Legal

Privacy Policy

Last updated: April 2026·Version v1.0

Pericls (“we”, “us”, or the “Company”) is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Pericls Regulatory Compliance Intelligence Platform (the “Service”). It applies to all users of our website, application, and related services.

1. Data Controller & Data Protection Officer

The data controller responsible for your personal data is:

Pericls Ltd
London, United Kingdom
Company registered in England and Wales

Our Data Protection Officer (DPO) can be reached at:

Data Protection Officer
Email: dpo@pericls.com

2. Personal Data We Collect

We collect the following categories of personal data depending on how you interact with our Service:

2.1 Account & Identity Data

Full name
Email address
Password (hashed)
Organization name and role
OAuth profile data (Google sign-in)

2.2 Billing Data

Payment card details (processed by Stripe; we do not store card numbers)
Billing address
Invoice history

2.3 Content & Usage Data

Regulatory documents and business descriptions you upload or enter
Assessment results and generated reports
Jurisdiction and regulation selections
Feature usage patterns and navigation events

2.4 Technical Data

IP address
Browser type and version
Device identifiers
Cookies and similar technologies (see Section 9)
Error logs and diagnostic data

3. Purposes & Legal Bases for Processing

Purpose	Legal Basis (GDPR Art. 6)
Providing and maintaining the Service	Performance of contract (Art. 6(1)(b))
Account creation and authentication	Performance of contract (Art. 6(1)(b))
Processing payments and billing	Performance of contract (Art. 6(1)(b))
Sending transactional communications	Performance of contract (Art. 6(1)(b))
Product analytics and improvement	Legitimate interest (Art. 6(1)(f))
Error monitoring and security	Legitimate interest (Art. 6(1)(f))
LLM-powered regulatory analysis	Performance of contract (Art. 6(1)(b))
Marketing communications	Consent (Art. 6(1)(a))
Compliance with legal obligations	Legal obligation (Art. 6(1)(c))

4. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

Data Category	Retention Period
Account data	Duration of account + 30 days after deletion
Billing records	7 years (legal/tax requirement)
Assessment content	Duration of account + 90 days
Analytics data	26 months (anonymized thereafter)
Error logs	90 days
Marketing consent records	Duration of consent + 3 years

Upon account deletion, we will erase or anonymize your personal data within the timeframes specified above, unless retention is required by law.

5. Third-Party Recipients

We share personal data with third-party service providers (“sub-processors”) who assist in operating the Service. Each sub-processor is contractually bound to process data only as instructed and to maintain appropriate security measures.

For a complete and current list of sub-processors, please see our Sub-Processors Page.

We may also disclose personal data when required by law, court order, or governmental request, or to protect our legal rights.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. Where such transfers occur, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) approved by the European Commission
UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs, as approved by the ICO
EU-US Data Privacy Framework certification where the recipient participates
Adequacy decisions for countries recognized by the European Commission

You may request a copy of the relevant transfer safeguards by contacting our DPO.

7. Your Rights as a Data Subject

Under the GDPR and applicable data protection laws, you have the following rights regarding your personal data:

Right of Access (Art. 15)

You may request confirmation of whether we process your personal data and obtain a copy of it.

Right to Rectification (Art. 16)

You may request correction of inaccurate personal data or completion of incomplete data.

Right to Erasure (Art. 17)

You may request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.

Right to Restriction (Art. 18)

You may request that we restrict processing of your personal data in certain circumstances.

Right to Data Portability (Art. 20)

You may request your personal data in a structured, commonly used, machine-readable format.

Right to Object (Art. 21)

You may object to processing based on legitimate interests, including profiling and direct marketing.

Right to Withdraw Consent (Art. 7(3))

Where processing is based on consent, you may withdraw consent at any time without affecting prior processing.

Right Regarding Automated Decisions (Art. 22)

You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

To exercise any of these rights, contact us at privacy@pericls.com or through your account settings. We will respond within 30 days of receiving your request.

8. Right to Lodge a Complaint

If you believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the UK Information Commissioner's Office (ICO). You may also lodge a complaint with the supervisory authority in the EU/EEA Member State of your habitual residence or place of work.

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
Website: ico.org.uk

We encourage you to contact us first at dpo@pericls.com so that we can address your concerns directly.

9. Cookies & Tracking Technologies

We use cookies and similar technologies to operate the Service, remember your preferences, and understand how our Service is used. Categories include:

Category	Purpose	Required?
Strictly Necessary	Authentication, session management, security	Yes
Functional	User preferences, language settings	No
Analytics	Product usage insights (PostHog)	No
Error Monitoring	Crash reporting and diagnostics (Sentry)	No

For full details including specific cookie names and durations, see our Cookie Policy.

10. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that data promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email at least 30 days before they take effect. The “Last updated” date at the top of this page indicates the most recent revision.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, contact us:

Pericls Ltd
Email: privacy@pericls.com
DPO: dpo@pericls.com