Privacy policy
This is the plain-English version. We collect as little as we can get away with, store it for as short as we can justify, and never sell it.
1. Who we are
BatteryComply is operated by BatteryComply AS, a Norwegian company. We provide an automated review service that checks battery-product PDF documents against EU Regulation 2023/1542. We act as the data controller for the personal data described below.
2. What we collect, why, and for how long
| Data | Why | Legal basis | Retention |
|---|---|---|---|
| The PDF you upload | To run the compliance check you asked for | Contract (Art. 6(1)(b) GDPR) | 30 days, then deleted from object storage |
| The generated report | So you can return to it via your share link | Contract | 12 months from creation |
| Email address (when you provide one) | To send the unlocked report and receipts | Contract | Until you ask us to delete it; otherwise 24 months after last use |
| Payment metadata (Stripe customer ID, last 4 digits) | Refunds, fraud prevention, accounting | Legal obligation (5 years, Norwegian Bookkeeping Act) | 5 years |
| Feedback you submit | To improve the product | Legitimate interest (Art. 6(1)(f)) | 24 months |
| IP address & user-agent (in server logs) | Security, abuse prevention, debugging | Legitimate interest | 30 days rolling |
3. What we don't collect
- No advertising trackers, no analytics fingerprinting, no third-party pixels
- No cookies for marketing or profiling (see Cookies for the two technical items we do use)
- We never train AI models on your uploaded documents — they're processed for your check and then expire
4. Who we share data with
Only the sub-processors we need to run the service:
- Render (US/EU) — application hosting
- Netlify (US/EU) — static site hosting
- Supabase (EU region) — database and object storage for reports
- Anthropic (US) — the AI model that performs the document check (zero-data-retention contract; uploaded text is not retained or used for training)
- Stripe (Ireland/US) — payment processing
- Postmark or equivalent (EU) — transactional email
Where data leaves the EEA, transfers are covered by Standard Contractual Clauses. We don't share or sell data to anyone else.
5. Your rights under GDPR
You can ask us, at any time, to:
- Show you everything we hold on you (access, Art. 15)
- Correct anything that's wrong (rectification, Art. 16)
- Delete your data (erasure, Art. 17) — except where we're required to keep it for tax/accounting
- Export your data in a portable format (portability, Art. 20)
- Object to processing based on legitimate interest (Art. 21)
Email privacy@batterycomply.com. We respond within 30 days. If you're not satisfied, you have the right to complain to your national data-protection authority (in Norway: Datatilsynet).
6. Security
HTTPS everywhere (HSTS preload), strict Content-Security-Policy, encrypted object storage, principle-of-least-privilege on database access, and regular dependency updates. If you find a vulnerability, please tell us at security@batterycomply.com — see /.well-known/security.txt.
7. Children
BatteryComply is a B2B service. We do not knowingly collect data from anyone under 16.
8. Changes to this policy
If we change something material, we'll bump the "Effective" date at the top and email registered users at least 14 days before it takes effect.