Privacy Policy

Last updated: June 2026

1. Who we are

RegOak ("we", "us", "our") is a compliance intelligence platform for regulated financial services firms. Our registered address is in the United Kingdom. We are the data controller for personal data collected through this website and our platform.

2. What data we collect

We collect: (a) account data — name, email address, firm name, and role when you register; (b) usage data — how you interact with the platform, including content submitted for review; (c) billing data — processed by Stripe, not stored by us; (d) communication data — emails and messages you send us; (e) technical data — IP address, browser type, and device information collected automatically.

3. How we use your data

We use your data to: provide and improve the RegOak platform; process your subscription and billing; send you service communications; respond to your enquiries; comply with our legal obligations; and, with your consent, send you marketing communications about RegOak products and regulatory updates.

4. Legal basis for processing

We process your data on the following legal bases: contract performance (to provide the service you've subscribed to); legitimate interests (to improve our platform and prevent fraud); legal obligation (to comply with applicable law); and consent (for marketing communications and non-essential cookies).

5. Data retention

We retain account data for the duration of your subscription plus 7 years (for legal and regulatory compliance purposes). Compliance review data is retained according to your plan's audit log retention period. You may request deletion of your personal data at any time, subject to our legal retention obligations.

6. Data sharing

We share your data with: Supabase (database and authentication infrastructure, UK-based); Stripe (payment processing); OpenAI (AI review processing — content is not used for model training); and Resend (transactional email). We do not sell your personal data to third parties.

7. International transfers

All personal data is stored in UK-based infrastructure. Where we use processors with US operations (OpenAI, Stripe), we rely on Standard Contractual Clauses and the UK's International Data Transfer Agreement to ensure adequate protection.

8. Your rights

Under UK GDPR, you have the right to: access your personal data; correct inaccurate data; request deletion; restrict processing; data portability; and object to processing. To exercise these rights, contact us at privacy@regoakplatform.com. You also have the right to lodge a complaint with the ICO.

9. Cookie policy

We use the following cookies: Essential cookies (required for the platform to function — cannot be disabled); Analytics cookies (used to understand how visitors use our website — only set with your consent); and Preference cookies (used to remember your settings — only set with your consent). You can manage your cookie preferences using the banner that appears on your first visit.

10. Contact

For privacy enquiries, contact our Data Protection Officer at privacy@regoakplatform.com or write to us at our registered address.