Privacy Policy

Effective Date: August 26, 2025

1. Introduction

EU AI Risk Classifier ("we", "our", or "us") is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This Privacy Policy explains how we collect, use, share, and protect your personal information.

2. Data Controller

The data controller responsible for your personal data is:

EU AI Risk Classifier
Email: privacy@euairisk.com
Data Protection Officer: dpo@euairisk.com

3. Information We Collect

3.1 Information You Provide

  • Email address (when you subscribe to receive compliance documentation)
  • AI system assessment data (risk classification responses)
  • Communication preferences

3.2 Automatically Collected Information

  • IP address (anonymized)
  • Browser type and version
  • Device information
  • Usage analytics through third-party analytics services (if consented)
  • Cookie data (based on your preferences)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: For email marketing and optional cookies
  • Legitimate Interests: For providing and improving our services
  • Legal Obligations: For compliance with applicable laws
  • Contract Performance: For delivering requested services

5. How We Use Your Information

  • To provide AI Act risk classification services
  • To send compliance documentation and updates (with consent)
  • To improve our services and user experience
  • To comply with legal obligations
  • To protect against fraud and security threats
  • To analyze usage patterns (anonymized)

6. Data Sharing

We do not sell your personal data. We may share your information with:

  • Service Providers: Third-party providers for email services, web hosting, database storage, and analytics services
  • Legal Authorities: When required by law or court order
  • Business Transfers: In case of merger or acquisition (with notice)

7. Data Retention

We retain your personal data for:

  • Email addresses: Until you unsubscribe or request deletion
  • Assessment data: 90 days (anonymized after)
  • Analytics data: 26 months
  • Legal records: As required by law

8. Your Rights

Under GDPR, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a portable format
  • Objection: Object to certain processing
  • Restriction: Limit how we use your data
  • Withdraw Consent: Revoke consent at any time

To exercise these rights, contact us at privacy@euairisk.com or use our automated tools:

Export My DataDelete My Data

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit (TLS/SSL)
  • Encryption at rest for sensitive data
  • Access controls and authentication
  • Regular security audits
  • Incident response procedures

10. International Transfers

Important Notice: Your data is stored in the United States. By using our service, you explicitly consent to the transfer and storage of your data outside the European Economic Area (EEA).

We ensure appropriate safeguards for international data transfers through:

  • EU-US Data Privacy Framework participation by our service providers
  • Standard Contractual Clauses (SCCs) where applicable
  • Technical and organizational measures to protect your data
  • Your explicit consent for data transfer outside the EEA

We use service providers in the following categories:

  • Database hosting providers (US-based)
  • Web application hosting providers (Global CDN with US origin)
  • Email service providers (US-based)
  • Analytics service providers (US-based, only with your consent)

All service providers are carefully selected and contractually bound to protect your data in accordance with GDPR requirements.

11. Cookies

We use cookies to enhance your experience. You can manage your preferences through our cookie banner. Types of cookies we use:

  • Necessary: Required for site functionality
  • Analytics: Help us understand site usage through analytics services (optional)
  • Marketing: For relevant content (optional)

12. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email (if subscribed) or through a prominent notice on our website. The "Effective Date" at the top indicates the last revision.

14. Contact Us

For questions, concerns, or to exercise your rights:

Email: privacy@euairisk.com
Data Protection Officer: dpo@euairisk.com
Response time: Within 30 days

15. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your rights under GDPR.

This privacy policy was last updated on August 26, 2025.