Our Commitment to GDPR Compliance
eulaw.ai is fully committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of all users in the European Union and beyond. This page explains how we implement GDPR requirements and how you can exercise your data rights.
Data Protection by Design
We have implemented data protection by design and by default throughout our platform, ensuring that privacy is built into every aspect of our service from the ground up. You are in full control of your data, and can manage it at anytime including full deletion. We never use your data to train our AI models, and your data will never leave our infrastructure and servers.
Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR:
| Data Type | Legal Basis | Purpose |
|---|---|---|
| Account Information | Contract Performance (Art. 6(1)(b)) | Providing our services to you |
| Payment Data | Contract Performance (Art. 6(1)(b)) | Processing subscription payments |
| Chat History & Documents | Contract Performance (Art. 6(1)(b)) | AI document analysis and persistent access |
| Technical/Security Logs | Legitimate Interest (Art. 6(1)(f)) | Security monitoring and service optimization |
Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of Access (Art. 15): Request copies of your personal data
- Right to Rectification (Art. 16): Request correction of inaccurate data
- Right to Erasure (Art. 17): Request deletion of your personal data
- Right to Restrict Processing (Art. 18): Request limitation of data processing
- Right to Data Portability (Art. 20): Request your data in a portable format
- Right to Object (Art. 21): Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent for consent-based processing
Data Processing Activities
Personal Data We Collect
- Contact information (email address, optional name)
- Account credentials (securely managed authentication)
- Payment information (processed securely by Stripe - not stored by us)
- Legal documents you upload for AI analysis
- Chat conversations and AI interactions
- Usage data (queries, document interactions, session information)
- Technical data (IP address, browser information, authentication tokens)
Data Retention Periods
- Account Data: Retained for the duration of your subscription plus 30 days
- Chat History & Documents: Retained until deleted by user or account closure
- Payment Records: Retained for 7 years as required by Danish tax law
- Security Logs: Retained for 90 days for security monitoring
- Support Communications: Retained for 3 years (if any)
Data Security Measures
We implement appropriate technical and organizational measures to protect your data:
- End-to-end encryption for data transmission (HTTPS/TLS)
- Enterprise-grade infrastructure with SOC 2 compliance in EU region
- Encryption at rest for stored documents and data
- Secure authentication and access controls
- Automated backup and disaster recovery procedures
- Regular security monitoring and audit logging
Sub-processors
We use the following trusted sub-processors to deliver our Service:
| Provider | Purpose | Data Location | Safeguards |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, data storage, and AI model inference via AWS Bedrock | EU | AWS GDPR DPA; no data used for model training; list of model providers available on request |
| Stripe | Payment processing | EU / US (PCI-DSS compliant) | EU-US Data Privacy Framework |
| Google Analytics & Tag Manager | Website usage analytics (consent-based only) | US | EU-US Data Privacy Framework |
| Microsoft Clarity | Session replay and heatmap analytics (consent-based only) | US | EU-US Data Privacy Framework |
| LinkedIn Insight Tag | Marketing conversion tracking (consent-based only) | US | EU-US Data Privacy Framework |
International Data Transfers
Your user content data (queries, documents, chat history) is processed and stored exclusively within the European Union (AWS Frankfurt, eu-central-1). This data never leaves the EU.
If you accept analytics cookies, browsing metadata (IP address, page views, device information) may be transferred to the United States by our analytics providers. These transfers are protected by:
- The EU-US Data Privacy Framework adequacy decision (Commission Implementing Decision (EU) 2023/1795)
- Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable
Data Protection Contact
While we are not required to appoint a formal Data Protection Officer under GDPR Article 37 (as we are a small company), we have designated data protection expertise to oversee our GDPR compliance. You can contact us for any data protection matters.
Exercising Your Rights
To exercise any of your GDPR rights, you can:
- Use the data management tools in your account settings
- Contact our support team through the platform
- Send an email to our data protection contact at admin@eulaw.ai
We will respond to your request within one month, and we will not charge a fee unless your request is manifestly unfounded or excessive.
Contact for Data Protection Matters
Data Protection Contact:
Email: admin@eulaw.ai
Address: eulaw.ai, Denmark
CVR: 45768554
Complaints to Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR. In Denmark, you can contact:
- Danish Data Protection Agency (Datatilsynet)
- Website: www.datatilsynet.dk
- Email: dt@datatilsynet.dk
- Phone: +45 33 19 32 00
EU AI Act Transparency (Article 50)
In accordance with the EU Artificial Intelligence Act (Regulation (EU) 2024/1689), we inform you that:
- The Service uses AI systems (large language models) to generate legal information and document analysis
- All content generated by the AI is clearly presented as AI-generated output
- AI-generated responses may contain inaccuracies and should be independently verified
- The AI does not make legally binding decisions or replace professional legal judgment
- You are interacting with an AI system, not a human legal professional
Updates to This Policy
We may update this GDPR compliance information from time to time. Any changes will be communicated through our platform and updated on this page.
Last Updated: April 5, 2026
Next Review: October 5, 2026