← Back to CueComply

Privacy Policy

Last updated: 30 March 2026

1. Who we are

CueComply Ltd (“CueComply”, “we”, “us”) operates the CueComply platform at cuecomply.com. We are the data controller for the personal data we collect through our website and services.

Contact: hello@cuecomply.com

2. Data we collect

We collect the following categories of personal data:

  • Account data: name, email address, password (hashed), business name, industry, and company size when you register.
  • Usage data: pages visited, features used, compliance scores, tasks completed, and documents generated.
  • Payment data: processed securely by Stripe. We do not store card numbers on our servers.
  • Communications: messages you send through our AI assistant or support channels.
  • Technical data: IP address, browser type, device information, and cookies.

3. How we use your data

We process your personal data for the following purposes:

  • Providing and improving the CueComply platform and services.
  • Generating personalised compliance recommendations and documents.
  • Processing payments and managing subscriptions.
  • Sending transactional emails (welcome, billing, alerts).
  • Analysing usage patterns to improve our product.
  • Complying with legal obligations.

4. Legal basis for processing

Under UK GDPR, we rely on the following legal bases:

  • Contract: processing necessary to provide our services to you.
  • Legitimate interests: improving our platform, preventing fraud, and ensuring security.
  • Consent: for optional marketing communications (you can opt out at any time).
  • Legal obligation: where required by law.

5. Data sharing

We share data only with trusted third-party service providers who help us operate the platform:

  • Supabase: database hosting and authentication.
  • Stripe: payment processing.
  • Anthropic: AI-powered compliance assistance.
  • Resend: transactional email delivery.
  • Vercel: website hosting.

We do not sell your personal data to third parties.

6. Data retention

We retain your personal data for as long as your account is active or as needed to provide services. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

7. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Erase your data (“right to be forgotten”).
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent at any time.

To exercise any of these rights, contact us at hello@cuecomply.com.

8. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS), secure authentication, and role-based access controls.

9. Changes to this policy

We may update this privacy policy from time to time. We will notify you of any material changes by email or through the platform. Continued use of CueComply after changes constitutes acceptance of the updated policy.