Privacy Policy

Last updated: 1 July 2026

This Privacy Policy explains how EuroGuard AI ("we", "us"), the data controller, processes personal data when you use EuroGuard AI. We are committed to compliance with the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.

1. Data controller

EuroGuard AI, Longford, Ireland. Contact: support@euroguard.ie.

2. Data we collect

  • Account data: email address, authentication identifiers (from email/password or Google sign-in).
  • Scan & report data: company name, product description, and other information you submit to generate a compliance report; the resulting analysis.
  • Payment data: handled directly by Stripe. We receive a payment reference and status; we do not receive full card details.
  • Technical data: IP address, browser and device information, logs necessary for security and abuse prevention.

3. Purposes and legal bases

  • Providing the Service — Art. 6(1)(b) performance of contract.
  • Payment processing & anti-fraud — Art. 6(1)(b) and 6(1)(f) legitimate interests.
  • Security, abuse prevention, logging — Art. 6(1)(f) legitimate interests.
  • Legal & tax compliance — Art. 6(1)(c).
  • Product improvement (aggregated, non-identifying) — Art. 6(1)(f).

We do not use your submitted company data to train AI models.

4. Sub-processors

We use the following providers to run the Service. All EU personal data is processed within the EU/EEA where technically possible.

  • Supabase — authentication and database hosting (EU region).
  • Stripe — payment processing (payment card industry compliant).
  • Cloudflare — content delivery, hosting, DDoS protection.
  • Lovable AI Gateway — model inference for report generation.
  • Google (Search Console) — SEO analytics on aggregated site data.

5. International transfers

Where a sub-processor transfers data outside the EEA, we rely on the European Commission's Standard Contractual Clauses and supplementary measures. A current sub-processor list is available on request from support@euroguard.ie.

6. Retention

Scan data and account data are retained indefinitely until the user deletes them. You can delete individual scans or your entire account at any time from your /account page, or by emailing support@euroguard.ie. Deletion requests are honoured within 30 days.

Payment and tax records are kept for the period required by Irish tax law (currently 6 years).

7. Your rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with the Irish Data Protection Commission (dataprotection.ie) or your local supervisory authority

To exercise these rights email support@euroguard.ie. We respond within 30 days.

8. Cookies

We use strictly necessary cookies for authentication and session management. We do not currently use advertising or third-party tracking cookies. If this changes we will update this policy and, where required, request your consent.

9. Security

Data is encrypted in transit (TLS) and at rest. Access is restricted by role and audited. Row-Level Security policies enforce that only you can read your own scans and reports.

10. Changes

We will notify material changes to this policy via the Service or by email. Continued use after the effective date of a change constitutes acceptance.