Skip to content
regpilot

Privacy Policy

Last Updated: January 26, 2025

RegPilot ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI Gateway platform and related services.

Information We Collect

We collect several types of information to provide and improve our services:

Personal Information

  • Account Information: Name, email address, company name, job title
  • Contact Information: Phone number, mailing address (if provided)
  • Payment Information: Billing details processed through secure third-party payment processors
  • Profile Information: User preferences, settings, and profile data

Usage Information

  • Platform Activity: Features used, compliance assessments performed, reports generated
  • Technical Data: IP address, browser type, device information, operating system
  • Log Data: Access times, pages viewed, actions taken within the platform
  • Cookies and Tracking: Session data, preferences, and analytics information

AI API Data

  • API Keys: Encrypted API keys for AI providers (OpenAI, Anthropic, etc.)
  • API Requests & Responses: Logged for monitoring, debugging, and compliance
  • Usage Metrics: API call counts, costs, latency, error rates
  • Compliance Metadata: Risk scores, policy violations, audit trails

How We Use Your Information

We use collected information for the following purposes:

  • Service Provision: Delivering AI Gateway monitoring, cost tracking, and analytics services
  • Account Management: Creating and maintaining user accounts, authentication, billing
  • Platform Improvement: Analyzing usage patterns to enhance features and user experience
  • Communication: Sending service updates, security alerts, and support responses
  • Compliance Support: Providing regulatory guidance and compliance recommendations
  • Legal Obligations: Meeting regulatory requirements and responding to legal requests

Information Sharing and Disclosure

We may share your information only in these limited circumstances:

  • Service Providers: Third-party vendors who assist in platform operations (hosting, payment processing, analytics)
  • Legal Requirements: When required by law, court order, or regulatory authority
  • Business Transfers: In connection with mergers, acquisitions, or asset sales
  • Consent: When you explicitly authorize information sharing

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Data Security

We implement industry-standard security measures including:

  • Encryption: Data encrypted in transit and at rest using AES-256 encryption
  • Access Controls: Role-based access with multi-factor authentication
  • Infrastructure Security: Secure cloud hosting with regular security audits
  • Monitoring: Continuous monitoring for security threats and vulnerabilities

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

Data Retention

We retain your information for as long as:

  • Your account remains active
  • Required to provide services
  • Necessary for legal compliance
  • Needed for legitimate business purposes

Upon account termination, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

Your Rights

Depending on your location, you may have the following rights:

  • Access: Request copies of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Receive your data in a portable format
  • Restriction: Limit how we process your information
  • Objection: Object to certain processing activities

To exercise these rights, contact us at privacy@regpilot.dev.

International Data Transfers

regpilot operates globally and may transfer your information to countries outside your jurisdiction. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses: For transfers outside the EU/EEA
  • Adequacy Decisions: Transfers to countries with adequate data protection
  • Consent: Where legally required

Contact Information

For privacy-related questions or requests:

Email: privacy@regpilot.dev
Address: Bizlution AB, Gothenburg, Sweden

Compliance Framework Disclaimer

IMPORTANT: regpilot provides tools and guidance for EU AI Act compliance but does not guarantee compliance outcomes. Our platform:

  • Does not constitute legal advice or professional consultation
  • Cannot ensure your organization's full regulatory compliance
  • Requires independent legal review of all compliance assessments
  • Recommends consulting qualified legal counsel for compliance matters

You remain solely responsible for ensuring your organization's compliance with applicable laws and regulations.