Privacy Policy

1. What we collect

Contact form

• Name
• Email address
• Reason (Partnership, Press, Question, Other)
• The message you write

Walkthrough booking

When you book a walkthrough through our Cal.com embed on the walkthrough page, Cal.com collects name, email, role, and firm directly. Those fields are stored in Cal.com and forwarded to the ComplianceMap calendar.

Request logs

Our hosting provider records standard web access logs — IP address, request path, HTTP status, timestamp, and user agent — for operational security and abuse detection. Logs are retained for 30 days and are not joined to any other identifier.

What we do not collect

We do not run third-party advertising trackers, cross-site analytics, or fingerprinting on compliancemap.org. We do not build behavioural profiles. We do not sell, rent, or share personal data with any third party.

2. How we use it

• Replying to you — we read contact-form submissions in the operator inbox and answer from the founder mailbox.
• Scheduling walkthroughs — Cal.com sends the booking confirmation and reminder; we use the firmographic context to prepare the walkthrough.
• Operations and security — access logs are used to investigate errors and detect abuse.

We do not use your data, your queries, or your message text to train any machine-learning model.

3. Where it is stored

• Marketing site (this page): hosted on Vercel; EU regions for the page-render path.
• Contact-form delivery: Resend transactional email delivers your submission to the operator inbox.
• Booking data: stored in Cal.com under their terms.
• Operator inbox: messages received via the contact form sit in the founder mailbox; outbound replies are sent from the same inbox.

All connections are TLS-encrypted.

4. Third-party processors

We rely on the following sub-processors, each bound by their own contractual data-protection terms:

• Vercel — marketing-site hosting and request routing.
• Resend — transactional email delivery for contact-form submissions.
• Cal.com — booking flow on the walkthrough page.
• Gandi — domain registration and DNS.
• Brevo — transactional email for the ComplianceMap product application (only relevant if you sign up to the product; covered by a separate product-side notice when that flow exists).

5. Retention

• Contact-form messages: kept in the operator inbox while the conversation is open and for a reasonable follow-up window after; deleted on request.
• Booking data: per Cal.com's retention policy.
• Access logs: 30 days.

6. Your rights (GDPR)

If you are in the European Economic Area, you have the right to:

• Access the personal data we hold about you
• Have it corrected if inaccurate
• Have it deleted
• Receive an export in a portable format
• Object to or restrict processing
• Lodge a complaint with the French data-protection authority (CNIL) or the equivalent authority in your country of residence

To exercise any of these rights, email contact@compliancemap.org. We respond within 30 days.

7. Cookies and tracking

The marketing site does not set advertising cookies, third-party analytics cookies, or cross-site tracking pixels. The Cal.com embed on the walkthrough page loads first-party storage from Cal.com only when you interact with the booking flow; that storage is governed by Cal.com's own policy.

8. Children

The site and the product are aimed at compliance professionals. They are not directed at children under 16, and we do not knowingly collect personal data from children.

9. Changes to this policy

If we materially change how we handle your data we will update this page. For substantive changes that affect existing contacts, we will give reasonable advance notice by email where we have your address on file.

10. Contact

Questions about this policy or about your data: contact@compliancemap.org.