Embodier

Privacy Policy

Effective Date: January 1, 2024 | Last Updated: January 15, 2024

GDPR Compliant

This Privacy Policy complies with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws. As a compliance platform, we practice what we preach.

1. Introduction

Embodier AS ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our AI-powered compliance platform.

Our Commitment

  • We only collect data necessary for providing our services
  • We never sell your personal information to third parties
  • We use industry-standard security measures to protect your data
  • We give you control over your data and privacy settings

2. Information We Collect

Personal Information

  • • Name and email address
  • • Organization/company name
  • • Job title and contact information
  • • Billing and payment information
  • • Account preferences and settings

Usage Data

  • • Platform usage statistics
  • • Feature utilization patterns
  • • Compliance scan results
  • • IP address and browser information
  • • Session duration and frequency

Documents You Upload

We process documents you upload for compliance analysis. These documents are encrypted, processed by our AI engines, and automatically deleted after analysis completion unless you choose to store them.

3. How We Use Your Information

Service Delivery

  • • Provide compliance assessments
  • • Generate compliance reports
  • • Process AI engine requests
  • • Manage your account

Communication

  • • Send service notifications
  • • Provide customer support
  • • Share compliance updates
  • • Send marketing (with consent)

Improvement

  • • Enhance AI accuracy
  • • Improve user experience
  • • Develop new features
  • • Analyze usage patterns

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

Contract Performance

Processing necessary to provide our compliance services as outlined in our Terms of Service.

Legitimate Interest

Improving our services, preventing fraud, and ensuring platform security.

Consent

Marketing communications and optional data processing activities.

Legal Obligation

Compliance with tax, accounting, and other legal requirements.

5. Data Sharing and Third Parties

We do not sell, trade, or rent your personal information. We may share your data with:

Service Providers

Google Cloud Platform
AI processing and secure cloud storage
Firebase
Database and authentication services
Stripe
Payment processing and billing
Netlify
Website hosting and content delivery

Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights, property, or safety, or that of our users or the public.

6. Data Security

We implement industry-standard security measures to protect your personal information:

Technical Safeguards

  • • End-to-end encryption
  • • Secure data transmission (TLS/SSL)
  • • Regular security audits
  • • Multi-factor authentication
  • • Automated backup systems

Organizational Measures

  • • Access controls and permissions
  • • Employee training programs
  • • Data processing agreements
  • • Incident response procedures
  • • Regular compliance assessments

7. Data Retention

Account Data

Retained while your account is active and for 12 months after closure for legal and business purposes.

Compliance Scans

Scan results stored for 24 months. Uploaded documents deleted after processing unless explicitly saved.

Usage Analytics

Anonymized usage data retained for 36 months to improve our services and AI algorithms.

8. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right of Access

Request a copy of your personal data

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your personal data

Right to Restrict Processing

Limit how we use your data

Right to Data Portability

Export your data in a machine-readable format

Right to Object

Object to processing for certain purposes

Right to Withdraw Consent

Withdraw consent for data processing

Right to Lodge a Complaint

File complaint with supervisory authority

How to Exercise Your Rights

Contact us at privacy@embodier.com or use the privacy controls in your account settings. We will respond within 30 days as required by GDPR.

9. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) where our service providers are located.

Safeguards in Place

  • • Standard Contractual Clauses (SCCs) with all processors
  • • Adequacy decisions for transfers to approved countries
  • • Additional technical and organizational measures
  • • Regular review of transfer mechanisms

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • • Email notification to your registered address
  • • Prominent notice on our website
  • • In-app notification when you log in
  • • Updated effective date in this policy

Contact Information & Data Protection Officer

For any questions about this Privacy Policy or to exercise your rights, please contact:

Data Protection Officer

Embodier AS
Privacy Department
Oslo, Norway

Contact Methods

Email: privacy@embodier.com
Support: support@embodier.com
General: legal@embodier.com

Norwegian Data Protection Authority: If you are not satisfied with our response, you may lodge a complaint with Datatilsynet (datatilsynet.no).