Our commitment to privacy
PolicifyAI is a technology provider that helps businesses generate compliance templates. We take the privacy of our customers — and the end users of our customers' websites — seriously. This page explains the principles the PolicifyAI system is designed around.
1. Data minimisation
We collect the minimum personal data needed to run your account: email address, authentication identifiers, billing information (processed by Stripe), and the business details you enter to generate policies. For product improvement, we use Google Analytics 4 and PostHog to collect anonymised usage data (pages visited, features used). This data is not linked to your identity and is not shared with advertising networks.
2. We do not sell your data
We have never sold personal data and we never will. We do not share personal data with advertising networks or data brokers. The only parties we share data with are the sub-processors strictly required to run the service — see our sub-processors list.
3. Your generated policies are yours
The business inputs you provide and the policies you generate belong to you. We do not use your inputs to train third-party foundation models. The AI providers we use (Anthropic, OpenRouter) operate under commercial agreements that prohibit training on API traffic.
4. Security
Data is encrypted in transit (TLS 1.2+) and at rest (AES-256) by our infrastructure providers. Authentication uses industry-standard OAuth flows and short-lived session tokens. We apply row-level security in our database so users can only access their own records. See our security FAQ for more.
5. Your rights
Under GDPR, UK GDPR, CCPA and similar laws you have the right to access, correct, delete, and export your personal data. You can initiate any of these at our data subject request page or by emailing [email protected].
6. Transparency
Our privacy policy is written in plain English. If anything in this commitment feels inconsistent with how we actually operate, we consider that a bug — tell us.