Privacy Policy

Effective Date: September 5, 2025

1. Introduction

EU AI Risk ("we", "our", or "us") is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This Privacy Policy explains how we collect and use information, with a focus on minimizing data collection and protecting your privacy.

2. Data Controller

The entity responsible for this website and its data processing is:

EU AI Risk
Email: privacy@euairisk.com
Data Protection Officer: dpo@euairisk.com

3. Information We Collect

Important: We prioritize your privacy. Our risk assessment tool collects only anonymous data. We collect personal information only when you explicitly provide it through our contact form or newsletter signup.

3.1 Information You Provide

  • Anonymous AI system assessment data (risk classification responses with no identifying information)
  • Email address (when you sign up for our newsletter)
  • Contact information (when you use our contact form)

3.2 Automatically Collected Information

  • Browser type and version
  • Device information
  • Usage analytics through third-party analytics services (if consented)
  • Cookie data (based on your preferences)

4. Legal Basis for Processing

We process data based on the following legal grounds:

  • Legitimate Interests: For providing and improving our services using anonymous assessment and usage data
  • Consent: For newsletter subscriptions, analytics cookies, and marketing communications
  • Legal Obligations: For compliance with applicable laws

5. How We Use Your Information

  • To provide AI Act risk classification services
  • To improve our services and user experience using anonymous data
  • To send periodic newsletters about EU AI Act updates (if subscribed)
  • To analyze usage patterns and trends
  • To protect against fraud and security threats
  • To comply with legal obligations

6. Data Processing and Infrastructure

We do not sell data. Our anonymous data is processed by the following types of service providers:

  • Infrastructure Providers: Third-party providers for web hosting and database storage that process anonymous assessment and usage data
  • Analytics Services: Anonymous, GDPR compliant analytics for processing usage patterns.
  • Legal Compliance: We may disclose information when required by law, though our anonymous data collection minimizes what can be shared

7. Data Retention

We retain data for the following periods:

  • Anonymous assessment data: 90 days
  • Newsletter subscriber emails: Until you unsubscribe
  • Analytics data: 26 months (when consented)
  • Legal records: As required by law

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Access: Request information about what data we hold
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data
  • Unsubscribe: Opt out of newsletters at any time
  • Withdraw Cookie Consent: Manage your cookie preferences at any time through our
  • Request Information: Contact us for questions about our privacy practices

To exercise these rights, contact us at privacy@euairisk.com or use our request forms:

Request Data ExportRequest Data Deletion

Note: All requests will be manually reviewed to verify your identity and protect against unauthorized access.

9. Data Security

We implement appropriate technical and organizational measures to protect data security:

  • Encryption in transit (TLS/SSL)
  • Access controls and authentication
  • Regular security audits
  • Incident response procedures

10. International Transfers

We ensure appropriate safeguards for international data transfers through:

  • EU-US Data Privacy Framework participation by our service providers
  • Standard Contractual Clauses (SCCs) where applicable
  • Technical and organizational measures to protect data

We use service providers in the following categories:

  • Database hosting providers (US-based)
  • Web application hosting providers (Global CDN with US origin)
  • Analytics service providers (US-based, anonymous GDPR compliant)

We use Vercel (US-based) for hosting. Data may be transferred to the United States under the EU–US Data Privacy Framework and Standard Contractual Clauses.

All service providers are carefully selected and contractually bound to protect data in accordance with GDPR requirements.

11. Cookies

We use cookies to enhance your experience. You can manage your preferences through our cookie banner. Types of cookies we use:

  • Necessary: Required for site functionality
  • Analytics: Help us understand site usage through analytics services (if consented)
  • Marketing: For relevant content (optional)

12. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email (if subscribed) or through a prominent notice on our website. The "Effective Date" at the top indicates the last revision.

14. Contact Us

For questions or concerns about our privacy practices:

Email: privacy@euairisk.com
Data Protection Officer: dpo@euairisk.com
Response time: Within 30 days

15. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have violated data protection laws or GDPR requirements.

This privacy policy was last updated on September 5, 2025.