ActGuard

Privacy Policy

Last updated: December 2024

1. Introduction

ActGuard ("we", "our", "us") operates an AI governance documentation platform. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

2. Data We Collect

We collect the following categories of personal data:

  • Account Information: Email address, user ID, and authentication credentials
  • Incident Records: AI system incident data, descriptions, classifications, and related documentation that you enter into the platform
  • Evidence Files: Documents, logs, screenshots, and other files you upload as evidence
  • Usage Data: System logs, access timestamps, and platform interaction data

3. Purpose of Data Processing

We process your personal data for the following purposes:

  • Providing governance documentation and incident logging services
  • Supporting operational oversight and audit preparation
  • Generating governance reports and documentation
  • Ensuring system security and preventing unauthorized access
  • Complying with legal and regulatory obligations

4. Data Processing Location

All personal data is processed and stored within the European Union (EU) and European Economic Area (EEA). Our primary data hosting is located in Frankfurt, Germany (AWS EU-Central-1). We do not transfer personal data outside the EU/EEA.

5. Data Sharing

We do not sell, rent, or share your personal data with third parties except:

  • Service Providers: We use third-party service providers (e.g., cloud hosting, database services) that process data on our behalf under strict contractual obligations
  • Legal Requirements: When required by law, court order, or regulatory authority

We do not use your data for advertising, marketing, or AI model training purposes.

6. Your Rights (GDPR)

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
  • Right to Restriction: Request restriction of processing in certain circumstances
  • Right to Data Portability: Request transfer of your data to another service
  • Right to Object: Object to processing based on legitimate interests

To exercise these rights, please contact us at privacy@actguard.eu.

7. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Incident records and governance documentation may be retained for audit and compliance purposes in accordance with applicable regulations. When you close your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

8. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption in transit and at rest, access controls, and regular security assessments.

9. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@actguard.eu
Address: Office, Ved Lunden 4, 8230 Åbyhøj, Denmark

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.