We manage compliance with contractual, legal, regulatory requirements.

GDPR #

Yes, our organization is committed to complying with the General Data Protection Regulation (GDPR). We take the following measures to ensure compliance:

1. Personal Data Collection: The only personally identifiable information (PII) collected is the email address, which may include the user’s name. This information is used exclusively for sending generated policies and is stored securely in our app database.
2. Consent: Before generating each policy, users are required to agree to our privacy policy, ensuring that we obtain explicit consent for the processing of their information.
3. Data Security Measures: We have implemented various security measures, including access controls, encryption, privacy rules in Bubble, input checks, API hardening, and ongoing employee education. More details can be found in our dedicated security section.
4. Data Access and Portability: We honor user requests for access to, correction of, or deletion of their personal data. Such requests can be made via our contact form, and we commit to handling them promptly.
5. Third-party Integrations: We utilize third-party services such as Google Docs (for generated policy storage), Stripe (for payment processing), and OpenAI (for policy generation). These providers adhere to GDPR regulations. Google has committed to GDPR compliance across its services, Stripe is certified under the Privacy Shield Framework, and OpenAI employs robust security measures in alignment with GDPR requirements. We signed a Data Protection Addendum with OpenAI, supporting our GDPR Compliance. If you need it, let us know. Please refer to our privacy policy for further information or contact us directly with any questions or concerns.

ISO 27001 Certification #

Our organization is not currently ISO 27001 certified, as we’re a micro-entreprise. However, we follow the principles and best practices outlined by the ISO 27001 standard to ensure the security and integrity of our information management processes. We are committed to maintaining a robust security posture and continuously improving our security measures in line with ISO 27001 guidelines.