1. Introduction
Welcome to Complycia, a product operated by Your Legal Entity Name (“Complycia,” “we,” “us,” or “our”).This Privacy Policy explains how we collect, use, store, and protect personal information when you access or use our website, applications, and compliance services (collectively, the “Service”). By using Complycia, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.
2. What Data We Collect
We collect limited information to operate, improve, and secure Complycia. The types of data we collect fall into the following categories:
a. Information You Provide to Us
Information you voluntarily provide when using Complycia may include:
Full name
Work email address
Company or agency name
State(s) of operation
Information submitted through intake forms or compliance questionnaires
Communications you send to us (e.g., support requests)
b. Usage & Technical Data
We automatically collect limited technical information to maintain and secure the Service, including:
Log and access timestamps
Pages or features accessed
Device and browser type
IP address (used for security and fraud prevention)
This data is used solely for operational, security, and analytics purposes.
c. Billing Information
Payment information is processeed securely by third-party payment providers (such as Stripe).
Complycia does not store full credit card numbers or sensitive payment credentials on its servers.
What We Do Not Collect
Complycia is built to support regulatory documentation — not to handle patient information. We intentionally do not collect or store:
Patient records or personally identifiable patient data
Medical or clinical information (PHI)
Access to EHR, EMR, or clinical systems
Complycia operates independently of patient care systems and is designed to help agencies stay compliant without introducing additional privacy or regulatory risk.
3. Use of AI in Compliance Generation
Complycia uses AI to assist with compliance documentation and regulatory guidance, including:
Generating state-aligned compliance binders
Drafting policies, SOPs, and templates
Assisting with regulatory explanations and updates
Structuring audit-ready documentation
Important clarifications:
AI is used only on agency-provided business and operational information
No patient data or medical records are processed
Data is not used to train public or third-party AI models
All data is encrypted at rest and in transit
You retain ownership of all inputs and generated documents.
4. How We Use Your Information
We use your data to:
Purpose | Legal Basis |
|---|---|
Provide the Service | Contract fulfillment |
Customize documentation and recommendations | Legitimate interest / Consent |
Analyze platform usage | Legitimate interest |
Improve product performance | Legitimate interest |
Send transactional emails | Contract fulfillment |
Send marketing communications | Consent (you can opt out anytime) |
Ensure security & fraud detection | Legal obligation / Legitimate interest |
5. How We Share Your Data
We do not sell your personal or business information.
We may share limited data only with:
Service providers (e.g., Stripe for payments, email delivery, analytics)
Cloud infrastructure providers (e.g., AWS)
Internal support and compliance systems used to operate the Service
Government authorities or legal entities, only if required by law
All third-party providers are bound by data processing agreements (DPAs) and security requirements.
6. International Data Transfers
Complycia may store and process data on servers located in the United States or other jurisdictions.
For users located in the EU/EEA, we rely on approved legal mechanisms (such as Standard Contractual Clauses) to ensure lawful data transfers.
7. Data Retention
We retain personal and business data only as long as necessary to:
Provide the Service
Comply with legal obligations
Resolve disputes
Enforce our agreements
When an account is closed, data may be anonymized or permanently deleted after a defined retention period (typically within 12 months).
You may request deletion of your data at any time (see Section 9).
8. Your Privacy Rights
Depending on your location, you may have rights under applicable privacy laws (such as GDPR or CCPA), including the right to:
Request access to your personal data
Request correction of inaccurate data
Request deletion of your data (“Right to Be Forgotten”)
Object to certain data processing
Request a copy of your data (data portability)
Withdraw consent where applicable
To exercise these rights, contact us at privacy@complycia.com
We respond to verified requests within 30 days.
9. Security Practices
We implement technical and organizational measures designed to protect your data, including:
Encryption of data at rest and in transit
Secure access controls and authentication
Role-based permissions
Ongoing monitoring and vulnerability management
Infrastructure-level security provided by trusted cloud providers
While no system can be guaranteed to be 100% secure, we take reasonable precautions to protect your information and minimize risk.
10. Children’s Privacy
Complycia is not intended for use by individuals under the age of 18.
We do not knowingly collect personal information from minors.
11. Third-Party Links
Our Service may contain links to third-party websites or tools.
This Privacy Policy does not apply to those services. We encourage you to review their privacy practices before interacting with them.
12. Changes to This Policy
We may update this Privacy Policy from time to time.
Any changes will be posted on this page with an updated “Effective Date.”
If material changes are made, we will notify users via email or in-app notice when required.
13. Contact Us
For any privacy-related questions, requests, or complaints:
Email: privacy@complycia.com