Privacy Policy

Last updated: February 11, 2026

1. Data Controller

The data controller for your personal data is:

Rogach Enterprises
Belgium
Email: privacy@regpulse.io

2. Data We Collect

Data Category	Examples	Purpose
Account Data	Email address, company name, job title	Account creation, service delivery
Subscription Data	Plan type, billing history, Stripe customer ID	Payment processing, access control
Usage Data	Alerts viewed, preferences set, features used	Service improvement, personalization
Alert Preferences	Monitored verticals, keywords, regions, industries	Alert delivery, content filtering
Error Reports	Alert corrections, feedback descriptions	Quality improvement, accuracy auditing
Technical Data	IP address, browser type, device info	Security, abuse prevention, analytics

3. Legal Basis for Processing

Under the GDPR, we process your data on the following legal bases:

• Contract performance (Art. 6(1)(b)) — To provide the Service you subscribed to
• Legitimate interest (Art. 6(1)(f)) — For security, fraud prevention, service improvement, and analytics
• Consent (Art. 6(1)(a)) — For marketing communications (opt-in only)
• Legal obligation (Art. 6(1)(c)) — For tax records, legal compliance

4. How We Use Your Data

• Deliver regulatory alerts matching your configured preferences
• Process payments and manage subscriptions
• Improve AI accuracy based on error reports and feedback
• Send service-related communications (billing, feature updates, outages)
• Analyze aggregated usage patterns to improve the Service
• Prevent fraud and ensure platform security

5. Data Sharing

We do not sell your personal data to third parties. We share data only with:

5.1 Sub-Processors

Provider	Purpose	Location
Stripe	Payment processing	USA (EU SCCs)
SendGrid / Postmark	Email delivery	USA (EU SCCs)
Vercel / Railway	Application hosting	EU / USA
OpenRouter / Anthropic	AI analysis (no PII sent)	USA

All US-based sub-processors operate under EU Standard Contractual Clauses (SCCs) or equivalent safeguards.

5.2 Legal Requirements

We may disclose data when required by law, court order, or regulatory authority.

6. Data Retention

• Active accounts: Data retained for the duration of your subscription
• After account deletion: Personal data deleted within 30 days; anonymized usage data retained for up to 2 years for analytics
• Billing records: Retained for 7 years as required by Belgian tax law
• Error reports: Retained for 2 years for quality improvement

7. Your Rights (GDPR)

As an EU/EEA resident, you have the following rights:

• Right of access — Request a copy of your personal data
• Right to rectification — Correct inaccurate data
• Right to erasure — Request deletion of your data ("right to be forgotten")
• Right to data portability — Receive your data in a structured, machine-readable format
• Right to restriction — Restrict processing in certain circumstances
• Right to object — Object to processing based on legitimate interest
• Right to withdraw consent — Withdraw consent at any time for consent-based processing

To exercise these rights, email privacy@regpulse.io. We will respond within 30 days.

8. Cookies

We use minimal cookies:

• Essential cookies: Session management, authentication (no consent required)
• Analytics cookies: Aggregated usage statistics (opt-in via cookie banner)

We do not use advertising cookies or third-party tracking pixels.

9. Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption in transit (TLS 1.3) and at rest
• Regular security audits and vulnerability scanning
• Access controls and principle of least privilege
• No storage of payment card details (handled by Stripe PCI DSS)

10. International Transfers

When personal data is transferred outside the EU/EEA, we ensure adequate protection through EU Standard Contractual Clauses (SCCs), adequacy decisions, or other approved transfer mechanisms under GDPR Chapter V.

11. Children

The Service is not directed at individuals under 16 years of age. We do not knowingly collect data from children.

12. Data Protection Officer

For privacy-related inquiries:

Email: privacy@regpulse.io
Rogach Enterprises, Belgium

13. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit):

Rue de la Presse 35, 1000 Brussels
www.dataprotectionauthority.be
contact@apd-gba.be

14. Changes

We may update this Privacy Policy periodically. Material changes will be communicated via email to active subscribers at least 14 days before taking effect.