Privacy Policy

1. Data Controller

The data controller for personal data processed through this website is:

2. Personal Data We Collect

When you use our AI-powered process assessment feature, we may collect and process the following categories of data:

• Process information: Process name and description you enter in the assessment form.
• Uploaded files: Documents and images (PDF, JPEG, PNG, WEBP, GIF) you voluntarily attach to your assessment request.
• Account data: If you choose to log in, your name and email address provided via our authentication provider (Kinde).
• Technical data: IP address, browser type, operating system, referring URLs, and pages visited, collected automatically via server logs and analytics.
• Usage analytics: Anonymised page-view data collected via Umami Analytics.

3. Purposes and Legal Bases for Processing

Where processing is based on consent (Art. 6(1)(a)), you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal. Withdrawal of consent will prevent the submission of new assessment requests.

4. AI Processing and the EU AI Act

Our assessment feature uses a general-purpose AI system (Google Gemini) to analyse your process information and suggest checklist items. In accordance with Regulation (EU) 2024/1689 (EU AI Act):

• The AI assessment is informative and indicative only and does not constitute a professional or final evaluation.
• No automated decisions with legal or similarly significant effects are made about you.
• Human review by our experts is always available and recommended for any consequential business decisions.

5. Data Recipients and Third-Party Processors

We share your data only with third-party processors necessary to deliver the service, all bound by data processing agreements:

6. International Data Transfers

Some of our third-party processors (Google LLC, Kinde) are located outside the European Economic Area (EEA), principally in the United States. Transfers to these countries are safeguarded by one or more of the following mechanisms as applicable: EU Standard Contractual Clauses adopted by the European Commission, the EU–US Data Privacy Framework (where the recipient is certified), or other appropriate safeguards under Chapter V of the GDPR.

7. Data Retention

• Assessment session data (process name, description, uploaded files): Uploaded files are used solely to generate the AI assessment response. Assessment data is retained in Google Drive for a maximum of 90 days after submission, then deleted.
• Account data: Retained for the duration of your account and deleted upon account closure or upon request.
• Server logs: Retained for up to 30 days for security and troubleshooting purposes.
• Analytics data: Anonymised; retained indefinitely in aggregated form with no personal identifiers.

8. Your Rights under the GDPR

As a data subject under the GDPR (Regulation (EU) 2016/679), you have the following rights:

• Right of access (Art. 15): Obtain confirmation of whether we process your data and a copy thereof.
• Right to rectification (Art. 16): Have inaccurate data corrected without undue delay.
• Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten") where applicable.
• Right to restriction of processing (Art. 18): Request that we restrict processing in certain circumstances.
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interests.
• Right to withdraw consent (Art. 7(3)): Withdraw consent at any time without affecting prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (extendable by a further 2 months for complex requests). Identity verification may be required.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with the competent supervisory authority. In Latvia, this is:

10. Cookies and Tracking Technologies

This website uses the following cookies and storage mechanisms:

• Session storage: We use your browser's sessionStorage to temporarily save your assessment form draft. This data is stored only in your browser and is automatically cleared when you close the browser tab.
• Authentication cookies: If you log in, Kinde sets authentication cookies necessary for session management. These are strictly necessary for the login functionality.
• Analytics (Umami): Umami Analytics operates without persistent cookies and does not track individual users across sessions. No personal data is collected by Umami.

We do not use advertising cookies or share data with advertising networks.

11. Data Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction, or alteration. All data transfers between your browser and our servers, and between our servers and third-party processors, are encrypted using TLS/HTTPS. File uploads are transmitted directly to secure cloud storage and are not stored on our own servers beyond temporary processing.

12. Children's Privacy

Our service is intended for business users and is not directed at individuals under the age of 16. We do not knowingly collect personal data from minors. If you become aware that a child has provided us with personal data, please contact us at [email protected].

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on this page with a revised "Last updated" date. For material changes, we will provide a more prominent notice. Your continued use of the service after any changes constitutes acceptance of the updated policy.

For any questions about this Privacy Policy or your personal data, contact us at [email protected].