ComplyKing is launching soon. Read our compliance guides while you wait.
ComplyKing

Privacy Policy

Last updated: June 5, 2026

This Privacy Policy explains how Dariusz Zając Flowsol, operating under the trade name “ComplyKing” (“we,” “us,” or “our”), collects, uses, discloses, and protects your personal data when you use our website at complyking.com and associated services (the “Service”). We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR), applicable Polish data protection law, and other relevant privacy regulations.

1. Data Controller

The data controller responsible for your personal data is:

Dariusz Zając Flowsol
Trade name: ComplyKing
Jednoosobowa Działalność Gospodarcza (Sole Proprietorship), registered in Poland
NIP: 6762512842
Email: hello@complyking.com

2. Information We Collect

2.1. Information You Provide Directly

  • Account information: name, email address, and password when you create an account.
  • Business information: business name, industry, type, state, employee count, and operational details used for document generation.
  • Questionnaire responses: answers to document-specific questions (such as safety coordinator name, emergency contacts, business processes, equipment, and operational procedures).
  • Payment information: processed securely by our payment processor, Stripe. We do not store or have access to your full credit card numbers.
  • Communications: any messages you send to us via email or support channels.

2.2. Information Collected Automatically

  • Usage data: pages visited, features used, documents generated, interaction patterns, and timestamps.
  • Device and browser information: browser type, operating system, screen resolution, and device type.
  • IP address: collected for security, fraud prevention, and analytics purposes.
  • Cookies and similar technologies: see Section 9 below.

2.3. Information We Do Not Collect

We do not intentionally collect sensitive personal data such as health records, Social Security numbers, government IDs, or financial account details beyond what is required for payment processing through Stripe.

3. How We Use Your Information

We process your personal data for the following purposes:

  • Service delivery: to generate compliance documents tailored to your business, manage your account, and provide access to the platform.
  • Payment processing: to process subscription payments and manage your billing through Stripe.
  • Communication: to send transactional emails (account verification, document ready notifications, password reset), subscription-related notices, and compliance deadline reminders.
  • Service improvement: to analyze usage patterns, diagnose technical issues, and improve our platform and document quality.
  • Security and fraud prevention: to protect against unauthorized access, abuse, and fraudulent activity.
  • Legal compliance: to comply with applicable laws, regulations, and legal processes.

4. Legal Basis for Processing (GDPR Article 6)

We process your personal data under the following legal bases:

  • Performance of a contract (Art. 6(1)(b)): processing necessary to provide the Service, generate documents, and manage your subscription.
  • Consent (Art. 6(1)(a)): for analytics cookies (Google Analytics) and optional marketing communications. You may withdraw consent at any time.
  • Legitimate interests (Art. 6(1)(f)): for security, fraud prevention, service improvement, and basic analytics. Our legitimate interest is balanced against your rights and does not override your fundamental freedoms.
  • Legal obligation (Art. 6(1)(c)): where processing is required to comply with applicable law (e.g., tax and accounting records).

5. AI Document Generation and Data Processing

When you generate a document through the Service, your business information and questionnaire responses are sent to our AI providers for processing:

  • Anthropic (Claude): receives your business details and questionnaire responses to generate compliance documents.
  • OpenAI (GPT-4o-mini): receives the generated document for a secondary verification review.

Important details about AI data processing:

  • Your data is sent to AI providers solely for the purpose of generating and verifying your specific document.
  • Per our agreements with these providers and their published data usage policies, your input data is not used to train their AI models.
  • Both Anthropic and OpenAI process data in the United States. See Section 7 regarding international data transfers.
  • Generated documents are stored in your account on our database (Supabase).

6. Third-Party Service Providers

We share personal data with the following categories of service providers who process data on our behalf. We do not sell your personal data to any third party.

ProviderPurposeData Location
AnthropicAI document generationUnited States
OpenAIAI document verificationUnited States
StripePayment processingUnited States
SupabaseDatabase, authentication, storageUnited States (US East)
VercelWebsite hosting and deliveryGlobal (edge network)
Google AnalyticsWebsite analytics (consent-gated)United States
ResendTransactional email deliveryUnited States

We may also share data if required by law, regulation, legal process, or government request.

