Privacy Policy
Last updated: 13 June 2026
This policy will be updated following legal review. Guidance only.
1. Who we are
Disclo (disclo.eu) is an EU AI Act Article 50 compliance tool operated as a sole trader business based in the Netherlands. Contact: contact@disclo.eu.
2. What data we collect
We collect the following personal data:
- Email address: collected when you complete the free Scope Check wizard or purchase a product.
- Business website URL: collected when you activate a Pro subscription badge.
- Payment data: processed by Stripe. Disclo does not store card details. Stripe's privacy policy applies to payment processing.
- Disclosure event logs: when you are a Pro subscriber, our system records anonymous timestamps each time your badge fires. These logs are associated with your account and website domain, not with your visitors' personal data.
- Usage data: standard server logs including IP address and browser type, retained for 30 days.
3. Why we collect it
- Email: to deliver your Scope Check report, your Compliance Kit, and service communications.
- Website URL: to associate your evidence log with your Pro account.
- Disclosure logs: to generate your monthly evidence report and enable PDF export.
- Payment data: to process your purchase via Stripe.
4. Legal basis (GDPR)
We process your data on the basis of contract performance (Article 6(1)(b) GDPR) for data necessary to deliver the service, and legitimate interest (Article 6(1)(f) GDPR) for service improvement and security logging.
5. Data storage and security
Your data is stored in a Supabase-hosted database located in the European Union. We apply reasonable technical and organisational measures to protect your data.
6. Your rights
Under GDPR you have the right to access, correct, export, or delete your personal data at any time. To exercise any of these rights, email contact@disclo.eu. We will respond within 30 days. Scope Check leads are deleted within 12 months of collection if no purchase is made. Pro account data is retained for the duration of your subscription plus 90 days after cancellation.
7. Third-party processors
- Stripe: payment processing (stripe.com/privacy).
- Supabase: database hosting (supabase.com/privacy).
- Lovable / Vercel: hosting infrastructure.
8. Cookies
Disclo uses only functional cookies necessary to operate the service. We do not use advertising or tracking cookies. No third-party analytics are loaded without consent.
9. Changes to this policy
We will update this policy when our lawyer review is complete and when our data practices change. The date at the top of this page reflects the most recent update.
10. Contact
For any privacy questions: contact@disclo.eu.