RegDoor
Intelligence Layer
AboutTop Voices ↗
LoginBook a Demo
  • Cookie Policy
  • Privacy Policy
  • Terms & Conditions
  • Data Processing Agreement
  • Privacy Rights Request

Last update: July 3, 2026  ·  Version 2.0

Privacy Policy

Purpose

RegDoor ("Organization," "Company," "we," "our," or "us") is committed to protecting the privacy of individuals who interact with us. This policy explains how we collect, use, store, and safeguard personal data to ensure transparency and build trust with our clients and partners, and to meet our obligations under applicable data protection laws, including the Brazilian General Data Protection Law (LGPD), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA).

Scope

This policy applies to all personal data collected through the Organization's website, application ("the Platform"), services, and other interactions with individuals, regardless of the jurisdiction in which the individual is located.

Definitions

  • IP Address: A unique string of characters that identifies each computer using the Internet Protocol to communicate over a network.
  • Personal Data: Any information relating to an identifiable individual (e.g., name, email, IP address).
  • Processing: Any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.
  • Data Controller: The entity that determines the purposes and means of processing personal data.
  • Data Processor / Sub-processor: An entity that processes data on behalf of, and under the instructions of, the data controller.
  • Data Subject: The identifiable individual to whom personal data relates.

Responsibilities

The Chief Information Security Officer (CISO) is responsible for developing, implementing, maintaining, and enforcing this policy, including its provisions on the use of Artificial Intelligence (AI). Employees are responsible and accountable for ensuring adherence to this policy's terms during their job duties, including when configuring or operating AI-enabled features.

Availability and Presentation of this Notice

We make this Privacy Policy available to individuals at their first interaction with the Platform and at any time thereafter, in line with our commitment to transparent, plain-language notice:

  • At sign-up / login: Before accessing the Platform for the first time, individuals must affirmatively check a box on the login screen stating "I accept and agree with: Privacy Policy and Terms and Conditions," which links directly to this policy and to our Terms and Conditions. Access is not granted until this acknowledgment is provided. If the policy is updated, the user will need to accept it again upon accessing the platform.
  • On an ongoing basis: This policy remains accessible at any time via the same link within the Platform, so individuals can review it whenever necessary, including after any update.
  • Plain language: This policy is written in clear, non-technical language so that data subjects can readily understand what personal data we process, why, and what rights are available to them, consistent with our legal obligations in each applicable jurisdiction.

Data We Collect

We may collect the following types of personal data:

  • Identification Information: Name, email, phone number, address, etc.
  • Account Information: Username, password, account preferences — limited to what is strictly necessary to authenticate and grant access to the Platform.
  • Financial Information: Payment details, billing address.
  • Technical Data: IP address and usage analytics, collected within the Platform (see "Cookies and Tracking Technologies" below).

Data that clients input into the Platform in the course of using our services (e.g., regulatory content, internal notes, or other records uploaded by the client) remains the client's responsibility as the data controller for that content. RegDoor processes such content solely to provide the contracted services.

How We Collect Data

We collect personal data through the following methods:

  • Directly from you: When you fill out forms, create accounts, or contact us.
  • Automatically: Through in-app analytics tools and logs when you use the Platform.
  • Third Parties: From business partners, service providers, or publicly available sources.

Legal Bases for Processing Personal Data

We process personal data only when permitted by law. The legal bases include:

  • Consent: When you provide explicit consent (e.g., marketing communications).
  • Contractual Necessity: To fulfill a contract with you (e.g., providing access to the Platform).
  • Legal Obligation: To comply with legal and regulatory requirements.
  • Legitimate Interests: For improving services or ensuring security.

How We Use Personal Data

We use personal data for the following purposes:

  • Providing and improving our services.
  • Processing and managing Platform access.
  • Communicating with you regarding updates, offers, and support.
  • Conducting analytics and research to improve user experience.
  • Ensuring security and complying with legal obligations.

Use of Artificial Intelligence

RegDoor leverages AI agents to analyze regulatory developments, using proprietary regulatory data, institutional knowledge, and jurisdiction-specific context. The Platform uses this analysis to generate reports, alerts, policy insights, and strategic recommendations, while maintaining traceability to the underlying regulatory sources.

