PUBLIC WEBSITE
← Trust Center

Privacy · ReguShield AI

Privacy Policy

Version 1.0.0Effective 2026-06-28published
Issued by ReguShield UAB, a private limited liability company (uždaroji akcinė bendrovė) incorporated in the Republic of Lithuania (EU), operator of the ReguShield AI platform. Maturity, where stated, is labelled Implemented (live today), Planned (in progress) or Roadmap (intended, not yet in place). This document is compliance decision-support documentation, not legal advice.

This Privacy Policy explains how ReguShield UAB (the Republic of Lithuania) processes personal data under the EU General Data Protection Regulation (GDPR) when you use the ReguShield AI platform and our website.

1. Roles

ReguShield UAB acts as data CONTROLLER for account, billing and website data, and as data PROCESSOR for the personal data contained in the Customer's workspace, which it processes on the Customer's documented instructions under the Data Processing Agreement. Privacy contact: privacy@regushield.ai (or hello@regushield.ai).

2. Data We Process

(a) Account & identity data — the work email used to authenticate and basic profile/organisation details. (b) Workspace content — the operational, transaction and compliance records a Customer uploads, processed on its behalf. (c) Audit & usage logs — security, activity and compliance audit events. (d) Cookies — strictly necessary session cookies (see the Cookie Policy).

3. Lawful Basis

We rely on performance of a contract (to provide the platform), our legitimate interests (to secure, operate and improve the service and maintain audit trails), legal obligation (record-keeping), and consent where required (for any non-essential cookies). The Customer is responsible for the lawful basis of the personal data it uploads as controller.

4. Retention

Default retention is configurable per workspace: workspace data 12 months by default; security and compliance audit trails approximately 7 years; pilot evaluation data 90 days; and the immutable governance acceptance audit is retained as a permanent legal record and is never auto-deleted. Customers may request earlier deletion subject to legal retention obligations.

5. Your Rights

Subject to the GDPR you may request access, rectification, erasure, restriction, portability, and may object to certain processing. Where ReguShield is processor, such requests are routed to the relevant Customer (controller). Exercise rights via privacy@regushield.ai. You may also complain to your local supervisory authority, including the Lithuanian State Data Protection Inspectorate (VDAI).

6. Hosting, Sub-processors & International Transfers

Customer data is hosted in the European Union (managed PostgreSQL and authentication via Supabase (EU region); application hosting and edge delivery via Vercel). Sub-processors include Supabase, Vercel, Resend (transactional email) and OpenAI (AI reasoning). Where a sub-processor processes data outside the EEA (e.g. OpenAI in the United States), transfers are made under the European Commission's Standard Contractual Clauses with supplementary measures. The current sub-processor register is published in the Trust Center.

7. Security

We protect personal data with the technical and organisational measures described in the Security Statement, including encryption in transit and at rest, tenant isolation via row-level security, role-based access control and append-only audit trails.

Governing Law & Jurisdiction

This agreement is governed by the laws of the Republic of Lithuania and the directly applicable law of the European Union, without prejudice to mandatory consumer or data-protection rights available to the Customer in the Customer's jurisdiction. The courts of the Republic of Lithuania have jurisdiction, subject to any mandatory rule conferring jurisdiction elsewhere.

Document Control

Agreement ID RS-AGR-PRIVAC-C488372427FE · Version 1.0.0 · Effective 2026-06-28 · Reference PUBLISHED. Issued by ReguShield UAB (hello@regushield.ai). This document is compliance decision-support documentation and is not legal advice; obtain qualified advice before reliance.

Decision-support, not legal advice. Questions? hello@regushield.ai.