Privacy Policy
Effective: June 29, 2026 · Last updated: June 29, 2026
1. Who we are
This Privacy Policy explains how DDAI-COMPLY ("DDAI-COMPLY", "we", "us", "our") collects, uses, and protects personal data in connection with our marketing website at ddaicomply.com (the "Site"). Our products and authenticated application may be governed by additional in-product terms and notices.
Data controller: DDAICOMPLY INC., 262 Chapman Rd, Ste 240, Newark, DE 19702, USA. For any privacy question, or to exercise your rights, contact support@ddaicomply.com.
We have not appointed a statutory Data Protection Officer for this Site; data-protection matters are handled by our privacy team, reachable at support@ddaicomply.com.
2. What this policy covers
This policy covers the public marketing Site and the forms it offers (contact, feedback, and data-subject requests). Use of the DDAI-COMPLY application is additionally governed by the agreements and privacy disclosures provided within the product.
3. Information we collect
Information you provide
- Contact form: name, email, company (optional), subject, and message.
- Feedback form: name, email, category, rating, and message.
- Data-subject request form: name, email, request type (erasure, access, or correction), and any details you include.
Providing this information is voluntary; however, a form cannot be submitted without its required fields.
Information collected automatically
- Server logs: IP address, browser/user-agent, referring pages, and timestamps, processed to operate and secure the Site.
- Analytics: aggregate usage data via Google Analytics 4 — collected only after you grant analytics consent through our cookie banner (see our Cookie Policy).
4. Legal bases for processing (GDPR)
- Consent (Art. 6(1)(a)) — analytics cookies and any optional marketing communications; you may withdraw consent at any time.
- Legitimate interests (Art. 6(1)(f)) — operating and securing the Site, preventing abuse, and responding to enquiries you send us. We balance these interests against your rights and freedoms and rely on them only where appropriate; you may object at any time (see "Your rights"), and you can request a summary of our balancing assessment.
- Legal obligation (Art. 6(1)(c)) — keeping certain records and responding to lawful requests.
- Performance of a contract (Art. 6(1)(b)) — where you are, or are becoming, a customer.
5. How we use your information
- Respond to contact and feedback submissions.
- Receive and action data-subject requests (erasure / access / correction).
- Operate, maintain, secure, and improve the Site.
- Understand aggregate usage — only with analytics consent.
- Comply with legal and regulatory obligations.
6. Cookies and analytics
We use strictly necessary cookies to operate the Site and, only with your consent, analytics cookies. Non-essential analytics (Google Analytics 4) does not load until you accept it. You can change or withdraw your choice at any time via the "Cookie settings" link in the footer. See our Cookie Policy for details.
7. How we share information
We do not sell personal data. We share it only with service providers (processors) that help us run the Site, under appropriate data-processing terms:
- Cloud hosting & infrastructure — Microsoft Azure.
- Email delivery — Azure Communication Services (used to send and acknowledge your form submissions).
- Analytics — Google (Google Analytics 4), only where you have consented.
We may also disclose information where required by law, regulation, or legal process, or to protect the rights, property, or safety of DDAI-COMPLY, our users, or others.
8. International transfers
DDAICOMPLY INC. is based in the United States, so personal data collected through the Site is processed in the U.S. and may be processed by our service providers in other countries. Where personal data is transferred from the UK or EEA to a country without an adequacy decision, we rely on appropriate safeguards — principally the UK/EU Standard Contractual Clauses, together with our service providers' transfer mechanisms (for example, certification under the EU-U.S. Data Privacy Framework, where applicable). You can request a copy of the relevant safeguards by emailing support@ddaicomply.com.
9. Data retention
We keep personal data only as long as necessary for the purposes above, then delete or anonymize it. In practice:
- Contact and feedback submissions — kept for as long as needed to handle your enquiry and for a reasonable period afterward for our records, then deleted, unless a longer period is required to meet a legal obligation or resolve a dispute.
- Data-subject request records — kept only as long as needed to action and evidence the request, as permitted or required by law.
- Analytics data — retained for up to 26 months.
- Server logs — retained for a limited period (typically up to 90 days) for security and troubleshooting.
10. Automated decision-making and profiling
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you through this Site.
11. Your rights
Depending on your location (including under the GDPR and UK GDPR), you have the right to access, rectify, erase, restrict, or object to the processing of your personal data, to data portability, and to withdraw consent at any time. You also have the right to lodge a complaint with your data-protection supervisory authority.
To exercise these rights you can:
- Use the "Delete my data" form available from the footer of any page (erasure, access, or correction);
- Adjust or withdraw cookie/analytics consent via "Cookie settings" in the footer; or
- Email support@ddaicomply.com.
We will respond within the time required by applicable law (under the GDPR, normally within one month). We may need to verify your identity before acting on a request.
12. California privacy rights (CCPA/CPRA)
This section applies to California residents and supplements the rest of this policy, as required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA).
Categories of personal information we collect
In the preceding 12 months we have collected the following statutory categories through this Site:
- Identifiers — e.g. name, email address, IP address.
- Customer/professional information — e.g. a company name you provide.
- Commercial information — e.g. your enquiries and the nature of your interest.
- Internet or other electronic network activity — e.g. pages visited and, with your consent, analytics data.
We do not collect Social Security numbers, government IDs, financial account numbers, precise geolocation, or other "sensitive personal information" through this Site, and we do not use it to infer characteristics about you. (Data you provide inside the DDAI-COMPLY application is governed by the in-product notices.)
Sources, purposes, and recipients
We collect this information directly from you (forms) and automatically (server logs and consented analytics), use it for the business purposes described in "How we use your information," and disclose it only to the service providers listed in "How we share information," under contracts that restrict their use of it.
No sale or sharing
We do not sell your personal information and do not "share" it for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA, and we have not done so in the preceding 12 months. We therefore do not offer a "Do Not Sell or Share My Personal Information" mechanism because there is no such activity; if this ever changes, we will update this policy and honor opt-out preference signals such as Global Privacy Control (GPC).
Your California rights
- Know / access the personal information we have collected about you.
- Delete personal information we have collected.
- Correct inaccurate personal information.
- Opt out of sale or sharing — not applicable, as described above.
- Limit the use of sensitive personal information — not applicable, as we do not collect it.
- Non-discrimination — we will not discriminate or retaliate against you for exercising any of these rights.
How to exercise your California rights
Submit a request using the "Delete my data" form in the footer (which also handles access and correction) or email support@ddaicomply.com. We will respond within 45 days (extendable by a further 45 days where permitted) and may need to verify your identity. You may use an authorized agent to submit a request on your behalf; we may require proof of the agent's authorization and verification of your identity.
"Shine the Light"
California's "Shine the Light" law (Civil Code §1798.83) lets California residents request information about disclosures of personal information to third parties for those third parties' own direct-marketing purposes. We do not make such disclosures.
13. Security
We use administrative, technical, and organizational safeguards appropriate to the risk, including encryption in transit, access controls, and rate-limiting on public forms. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
14. Children
The Site is not directed to children under 16 — or under the minimum age set by your jurisdiction, such as 13 under the U.S. Children's Online Privacy Protection Act (COPPA) — and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will delete it.
15. Changes to this policy
We may update this policy from time to time. Material changes will be posted here with a revised "Last updated" date.
16. Contact
Questions about this policy or our data practices: support@ddaicomply.com. UK/EEA users may also contact their local supervisory authority.