ComplianceDirectory

Privacy Policy

Last updated: February 27, 2026

1. Who We Are

ComplianceDirectory (“we”, “us”, or “our”) operates the website compliancedirectory.io. We provide an independent directory and comparison platform for compliance and security tools, scored using our AI Neutrality Score (ANS) methodology.

For privacy inquiries, contact us at: privacy@compliancedirectory.io

2. Information We Collect

2.1 Information You Provide

  • Newsletter subscriptions: Your email address when you sign up for our newsletter.
  • Tool submissions: Tool name, URL, category, description, and your contact email when you submit a tool for inclusion.

2.2 Information Collected Automatically

  • Usage data: Pages visited, time spent, referring URLs, and browser/device type, collected via Vercel Analytics.
  • IP address: Collected by our hosting provider (Vercel) for security and performance purposes.

2.3 Cookies

We use only essential technical cookies required for site operation. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Vercel Analytics uses privacy-preserving, cookie-free measurement.

3. How We Use Your Information

  • To send you our compliance tool newsletter (if subscribed).
  • To process and evaluate tool submission requests.
  • To improve our directory, content, and user experience.
  • To detect and prevent abuse, spam, or fraudulent submissions.
  • To comply with applicable legal obligations.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your data under the following legal bases:

  • Consent: Newsletter subscriptions — you can withdraw at any time.
  • Legitimate interests: Site analytics, security monitoring, and improving our services.
  • Contract performance: Processing tool submissions you initiate.

5. Data Retention

  • Newsletter emails: Retained until you unsubscribe.
  • Tool submissions: Retained for up to 24 months for review and audit purposes.
  • Analytics data: Retained for 12 months in aggregate, anonymized form.

6. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (“right to be forgotten”).
  • Object to or restrict processing of your data.
  • Data portability (receive your data in a machine-readable format).
  • Withdraw consent at any time (for newsletter subscriptions).

To exercise any of these rights, email us at privacy@compliancedirectory.io. We will respond within 30 days.

7. Third-Party Services

We use the following third-party services that may process your data:

  • Vercel — Hosting and edge delivery. Privacy Policy
  • Supabase — Database storage for submissions and newsletter subscriptions. Privacy Policy

All third-party processors are contractually bound to protect your data in compliance with applicable privacy laws.

8. Data Security

We implement industry-standard security measures including TLS encryption in transit, Row Level Security (RLS) on our database, and access controls. If you believe your data has been compromised, contact us immediately at security@compliancedirectory.io.

9. Children's Privacy

ComplianceDirectory is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy periodically. When we do, we will update the “Last updated” date at the top of this page. Continued use of the site after changes constitutes acceptance of the updated policy.

11. Contact

For any questions about this Privacy Policy:

Terms of ServiceANS MethodologyBack to Directory