Privacy policy
This is the plain-English version. We collect as little as we can get away with, store it for as short as we can justify, and never sell it.
1. Who we are
BatteryComply is operated by BatteryComply AS, a Norwegian company. We provide an automated review service that checks battery-product PDF documents against EU Regulation 2023/1542. We act as the data controller for the personal data described below.
2. What we collect, why, and for how long
| Data | Why | Legal basis | Retention |
|---|---|---|---|
| The PDF you upload | To run the compliance check you asked for | Contract (Art. 6(1)(b) GDPR) | 30 days, then deleted from object storage |
| The generated report | So you can return to it via your share link | Contract | 12 months from creation |
| Email address (when you provide one) | To send the unlocked report and receipts | Contract | Until you ask us to delete it; otherwise 24 months after last use |
| Payment metadata (Stripe customer ID, last 4 digits) | Refunds, fraud prevention, accounting | Legal obligation (5 years, Norwegian Bookkeeping Act) | 5 years |
| Feedback you submit | To improve the product | Legitimate interest (Art. 6(1)(f)) | 24 months |
| IP address & user-agent (in server logs) | Security, abuse prevention, debugging | Legitimate interest | 30 days rolling |
3. What we don't collect
- No advertising trackers, no analytics fingerprinting, no third-party pixels
- No cookies for marketing or profiling (see Cookies for the two technical items we do use)
- We never train AI models on your uploaded documents — they're processed for your check and then expire
4. Who we share data with
To run BatteryComply we use the following sub-processors. Each one receives only the minimum data they need to perform their function. We don't share or sell your data outside this list.
- Netlify (US, EEA edge nodes) — static site hosting; receives your IP address and request headers when you visit any page.
- Render (Frankfurt, EU region) — backend application hosting; processes your uploaded PDF in memory for the duration of the audit and stores the resulting compliance report.
- Supabase (Frankfurt, EU region) — database hosting for stored reports and Battery Passports; access requires the unique URL we send you.
- Anthropic (US) — the Claude AI model performs the document audit. Anthropic's Commercial Terms state customer inputs are not used to train Anthropic models. Documents are processed in-flight and we do not retain them after the audit completes.
- Stripe (Ireland HQ for EU payments) — payment processing for audit and passport unlocks. Stripe handles card data directly; we never see card numbers.
- MailerLite (Lithuania, EU) — email service for the lead-magnet welcome flow and occasional product updates. Stores your email address and any optional company / role you provide. You can unsubscribe at any time via every email's footer.
- Microsoft 365 (Ireland data centres for EU customers) — provider of
info@batterycomply.com. Stores any email you send us as part of unlocking, support, or general correspondence. - GoDaddy (Ireland / US) — domain registrar and DNS host for batterycomply.com.
- Google Analytics 4 (Ireland HQ for EU traffic) — anonymous traffic measurement. Operates under Consent Mode v2 default-denied for EEA visitors: GA records cookieless aggregate page-view counts only, sets no tracking cookies and no advertising IDs, and does not link your visit to other Google services unless you explicitly opt in via a future cookie banner.
We don't run advertising trackers, attribution pixels, or marketing-data brokers. Where data leaves the EEA, transfers are covered by Standard Contractual Clauses.
5. Your rights under GDPR
You can ask us, at any time, to:
- Show you everything we hold on you (access, Art. 15)
- Correct anything that's wrong (rectification, Art. 16)
- Delete your data (erasure, Art. 17) — except where we're required to keep it for tax/accounting
- Export your data in a portable format (portability, Art. 20)
- Object to processing based on legitimate interest (Art. 21)
Email privacy@batterycomply.com. We respond within 30 days. If you're not satisfied, you have the right to complain to your national data-protection authority (in Norway: Datatilsynet).
6. Security
HTTPS everywhere (HSTS preload), strict Content-Security-Policy, encrypted object storage, principle-of-least-privilege on database access, and regular dependency updates. If you find a vulnerability, please tell us at security@batterycomply.com — see /.well-known/security.txt.
7. Children
BatteryComply is a B2B service. We do not knowingly collect data from anyone under 16.
8. Changes to this policy
If we change something material, we'll bump the "Effective" date at the top and email registered users at least 14 days before it takes effect.