Review My DPA

    AI-Powered DPA Risk Analyzer

    Last updated: 24 February 2026

    1. Introduction

    This Privacy Policy explains how DPA Risk Classifier ("we", "us", or "our") collects, uses, and protects your personal information when you use our Service. We are committed to ensuring the privacy and security of your data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

    2. Data Controller

    DPA Risk Classifier acts as the data controller for the personal information collected through this Service. For any questions about this Privacy Policy or our data practices, please contact us through the channels provided on our website.

    3. Information We Collect

    We collect the following categories of information:

    Account Information

    • Email address
    • Password (encrypted)
    • Account preferences

    Documents and Analysis Data

    • Data Processing Agreements uploaded for analysis
    • Analysis results and reports generated
    • Document names and metadata

    Payment Information

    • Payment details are processed securely by our payment processor (Stripe)
    • We do not store full credit card numbers on our servers
    • Transaction records and receipts

    Usage Data

    • IP address and browser information
    • Pages visited and features used
    • Time and date of access

    4. How We Use Your Information

    We use your information for the following purposes:

    • Service Delivery: To provide DPA analysis and generate risk reports
    • Account Management: To maintain your account and provide customer support
    • Payment Processing: To process purchases and manage credits
    • Service Improvement: To analyze usage patterns and improve our Service
    • Communication: To send important updates about your account or the Service
    • Legal Compliance: To comply with applicable laws and regulations

    5. Legal Basis for Processing

    Under GDPR, we process your personal data based on the following legal grounds:

    • Contract Performance: Processing necessary to provide the Service you've purchased
    • Legitimate Interests: For improving our Service and protecting against fraud
    • Legal Obligation: To comply with applicable laws and regulations
    • Consent: Where you have explicitly consented to specific processing activities

    6. Data Retention

    We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

    • Account Data: Retained while your account is active and for a reasonable period after deletion
    • Analysis Reports: Stored until you delete them or close your account
    • Uploaded Documents: Processed for analysis and not permanently stored on our servers
    • Transaction Records: Retained as required by applicable tax and accounting laws

    7. Data Sharing

    We do not sell your personal information. We may share your data with:

    • Service Providers: Third parties who help us operate the Service (e.g., hosting, payment processing)
    • AI Processing: Your documents are processed using AI services to generate analysis results
    • Legal Requirements: When required by law or to protect our rights

    8. Your Rights

    Under GDPR, you have the following rights regarding your personal data:

    • Right of Access: Request a copy of your personal data
    • Right to Rectification: Correct inaccurate personal data
    • Right to Erasure: Request deletion of your personal data
    • Right to Restriction: Limit how we process your data
    • Right to Data Portability: Receive your data in a structured format
    • Right to Object: Object to processing based on legitimate interests
    • Right to Withdraw Consent: Withdraw consent where processing is based on consent

    To exercise these rights, please contact us through the channels provided on our website.

    9. Security

    We implement appropriate technical and organizational measures to protect your personal data, including:

    • Encryption of data in transit and at rest
    • Secure authentication mechanisms
    • Regular security assessments
    • Access controls and monitoring

    10. International Transfers

    Your data may be processed in countries outside the European Economic Area. When this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

    11. Cookies

    We use essential cookies to operate the Service. These cookies are necessary for authentication and security. We do not use tracking or advertising cookies without your consent.

    12. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

    13. Contact Us

    If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us through the Service or at the contact information provided on our website.

    You also have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable law.