Our Commitment to GDPR Compliance
eulaw.ai is fully committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of all users in the European Union and beyond. This page explains how we implement GDPR requirements and how you can exercise your data rights.
Data Protection by Design
We have implemented data protection by design and by default throughout our platform, ensuring that privacy is built into every aspect of our service from the ground up. You are in full control of your data, and can manage it at anytime including full deletion. We never use your data to train our AI models, and your data will never leave our infrastructure and servers.
Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR:
| Data Type | Legal Basis | Purpose |
|---|---|---|
| Account Information | Contract Performance (Art. 6(1)(b)) | Providing our services to you |
| Payment Data | Contract Performance (Art. 6(1)(b)) | Processing subscription payments |
| Chat History & Documents | Contract Performance (Art. 6(1)(b)) | AI document analysis and persistent access |
| Technical/Security Logs | Legitimate Interest (Art. 6(1)(f)) | Security monitoring and service optimization |
Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of Access (Art. 15): Request copies of your personal data
- Right to Rectification (Art. 16): Request correction of inaccurate data
- Right to Erasure (Art. 17): Request deletion of your personal data
- Right to Restrict Processing (Art. 18): Request limitation of data processing
- Right to Data Portability (Art. 20): Request your data in a portable format
- Right to Object (Art. 21): Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent for consent-based processing
Data Processing Activities
Personal Data We Collect
- Contact information (email address, optional name)
- Account credentials (securely managed authentication)
- Payment information (processed securely by Stripe - not stored by us)
- Legal documents you upload for AI analysis
- Chat conversations and AI interactions
- Usage data (queries, document interactions, session information)
- Technical data (IP address, browser information, authentication tokens)
Data Retention Periods
- Account Data: Retained for the duration of your subscription plus 30 days
- Chat History & Documents: Retained until deleted by user or account closure
- Payment Records: Retained for 7 years as required by Danish tax law
- Security Logs: Retained for 90 days for security monitoring
- Support Communications: Retained for 3 years (if any)
Data Security Measures
We implement appropriate technical and organizational measures to protect your data:
- End-to-end encryption for data transmission (HTTPS/TLS)
- Enterprise-grade infrastructure with SOC 2 compliance in EU region
- Encryption at rest for stored documents and data
- Secure authentication and access controls
- Automated backup and disaster recovery procedures
- Regular security monitoring and audit logging
International Data Transfers
We process data within the European Economic Area (EEA). When transfers outside the EEA are necessary, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) with service providers
- Adequacy decisions by the European Commission
- Additional security measures for sensitive data
Data Protection Contact
While we are not required to appoint a formal Data Protection Officer under GDPR Article 37 (as we are a small company), we have designated data protection expertise to oversee our GDPR compliance. You can contact us for any data protection matters.
Exercising Your Rights
To exercise any of your GDPR rights, you can:
- Use the data management tools in your account settings
- Contact our support team through the platform
- Send an email to our Data Protection Officer
We will respond to your request within one month, and we will not charge a fee unless your request is manifestly unfounded or excessive.
Contact for Data Protection Matters
Data Protection Contact:
Email: admin@eulaw.ai
Address: eulaw.ai, Denmark
CVR: 45768554
Complaints to Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR. In Denmark, you can contact:
- Danish Data Protection Agency (Datatilsynet)
- Website: datatilsynet.dk
- Email: dt@datatilsynet.dk
Updates to This Policy
We may update this GDPR compliance information from time to time. Any changes will be communicated through our platform and updated on this page.
Last Updated: August 24, 2025
Next Review: February 24, 2026