Verdus Technologies Pte. Ltd. is the data controller for personal data collected through RegLegBrief. We are incorporated in Singapore.
Contact: privacy@reglegbrief.com
Note for EU residents: This platform does not specifically target EU residents. If you are an EU resident accessing RegLegBrief, you do so voluntarily and your data is processed in accordance with GDPR principles. We are not required to appoint an EU Representative at this time. If our EU user base grows to warrant it, we will appoint one and update this policy accordingly.
| Data Item | When Collected | Why |
|---|---|---|
| Email address | Registration or email subscription | Account creation, service delivery, alerts |
| Professional domain (inferred) | At registration | Security profiling, usage limits |
| Jurisdiction and category selections | Onboarding and preference updates | Personalising your regulatory brief feed |
| Free-text professional description | AI-guided onboarding | Mapping your profile to regulatory categories |
| Usage data (briefs read, searches, features used) | Continuously during platform use | Service delivery, billing, abuse prevention |
| IP address | Every request (server logs) | Security, fraud prevention |
| Browser and device data | Every request (server logs) | Security, service delivery |
| Payment data | At subscription purchase | Billing — processed by Stripe (we do not store card details) |
| Consent records | At signup and on any consent update | Legal compliance — proof of consent |
We do not collect sensitive personal data (health data, biometric data, political opinions, religious beliefs, etc.).
| Processing Activity | Legal Basis |
|---|---|
| Delivering the service to registered users | Performance of contract (GDPR Art. 6(1)(b)) |
| Sending service emails (alerts, account notifications) | Performance of contract (GDPR Art. 6(1)(b)) |
| Sending marketing communications | Consent (GDPR Art. 6(1)(a)) — you can withdraw at any time |
| Analytics and platform improvement | Legitimate interests (GDPR Art. 6(1)(f)) |
| Fraud prevention and security | Legitimate interests (GDPR Art. 6(1)(f)) |
| Billing and payment records | Legal obligation — tax and accounting (GDPR Art. 6(1)(c)) |
| Retaining consent records | Legal obligation (GDPR Art. 6(1)(c)) |
| Serving advertising to free-tier users | Consent (GDPR Art. 6(1)(a)) — via cookie consent banner |
Singapore residents: processing is also conducted in accordance with the Personal Data Protection Act 2012 (PDPA).
RegLegBrief uses AI systems (Anthropic Claude) to generate regulatory briefings from primary source documents. This is how the platform works — it is disclosed clearly and is not a hidden process.
What we send to the AI: Regulatory source content (text from official regulatory body documents). We do not send your personal data, email address, professional description, or any other identifying information to the AI system.
AI training: Your personal data is never used to train AI models. The AI processing is used solely to generate regulatory briefings, not to process, analyse, or profile you as an individual.
The AI-guided onboarding conversation maps your professional description to regulatory categories. This processing happens entirely within our own system and the result (a set of regulatory category codes) is stored in your profile. Your free-text description is deleted from the AI system immediately after processing and retained only in your account profile subject to our standard retention rules.
We use the following third-party processors. Each has been selected for data protection compliance and operates under a Data Processing Agreement:
| Processor | Role | Data Touched | Location |
|---|---|---|---|
| Hetzner Online GmbH | Server and database hosting | All data (hosted on our server) | Nuremberg, Germany |
| Cloudflare, Inc. | CDN and DNS | IP addresses, traffic metadata | United States (SCCs in place) |
| Stripe, Inc. | Payment processing | Payment data, billing details | United States (SCCs in place) |
| Brevo SAS | Transactional email delivery | Email address, email content | France (EU) |
| Google LLC | AdSense advertising (free tier only) | Cookie data, behaviour data (with consent) | United States (SCCs in place) |
| Anthropic PBC | AI content generation | Regulatory source text only — no personal data | United States |
We do not sell your data to third parties. We do not share your data with any party not listed above, except where required by law.
| Data Item | Retention Period | Reason |
|---|---|---|
| Account and profile data | Duration of account + 30 days after deletion request | Service delivery |
| Consent records | 7 years | Legal obligation — proof of consent |
| Payment records | 7 years | Legal obligation — tax and accounting |
| Usage / click behaviour | 12 months, then auto-purged | Platform improvement, abuse prevention |
| IP address logs | 90 days, then auto-purged | Security and fraud prevention |
| Inactive accounts | 6 months of zero activity → reconfirmation email → 30 days → deletion | Data minimisation |
You have the following rights regarding your personal data. All rights are self-service where possible, or exercisable by emailing privacy@reglegbrief.com. We will respond within 30 days.
Download a full copy of all data we hold about you. Available in your account settings as a machine-readable export.
Correct inaccurate data. You can update your email and preferences directly in your account settings.
Request deletion of your account and all associated data within 30 days. Consent records and payment records are retained as required by law.
Pause your account without deleting it. Your data will not be processed while your account is paused.
Receive your data in a structured, machine-readable format (JSON). Available from account settings.
Object to processing based on legitimate interests. Email us and we will assess your objection promptly.
Withdraw any consent you have given (marketing, analytics cookies) at any time. As easy as giving consent — one click in account settings.
You may lodge a complaint with your local data protection authority. Singapore residents: PDPC (pdpc.gov.sg). EU residents: your national supervisory authority.
Session authentication cookies are strictly necessary for the platform to function. These cannot be disabled while you are logged in.
We use analytics to understand how the platform is used and to improve it. Analytics cookies are only placed with your consent. You can withdraw consent at any time in your account settings or via the cookie preference centre.
Free-tier users see advertisements served by Google AdSense. Advertising cookies are only placed with your explicit consent. Paid subscribers do not see advertisements and advertising cookies are not used for paid accounts.
You can manage your cookie preferences at any time by clicking "Cookie preferences" in the platform footer.
We send the following email types:
Every email we send contains a one-click unsubscribe link. We never send emails you cannot stop receiving (other than critical service notifications such as breach alerts or account suspension notices).
In the event of a data breach that is likely to result in risk to your rights and freedoms, we will:
RegLegBrief is a professional platform intended for adults. We do not knowingly collect data from persons under the age of 18. If you believe we have inadvertently collected data from a minor, please contact privacy@reglegbrief.com and we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify registered users by email at least 14 days before material changes take effect. The current version is always available at reglegbrief.com/privacy.
The effective date at the top of this page indicates when this version was last updated.
For any privacy-related questions, requests, or complaints:
Verdus Technologies Pte. Ltd.
Singapore
Email: privacy@reglegbrief.com
We will acknowledge your request within 3 business days and respond substantively within 30 days. If you are not satisfied with our response, you have the right to complain to your local data protection authority.