Privacy Policy
Who runs this service
AIActComply is run by Elven Crafts, a Finnish sole trader, Y-tunnus 3603623-2, Lehmihaka 2, 01360 Vantaa, Finland. Questions: hello@aiactcomply.eu
What we collect
Email updates (optional)
If you tick the opt-in box on the contact step of the questionnaire, we store your email address to send you notifications when EU AI Act guidance, deadlines, or enforcement rules change in a way that may affect your documents. The legal basis is Article 6(1)(a) GDPR — your consent. You can withdraw that consent at any time by emailing hello@aiactcomply.eu; we will remove you within 7 days. We do not share this list with third parties and we do not use it for marketing.
Questionnaire answers
When you fill in the questionnaire, we store your company name, country, registration number, contact name, email address, and the details you enter about your AI system (name, description, risk level, intended use, affected parties). We use this to generate your documents and nothing else. The legal basis under GDPR is Article 6(1)(b) — processing necessary to perform the contract you entered into when requesting the service.
Payment
Card details go directly to Stripe and never touch our servers. We store the Stripe session ID, the amount paid, and whether your documents are unlocked. That is enough to verify your purchase; we store nothing more. Stripe's privacy policy: stripe.com/privacy. Legal basis: Article 6(1)(b) GDPR.
Language detection
When you start the questionnaire, we call our own server to read your country from Cloudflare's edge network (the same data Cloudflare already uses for routing). We use this to suggest a document language. Your IP address is not stored; the country code is used only for that single suggestion and then discarded.
Server logs
Cloudflare logs standard request data (IP address, path, timestamp) for security purposes. We have no analytics installed.
Cookies
We set one functional cookie: aiact_lang. It stores the document language
you selected so it carries over to future visits. It contains only a two-letter
language code (for example fi or de), expires after one year,
and is never shared with third parties. No tracking cookies are used.
This cookie is strictly functional — it saves a preference, not a user identity. No consent banner is required under the ePrivacy Directive for this type of cookie, but you can clear it at any time through your browser settings.
Who sees your data
Two companies process data on our behalf:
Cloudflare, Inc. hosts the site and holds the database. Data sits in Cloudflare's EU-region infrastructure.
Stripe, Inc. handles payments. Stripe operates under the EU-US Data Privacy Framework.
We do not sell your data.
How long we keep it
Questionnaire answers and generated documents stay in the database until you ask us to delete them. Payment records are kept for seven years under Finnish accounting law and cannot be deleted on request during that period.
Your rights
Under GDPR you can ask us to show you what data we hold, correct anything wrong, delete it (subject to the accounting retention rule above), restrict how we use it, or hand it to you in a portable format. Email hello@aiactcomply.eu and we will respond within 30 days.
If you think we have handled your data unlawfully, you can complain to the Finnish Data Protection Authority: tietosuoja.fi
Changes
If this policy changes in a way that affects how we use your data, we will update the date above. Continuing to use the service after a change means you accept the updated policy.