Regulyze

Privacy Policy

Last updated:

This is sample legal content for a demonstration website. It is not a substitute for professional legal advice. Please consult qualified legal counsel before using this language in production.

1. Introduction

Musk & Gale LLC("Regulyze," "we," "us," or "our") respects your privacy and is committed to protecting the personal data we collect and process. This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and your rights under applicable data-protection laws — including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and similar legislation.

This policy applies to our website at https://regulyze.com, our cloud-hosted compliance platform (the "Service"), and any related communications, marketing, or support interactions.

2. Data Controller

The data controller for the purposes of this policy is:

Musk & Gale LLC
548 Market St, Suite 36000
San Francisco, CA 94104
United States
Email: hello@regulyze.com

3. Personal Data We Collect

3.1 Data you provide directly

  • Account information: name, email address, company name, job title, and password when you create an account or request a demo.
  • Billing information: payment method details and billing address, processed through our PCI-compliant payment processor.
  • Communications: messages you send through our contact forms, support channels, or email.
  • Survey and feedback responses: information you voluntarily provide in surveys or product-feedback sessions.

3.2 Data collected automatically

  • Usage data: pages visited, features used, click paths, session duration, and interaction events within the Service.
  • Device and browser data: IP address, browser type and version, operating system, device type, screen resolution, and language preference.
  • Cookies and similar technologies: see our Cookie Policy for details.
  • Log data: server logs including request timestamps, referral URLs, and response status codes.

3.3 Data from third parties

  • Single sign-on providers: if you authenticate via Google Workspace or Microsoft Entra ID, we receive your name, email, and profile picture.
  • Integration data: when you connect third-party tools (e.g., AWS, GitHub, Okta), we collect metadata necessary to provide the Service — such as configuration snapshots and access-log summaries. We do not access the content of your repositories or customer-facing data.

4. How We Use Your Data

We process personal data for the following purposes:

  • Service delivery: to create and manage your account, provide the compliance platform, and deliver customer support.
  • Billing and payments: to process subscriptions, issue invoices, and manage payment methods.
  • Product improvement: to analyse usage patterns, identify bugs, and improve the Service.
  • Communication: to send transactional emails (e.g., password resets, billing receipts), product updates, and — with your consent — marketing communications.
  • Security: to detect, prevent, and respond to fraud, abuse, and security incidents.
  • Legal compliance: to comply with applicable laws, regulations, and legal processes.

5. Lawful Basis for Processing (GDPR)

Where the GDPR applies, we rely on the following lawful bases:

  • Contract performance: processing necessary to deliver the Service you subscribed to.
  • Legitimate interest: product analytics, security monitoring, and fraud prevention, balanced against your data-protection rights.
  • Consent: marketing communications and non-essential cookies.
  • Legal obligation: tax records, regulatory reporting, and responding to lawful government requests.

6. Data Sharing and Sub-processors

We share personal data only as follows:

  • Sub-processors: we use vetted third-party service providers for hosting (AWS), payment processing (Stripe), email delivery (Postmark), and analytics (PostHog). Each sub-processor is bound by a Data Processing Agreement.
  • Professional advisors: legal counsel, auditors, and accountants under professional confidentiality obligations.
  • Law enforcement: only when required by law, subpoena, or valid legal process.
  • Business transfers: in the event of a merger, acquisition, or asset sale, personal data may be transferred to the successor entity.

We do not sell personal data to third parties.

7. International Data Transfers

Our primary infrastructure is hosted in the United States. If you are located in the EU/EEA, personal data transferred to the US is protected by Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by technical measures including encryption in transit (TLS 1.2+) and at rest (AES-256).

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy:

  • Account data: retained for the duration of your subscription plus 90 days to allow for reactivation.
  • Billing records: retained for 7 years to satisfy tax and financial reporting obligations.
  • Usage analytics: retained in identifiable form for up to 26 months; aggregated thereafter.
  • Support correspondence: retained for 3 years after ticket resolution.
  • Marketing consent records: retained for the duration of consent plus 3 years.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten").
  • Restrict or object to certain processing activities.
  • Port your data to another service in a structured, machine-readable format.
  • Withdraw consent at any time, without affecting the lawfulness of prior processing.
  • Lodge a complaint with a supervisory authority.

To exercise any of these rights, contact us at hello@regulyze.com. We will respond within 30 days.

10. Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access controls with least-privilege enforcement
  • Multi-factor authentication for all internal systems
  • Regular vulnerability scanning and penetration testing
  • 24/7 infrastructure monitoring and alerting
  • Employee security awareness training

11. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected such data, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-product notification at least 30 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Musk & Gale LLC
Attn: Data Protection
548 Market St, Suite 36000
San Francisco, CA 94104
Email: hello@regulyze.com