Privacy Policy

Last Updated: January 2026

1. Introduction

Compliance Guard ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our compliance document tracking service.

We adhere to the General Data Protection Regulation (GDPR) for users in the European Economic Area and the California Consumer Privacy Act (CCPA) for California residents.

2. Information We Collect

2.1 Account Information

When you sign up via Replit Authentication, we collect:

  • Email address
  • First and last name
  • Profile image URL
  • Unique user identifier

2.2 Document Information

For compliance tracking, you may provide:

  • Document names and categories
  • Expiration dates
  • Issuing authority information
  • Notes and descriptions

2.3 AI-Processed Data

When you upload documents for automatic date extraction:

  • We extract only text snippets containing potential dates (minimal data transfer)
  • Common PII patterns are automatically redacted before processing, including: email addresses, phone numbers, Social Security numbers, credit card numbers, street addresses, and ZIP codes
  • Only minimal, sanitized text snippets surrounding detected dates are sent to OpenAI
  • If no date patterns are detected, no data is sent to external services
  • We do not store the full content of uploaded documents

3. How We Use Your Information

  • Service Delivery: To provide compliance tracking and expiration alerts
  • AI Processing: To extract dates from documents using OpenAI (with PII removed)
  • Authentication: To verify your identity via Replit OAuth
  • Payment Processing: To manage subscriptions via Stripe
  • Communications: To send expiration alerts and service updates

4. Third-Party Services

4.1 OpenAI

We use OpenAI's API for intelligent date extraction. Before sending any text to OpenAI:

  • Common PII patterns are automatically redacted (emails, phone numbers, SSNs, credit cards, street addresses, ZIP codes)
  • Only small text snippets surrounding detected dates are transmitted (max 1000 characters)
  • If no date patterns are found in your document, no data is sent to OpenAI
  • Data is processed in accordance with OpenAI's data processing agreement

4.2 Replit Authentication

User authentication is handled securely through Replit's OAuth 2.0 system with JWT signature verification.

4.3 Stripe

Payment processing is handled by Stripe. We do not store credit card information on our servers.

5. Data Security

We implement industry-standard security measures:

  • HTTPS encryption for all data transmission
  • Secure HTTP headers (HSTS, CSP, X-Frame-Options)
  • JWT tokens verified with cryptographic signatures
  • Session data protected and not logged
  • API keys stored as encrypted secrets
  • PII sanitization before AI processing

6. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a portable format
  • Object: Object to certain processing activities
  • Withdraw Consent: Withdraw consent at any time

7. Your Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information is collected
  • Know whether your information is sold or disclosed
  • Say no to the sale of personal information (we do not sell data)
  • Access your personal information
  • Request deletion of your information
  • Equal service and price (no discrimination)

8. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Upon account deletion, your personal data and documents are permanently removed within 30 days.

9. Cookies

We use essential session cookies for authentication. We do not use tracking or advertising cookies.

10. Contact Us

For privacy-related inquiries or to exercise your rights, please contact us through the application's contact form or by signing in and submitting a request.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through the application.

Back to Home