposes:

• To fulfill digital product purchases and deliver template files to your email
• To process AI gap analysis requests and deliver analysis reports
• To provide customer support and respond to inquiries
• To send product updates to purchasers, such as updated template versions reflecting new regulatory guidance
• To send regulatory intelligence updates to newsletter subscribers (with consent)
• To maintain purchase records for tax and accounting purposes

We do not sell, rent, or share your personal data with third parties for marketing purposes. We do not use customer data or submitted documents to train AI models.

Third-Party Services

We use the following third-party services to operate our business. Each processes data according to their own privacy policies:

• Stripe (payment processing) — Stripe Privacy Policy
• Google Workspace (email and business tools) — Google Privacy Policy
• Netlify (website hosting) — Netlify Privacy Policy
• Mailchimp (Intuit) (email marketing and newsletter distribution) — Intuit Privacy Statement
• Anthropic (AI document analysis processing) — Anthropic Privacy Policy. Documents submitted for AI gap analysis are processed in real time and not retained after analysis is complete.

Data Retention

Purchase records are retained for tax and accounting purposes as required by applicable law. Newsletter subscription data is retained until you unsubscribe. Documents submitted for AI analysis are not retained; they are processed in real time and discarded immediately. You may request deletion of your personal data at any time by emailing . We will process deletion requests within 30 days, except where retention is required by law.

Lawful Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process personal data on the following lawful bases:

• Contract performance (Article 6(1)(b)) — Processing your name, email, and billing information is necessary to fulfill your purchase of digital products and deliver template files or AI analysis reports.
• Legitimate interests (Article 6(1)(f)) — We process limited data (email address, purchase history) for customer support, product updates (e.g., updated templates reflecting new regulatory guidance), and fraud prevention. You may object to processing based on legitimate interests at any time.
• Consent (Article 6(1)(a)) — Where you subscribe to our email newsletter or request free resources, we process your email address based on your explicit consent. You may withdraw consent at any time by unsubscribing or contacting us.

Data Protection Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights under the General Data Protection Regulation:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate data
• Right to erasure — request deletion of your personal data
• Right to restrict processing — request limitation of how we use your data
• Right to data portability — request your data in a structured, machine-readable format
• Right to object — object to our processing of your personal data, including processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, withdraw at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact . We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

International Data Transfers

RegulatoryIQ is based in the United States (Tennessee). If you are accessing our services from the European Economic Area, United Kingdom, or other jurisdictions with data protection laws that differ from U.S. law, please be aware that your personal data will be transferred to and processed in the United States.

We rely on the following mechanisms to ensure adequate protection of transferred data:

• Stripe participates in the EU-US Data Privacy Framework and maintains Standard Contractual Clauses (SCCs) for international transfers
• Google Workspace operates under Google's Data Processing Amendment, which includes Standard Contractual Clauses
• Mailchimp (Intuit) maintains Standard Contractual Clauses and supplementary measures for EU data transfers
• Anthropic processes document data in real time with zero data retention; no personal data is stored after analysis completion

By using our services and providing your personal data, you acknowledge that your data will be processed in the United States under the safeguards described above.

Data Protection Contact

RegulatoryIQ has not designated a formal Data Protection Officer (DPO) at this time, as we do not engage in large-scale systematic monitoring of individuals or large-scale processing of special categories of data. For all data protection inquiries, rights requests, or complaints, contact:

Zach Galloway, Founder

RegulatoryIQ LLC, Tennessee, United States

Cookies

As of March 2026, we do not use tracking cookies or third-party analytics tools on regulatoryiq.ai. Only essential cookies required for basic site functionality (if any) may be set by our hosting provider. This section will be updated if analytics or tracking tools are implemented in the future.

Security

We protect your data using industry-standard measures including 256-bit TLS encryption on all connections to regulatoryiq.ai. Payment information is handled exclusively by Stripe and never touches our servers. Documents submitted for AI analysis are transmitted with encryption and discarded immediately after processing. We restrict access to personal data to authorized personnel only.

Children's Privacy

RegulatoryIQ is a business-to-business service directed at regulatory and quality professionals. Our website and products are not directed at children under 13. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected data from a child under 13, please contact us immediately at .

Changes to This Policy

We may update this Privacy Policy from time to time. Changes are effective upon posting to this page. We encourage you to review this policy periodically. Material changes will be noted by updating the "Last updated" date above.

Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

RegulatoryIQ LLC

Tennessee, United States