EFIRAS
Regulatory AI

Privacy Policy

How we protect and handle your data with secure, professional practices designed for regulatory compliance professionals

Last updated: July 5, 2026
Never sold
No advertising, no data brokers — ever
Encrypted
TLS 1.3 on every request
Full GDPR rights
Access, correct, export, or erase
Delete anytime
Account and data removed on request
01

Information We Collect

What data we gather to provide our regulatory analysis services

Account Information

  • Email address (when you create an account)
  • Authentication data (via Google Sign-In or email/password)

Usage Information

  • Queries submitted to our regulatory analysis system
  • Query response times and system performance data
  • Technical information (IP address, browser type, device information)
02

How We Use Your Information

How we process your data to deliver regulatory intelligence

Core Services

  • Provide AI-powered regulatory document analysis
  • Process queries through our RAG system
  • Manage user accounts and authentication
  • Monitor usage limits

Service Improvement

  • Analyze usage patterns to improve functionality
  • Monitor system performance and debug issues

Legal Bases (GDPR Art. 6)

  • Contract: operating your account and answering your queries
  • Legitimate interest: security, rate limiting, and service improvement
  • Consent: optional analytics cookies
03

Data Security

How we protect your information

Technical Security

  • TLS 1.3 encryption for all data transmission
  • Secure serverless hosting on Google Cloud (Cloud Run)
  • Firebase Auth for secure authentication
  • Rate limiting and abuse prevention
04

Data Sharing

Third-party services we use

Service Providers

  • Google Cloud: Application hosting (Cloud Run and Cloud Load Balancing)
  • Firebase (Google): Authentication and analytics
  • OpenAI/Azure OpenAI: AI processing (queries not stored)
  • Cloudflare: Content delivery and security
05

Data Retention

How long we keep your information

Retention Periods

  • Account data: Until you request deletion
  • Query logs: 90 days (then anonymized)
  • System logs: 30 days for debugging
06

Your Rights

Your control over your data

You Can Request

  • Access to your personal information
  • Correction of inaccurate data
  • Deletion of your data
  • Data portability
  • Restriction of, or objection to, processing
  • Withdrawal of consent at any time

How to Exercise Them

  • Email contact@efiras.com — we respond within 30 days
  • You may also lodge a complaint with the Luxembourg supervisory authority (CNPD, cnpd.lu)
07

Cookies & Tracking

Technologies we use

Essential

  • Firebase: User sessions and authentication
  • Cloudflare: Security and performance

Analytics (Consent-Based)

  • Firebase Analytics: Anonymous usage patterns to improve the service
08

International Transfers

Where your data is processed

Processing Locations

  • Google Cloud: Primary application hosting (Cloud Run)
  • United States: Firebase and OpenAI processing
  • Global: Cloudflare CDN

Transfer Safeguards

  • US providers (Google, OpenAI) are certified under the EU-US Data Privacy Framework
  • Standard Contractual Clauses apply where the framework does not

Important Notice

EFIRAS provides AI-generated responses based on publicly available regulatory documents for informational and research purposes only. Responses do not constitute legal, compliance, or professional advice, may contain errors or omissions, and should always be verified against the official texts before being relied upon for any decision.

Questions About Privacy?

If you have any questions about this privacy policy or our data practices, we're here to help.

Controller: EFIRAS

Email: contact@efiras.com

Location: Luxembourg

Contact Us About Privacy