Privacy Policy

Last updated: February 26, 2026

Data Controller
Who controls personal data processing

ComplySafe.io is operated by BitFoundry OÜ, a private limited company registered in Estonia (registry code: 17352996). BitFoundry OÜ acts as the data controller for personal data processed in connection with this website and the ComplySafe service.

Registered office: Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551. Contact: contact@memento-mori.email

Data We Process
Categories of personal data used by the Service
  • Account identity data: name, email, auth provider identifiers.
  • Profile/contact data: optional phone, first name, last name, settings frequencies.
  • Entry data: titles, descriptions, notes, URLs, schedule metadata, status, delivery state.
  • Recipient data: names, email(s), phone, address, relationship, language, preferences.
  • Billing data: customer IDs, subscription IDs, plan, amount, status, transaction records.
  • Support/feedback data: feedback type, message, status, replies.
  • Technical/security data: IP address, login activity, cookie/local-storage preferences, error logs.
Why We Process Data
Purposes and legal bases (GDPR)

We process personal data to:

  • Provide and secure the Service (performance of a contract).
  • Authenticate users and manage sessions (contract + legitimate interests).
  • Store, schedule, and deliver entries to configured recipients (contract).
  • Process subscriptions, invoices, and payment events (contract + legal obligation).
  • Send operational and transactional emails (contract + legitimate interests).
  • Detect abuse, prevent fraud, and maintain audit/error logs (legitimate interests).
  • Comply with legal obligations (e.g., accounting, lawful requests).
  • Run optional analytics/marketing cookies where consent is required (consent).
Permissions Required
What access is required to use the web app
  • Browser and internet access are required.
  • Authentication data is required to create and access your account.
  • Recipient contact data is required only if you configure recipients and deliveries.
  • Payment data is required only for paid subscriptions and is processed by Stripe.
  • Essential cookies/local storage are required for session and preference handling.
  • We may process IP-based geolocation signals to determine whether cookie consent must be shown in the EEA.

The Service does not request mobile OS-level permissions such as contacts, camera, or microphone.

Data Sharing and Processors
Third parties involved in processing

We share personal data with processors only where needed to provide the Service:

  • Keycloak (OpenID Connect identity and authentication).
  • Stripe, Inc. (payment processing, billing, and subscription webhooks).
  • Resend, Inc. (transactional email delivery and contact audience operations).
  • Vercel Inc. (hosting/runtime infrastructure and Vercel Analytics, where enabled).
  • IPGeolocation.io (IP geolocation lookup for cookie consent region checks).

We may also disclose data when legally required, to protect rights/safety, or in a corporate restructuring.

International Transfers
Cross-border data movement

Some processors may process data outside the EEA. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) and supplementary measures under applicable law.

Retention
How long data is stored
  • Account, entry, and recipient data is retained while your account is active.
  • Billing/transaction records are retained as required by accounting and tax law.
  • Activity and error logs are retained for security, support, and compliance purposes.
  • After deletion requests, we remove or anonymize data unless retention is required by law or for legal defense.
Security
How we protect personal data

We implement technical and organizational safeguards, including access controls, authenticated APIs, application-level encryption for sensitive fields, and payload validation/size controls.

No method of storage or transmission is completely secure; we therefore cannot guarantee absolute security.

Your Rights
GDPR and similar rights

You may have rights to access, rectify, erase, restrict, object, and port your personal data.

Where processing is based on consent, you can withdraw consent at any time without affecting prior lawful processing.

You may lodge a complaint with your local supervisory authority, including the Estonian Data Protection Inspectorate, if you believe processing violates applicable law.

Cookies
Cookie and similar technology usage

We use essential cookies/local storage for core functionality. Optional analytics/marketing cookies are managed through the cookie preferences interface where required by law.

You can update cookie preferences at any time through the site's cookie settings controls.

Changes and Contact
Policy updates and contact information

We may update this Privacy Policy from time to time. Material changes will be communicated in the Service or by email.

Contact for privacy questions or rights requests: contact@memento-mori.email

BitFoundry OÜ, Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551, Estonia.

Return to Home