Skip to main content
Audact

Privacy Policy

Last updated: April 3, 2026

1. Data Controller

Audact Ltd, 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom ("Audact", "we", "us").

Contact: privacy@audact.ai

2. Data We Collect

Waitlist signup: Email address only. No tracking cookies. No third-party analytics pre-launch.

Platform usage (post-launch): Call metadata (timestamps, jurisdiction, policy decisions, evidence hashes). We never store conversation content or audio recordings.

Website: Basic server logs (IP address, user agent, pages visited). No advertising trackers.

3. Legal Basis (GDPR Art. 6)

Waitlist: Consent (Art. 6(1)(a)) — you actively submit your email.

Platform services: Performance of contract (Art. 6(1)(b)) — processing necessary to deliver compliance services.

Legal obligations: Compliance with EU AI Act evidence retention requirements (Art. 6(1)(c)).

4. Data Storage & Residency

All data is stored exclusively in the EU: AWS Frankfurt (eu-central-1) primary, AWS Amsterdam (eu-west-1) backup. No data leaves the European Economic Area.

5. Data Retention

Waitlist emails: Until you unsubscribe or 12 months after signup, whichever is earlier.

Compliance evidence: As required by applicable law (minimum 6 months under EU AI Act, up to 10 years for certain financial services).

6. Your Rights (GDPR Art. 15-22)

You have the right to: access your data, rectify inaccuracies, request erasure (right to be forgotten), restrict processing, data portability, and object to processing. Exercise these rights at privacy@audact.ai.

GDPR erasure & evidence integrity: Audact uses crypto-shredding — we destroy the per-subject encryption key, making personal data permanently unreadable while preserving the cryptographic evidence structure.

7. Sub-processors

We use sub-processors to deliver our services. The complete and current sub-processor list is maintained in our Data Processing Agreement.

8. Contact & Complaints

Data Protection Officer: dpo@audact.ai

Supervisory authority: Information Commissioner's Office (ICO), United Kingdom. Once Irish entity is established: Data Protection Commission (DPC), Ireland.