Legal

Privacy Policy

This policy explains what personal data Regwolf collects, why we process it, who we share it with, and the rights you have under the GDPR and applicable data-protection law.

Last updated 7 June 2026Version 2.0Effective 7 June 2026
Summary. We collect the minimum we need to run Regwolf, never sell your data, host in the EU, and give you full control over your information. The detail is below.

01 Who we are

Regwolf ("Regwolf", "we", "us") provides a compliance-automation platform for European organisations. For the personal data described in this policy relating to our website and our own customers, Regwolf acts as the data controller. Where we process personal data on behalf of a customer inside the platform, we act as a processor under our Data Processing Agreement.

02 What data we collect

We collect:

  • Account & contact data — name, work email, company, role, given when you sign up, book a demo or join the waitlist.
  • Usage data — pages viewed, features used, device and browser information, collected to operate and improve the service.
  • Assessment data — answers you provide to our free readiness assessments, stored in your browser and, if you request a report, associated with your email.
  • Customer platform data — evidence, control and system data your organisation connects; processed under the DPA.

03 How we use your data

We process personal data on these legal bases:

PurposeLegal basis
Providing and securing the serviceContract / legitimate interests
Responding to demo & sales enquiriesLegitimate interests / consent
Product analytics & improvementConsent (analytics cookies)
Sending requested reports & guidanceConsent
Legal, tax and security obligationsLegal obligation

04 Cookies & tracking

We use a small number of cookies and similar technologies. Necessary cookies keep the site working; analytics and marketing cookies run only with your consent. You can review and change your choices anytime — see our Cookie Policy.

05 Sharing & subprocessors

We do not sell personal data. We share it only with vetted service providers (subprocessors) who help us run Regwolf — for hosting, email, analytics and support — under contracts that require equivalent protection. The current list is maintained in our Trust Center.

06 International transfers

Regwolf is built to keep data in the EU. Where a subprocessor processes data outside the EEA, we rely on an adequacy decision or the European Commission's Standard Contractual Clauses, with supplementary measures where needed.

07 Data retention

We keep personal data only as long as necessary for the purpose it was collected, to meet legal obligations, or to resolve disputes. Account data is deleted or anonymised after your relationship with us ends, subject to mandatory retention periods.

08 Security

We protect personal data with encryption in transit and at rest, least-privilege access, continuous monitoring and an ISO 27001-aligned information-security program. Details are in the Trust Center.

09 Your rights

Under the GDPR you have the right to access, rectify, erase, restrict and port your data, to object to certain processing, and to withdraw consent at any time. You also have the right to lodge a complaint with your supervisory authority. To exercise any right, contact us using the details below.

10 Changes & contact

We may update this policy; material changes will be notified on this page with a new "last updated" date. Questions or requests: privacy@regwolf.com.

Questions?

Contact our privacy team

Email privacy@regwolf.com for any privacy question or to exercise your data-protection rights. We respond within 30 days.