Privacy Policy

Last updated: 3 April 2025

European Compliance Suite (“we”, “our”, or “us”) is committed to protecting your personal data and upholding the highest standards of privacy, transparency, and user control. This Privacy Policy explains how we collect, use, store, and protect your data in compliance with the General Data Protection Regulation (GDPR), the EU AI Act, and other applicable data protection laws.

1. Who We Are

European Compliance Suite is a SaaS platform that enables secure, policy-aware collaboration for regulated industries. Our services are hosted entirely within the European Union and designed to meet EU data residency and privacy requirements.

Data Controller:
European Compliance Suite (Eyre AI Limited, 19 Lake Court, Medway Drive, Tunbridge Wells, TN12FH United Kingdom).
DPO Contact: dpo@eyre.ai

2. What Personal Data We Collect

We collect and process the following categories of personal data:

Account data: name, email address, role, organization
Usage data: IP address, browser type, activity logs, access times
Meeting and content data (if applicable): transcripts, summaries, speaker notes, recordings
Consent records: when and how users give consent for recording, transcription, or AI analysis
Support communications: messages sent to our support channels

We do not process special categories of personal data unless explicitly instructed by the customer (data controller) and under clear legal basis and consent.

3. Legal Basis for Processing

We process your data under the following lawful bases:

Consent: for recording, transcription, summarization, and AI-driven content features
Contract: to deliver the services you or your organization have signed up for
Legal obligation: to comply with EU laws and regulations
Legitimate interest: to maintain security, troubleshoot issues, and improve our services (only where such interests do not override your rights)

4. AI Processing and EU AI Act Compliance

We use artificial intelligence systems to provide optional features such as summarization, redaction, and evaluation of documentation.

In compliance with the EU AI Act, we ensure that:

AI systems are transparent and explainable to users
All AI features are opt-in and consent-based
Users are clearly informed when interacting with AI-generated outputs
Human oversight is maintained—AI never operates autonomously without your control
Users have the right to contest or request human review of any AI-assisted outputs

We do not use AI for profiling, behavioral prediction, or automated decision-making without meaningful human involvement.

5. How We Use Your Data

We use your personal data to:

Provide and maintain our platform and services
Deliver consent-based features such as recording, transcription, and summarization
Monitor platform performance, availability, and security
Improve user experience through feedback and usage analytics (anonymized where possible)
Comply with regulatory and legal obligations
Respond to customer inquiries and provide support

We do not sell or share your data for advertising or marketing purposes.

6. Data Sharing and Subprocessors

We only use subprocessors located within the European Union and governed by GDPR. A full list of subprocessors is available in our [Trust Center or DPA Annex].

All subprocessors are contractually bound to strict confidentiality and security obligations. We do not transfer data to third countries or use any U.S.-based cloud infrastructure.

7. Data Retention

We retain personal data only as long as necessary to:

Fulfill the purposes outlined in this policy
Comply with legal obligations
Respect your organization’s data retention preferences

Meeting content, transcripts, and summaries are retained per customer-defined policies or deleted on request. Audit logs are retained according to regulatory standards.

8. Your Rights Under GDPR

You have the following rights under the General Data Protection Regulation (GDPR):

Right to access your data
Right to rectify inaccurate or incomplete data
Right to erase your data (“right to be forgotten”)
Right to restrict or object to processing
Right to data portability
Right to withdraw consent at any time
Right to lodge a complaint with a Data Protection Authority (DPA)

To exercise any of these rights, contact us at dpa@eyre.ai

9. Data Security and Residency

We operate exclusively on infrastructure hosted within the EU. Data is encrypted at rest and in transit using industry standards (e.g. AES-256, TLS 1.3). All access is role-based, logged, and monitored.

We comply with EU data residency requirements and offer regional deployment options for customers with specific jurisdictional needs.

10. Cookies and Analytics

Our platform uses minimal cookies strictly necessary for secure login and session management. We do not use third-party tracking or behavioral analytics. Any usage data is anonymized and stored within EU servers.

You can manage your cookie preferences in your browser or account settings.

11. Children’s Data

Our services are not intended for individuals under the age of 16. We do not knowingly collect or process data from children.

12. Changes to This Policy

We may update this Privacy Policy to reflect legal, technical, or operational changes. We will notify users of any significant updates and seek renewed consent if required by law.