7. International Data Transfers

Our company is established in Poland (European Union). However, the Service uses infrastructure and third-party providers located in the United States. When your personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • EU-US Data Privacy Framework:where our US-based providers are certified under the EU-US Data Privacy Framework (adopted July 2023), transfers are covered by the European Commission's adequacy decision.
  • Standard Contractual Clauses (SCCs): where the Data Privacy Framework does not apply, we rely on Standard Contractual Clauses approved by the European Commission to provide adequate protection for your data.

8. Data Retention

  • Account data and documents: retained for as long as your account is active. After cancellation, your data remains accessible in read-only mode. Documents are never deleted as a result of cancellation.
  • Account deletion: you may request deletion of your account and associated personal data at any time by contacting hello@complyking.com. We will process deletion requests within 30 days, except where retention is required by law (e.g., tax and financial records, which may be retained for up to 5 years as required by Polish tax law).
  • Payment records: billing and transaction records are retained for a minimum of 5 years as required by Polish tax and accounting regulations.
  • Analytics data: aggregated and anonymized analytics data may be retained indefinitely.

9. Cookies and Tracking Technologies

We use cookies and similar technologies as follows:

Essential Cookies

Required for the website to function properly, including authentication and session management. These cannot be disabled as they are necessary for the Service to operate. Legal basis: legitimate interest.

Analytics Cookies

Google Analytics (GA4) cookies are used to understand how visitors interact with our website. These cookies are only loaded after you provide consent through our cookie consent banner. You can withdraw consent at any time by clicking the cookie settings button on the website.

We use Google Analytics Consent Mode v2, which defaults all analytics to “denied” until you explicitly consent. When you revoke consent, all Google Analytics cookies (_ga, _gid, _gat) are removed from your browser.

Cookie Consent Preferences

Your cookie preferences are stored locally in your browser (localStorage) and expire after 365 days. No data about your cookie preferences is sent to our servers.

10. Your Rights

10.1. Rights Under GDPR (European Economic Area)

If you are located in the EEA, you have the following rights under GDPR:

  • Right of access (Art. 15): request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17):request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.
  • Right to restriction (Art. 18): request that we limit processing of your data in certain circumstances.
  • Right to data portability (Art. 20): receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21): object to processing based on legitimate interests.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint:you may file a complaint with a supervisory authority. In Poland, this is the Prezes Urzędu Ochrony Danych Osobowych (UODO) at uodo.gov.pl.

10.2. Rights Under CCPA (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know: what personal information we collect, use, and disclose.
  • Right to delete: request deletion of your personal information.
  • Right to opt-out of sale: we do not sell personal information. No opt-out is necessary.
  • Right to non-discrimination: we will not discriminate against you for exercising your privacy rights.

10.3. Exercising Your Rights

To exercise any of these rights, contact us at hello@complyking.com. We will respond to verified requests within 30 days. We may ask you to verify your identity before processing your request.

11. Data Security

We implement industry-standard technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS on all connections).
  • Secure password hashing (bcrypt via Supabase Auth).
  • Row-Level Security (RLS) on all database tables ensuring users can only access their own data.
  • API keys and secrets stored as environment variables, never exposed to client-side code.
  • Regular dependency updates and security reviews.

However, no method of electronic transmission or storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

12. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at hello@complyking.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and updating the “Last updated” date. For significant changes, we will also notify registered users by email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

For questions about this Privacy Policy, to exercise your data protection rights, or for any privacy-related concerns, contact us at:

Dariusz Zając Flowsol
Trade name: ComplyKing
Email: hello@complyking.com
NIP: 6762512842

For complaints about our data processing practices, you also have the right to contact the Polish supervisory authority: Prezes Urzędu Ochrony Danych Osobowych (UODO), uodo.gov.pl.