In connection with this processing:

  • Limited personal data involved: AI-driven analysis may reference personal data incidentally contained in regulatory sources or collected on public websites, such as the names and contact details of regulators or public officials. Personal data relating to Platform users is limited to the account information necessary for authentication and access, as described above.
  • Client content: Any other data that clients input into the Platform is processed as instructed by the client and remains the client's responsibility; RegDoor does not determine the purposes for which that content is used.
  • No use for AI training: RegDoor does not use client data or personal data collected through the Platform to train its own or any third party's AI models.
  • Third-party AI providers: RegDoor uses third-party AI service providers, including OpenAI and Anthropic, to power certain AI agent functionality. These providers act as data processors/sub-processors, operate under contractual and technical safeguards, and are engaged consistent with their standard commercial terms, under which data submitted through their business/API services is not used to train their models.
  • Human oversight: AI-generated outputs (reports, alerts, insights, and recommendations) are traceable to their underlying regulatory sources and are subject to human review as part of our service delivery.

Data Sharing and Disclosure

We may share personal data under these circumstances:

  • Service Providers: With vendors or contractors who perform services on our behalf, including AI service providers (OpenAI and Anthropic) used to deliver AI-powered features, as described above.
  • Legal Compliance: To comply with laws, subpoenas, or other legal processes.
  • Consent: When you explicitly agree to share your data.

We do not sell personal data, and we do not share personal data for cross-context behavioral advertising purposes.

Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law. Afterward, data is securely deleted or anonymized.

Data Security

We implement industry-standard technical and organizational measures to safeguard personal data, including:

  • Encryption (at rest and in transit).
  • Access controls and authentication protocols.
  • Regular audits and security assessments.

Data Protection Officer (DPO)

RegDoor has appointed Luciana Mello as its Data Protection Officer (DPO), responsible for overseeing compliance with applicable data protection laws, including the GDPR. The DPO serves as the primary point of contact for data subjects and supervisory authorities regarding personal data protection matters.

If you have any questions regarding this Privacy Policy or our processing of personal data, you may contact our DPO using the email legal@regdoor.com.

If you wish to exercise your privacy rights, please see the topic below.

Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request access to your data.
  • Rectification / Correction: Correct inaccurate or incomplete data.
  • Deletion: Request deletion of your data.
  • Data Portability: Obtain a copy of your data in a portable format.
  • Restriction: Request a limitation on the processing of your data.
  • Objection: Object to certain processing activities (e.g., direct marketing).
  • Withdraw Consent: Withdraw your consent when processing is based on consent.
  • Non-Discrimination: We will not discriminate against you for exercising any of these rights.

Brazil (LGPD): In addition to the rights above, you may lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD) if you believe your rights have been violated.

European Union (GDPR): You have the right to lodge a complaint with your local data protection supervisory authority. Contact us if you need help identifying the competent authority.

California (CCPA/CPRA): California residents have the right to know what personal information is collected, to delete it, to correct it, to limit the use of sensitive personal information, and to opt out of the sale or sharing of personal information. As noted above, we do not sell or share personal information as defined by the CCPA/CPRA.

To exercise your rights, please contact us via the Privacy Rights Request form available on our website.

Cookies and Tracking Technologies

Website: Our public website (regdoor.com) does not use cookies or similar tracking technologies.

Application: Within the RegDoor application (post-login), we use an in-app analytics tool to collect Technical Data, such as IP addresses and usage analytics, in order to operate, secure, and improve the Platform. This in-app analytics does not rely on browser cookies. See our Cookie Policy for full details.

Children's Privacy

We do not knowingly collect personal data from children under the age of 18. If we become aware of such data, we will delete it promptly.

Third-Party Links

Our website or services may contain links to third-party websites. We are not responsible for their privacy practices and encourage you to review their privacy policies.

Updates to This Policy

We may update this policy periodically to reflect changes in laws, regulations, or business practices. Material updates will be reflected in the version history above and, where required, communicated through the Platform.

RegDoor

Turning regulatory complexity into clarity for growth.

Part of

iLAB Madrid – International Lab
Product
  • Decision Engine
  • Regulatory Monitoring
  • Relationship Management
  • Intelligence Layer
Company
  • About
  • Top Voices ↗
Legal
  • Privacy Policy
  • Cookie Policy
  • Terms & Conditions
  • Data Processing Agreement
  • Privacy Rights Request
  • Do Not Sell My Data

© 2026 RegDoor. All rights reserved.

RegDoor is a comprehensive platform for managing regulatory relationships and tracking legal and policy developments. It is not designed or intended to support clients' compliance teams in implementing or managing a regulatory compliance program. It does not replace or fulfill the operational requirements of such a program.