Privacy

Privacy Policy

What data we collect, why we collect it, and how we keep it safe.

Last updated: March 2026

By using RoleComply you agree to this policy. EU/EEA and UK users should also read our GDPR page for additional rights specific to those regions.

Who we are

RoleComply is a SaaS job-ad compliance tool operated by Philip Mahler, Copenhagen, Denmark. "We", "us", "our" refer to RoleComply. Contact: philip@rolecomply.com.

What we collect

Information you give us directly

Account data: name, work email, company name, job title, password (one-way hashed — we cannot see it).
Careers page URL: your public careers page URL, used only to run compliance scans.
Payment data: billing name and address. Card numbers are processed by Stripe and never touch our servers.
Communications: messages you send via email or contact forms.

Information collected automatically

Usage data: pages visited, features used, scan runs, timestamps — to operate and improve the service.
Technical data: IP address, browser type, OS, referring URL — for security and fraud prevention.
Cookies: see our Cookies Policy for the full list.

Job posting data

When you connect a careers page, we fetch and analyse the text of your public job postings. We do not store full posting text beyond the scan session, and we do not collect personal data that may appear in job ads.

How we use it

Delivering the service: running scans, generating reports, sending violation alerts, maintaining your account.
Transactional communications: scan results, receipts, security notices — cannot be opted out of while your account is active.
Product improvement: anonymised, aggregated analytics to understand usage patterns.
Security and fraud prevention: monitoring for unusual activity and protecting the service.
Legal compliance: meeting applicable laws and responding to lawful authority requests.
Marketing (with consent): occasional product updates via email. Unsubscribe any time.

How we share it

We do not sell your data. We do not share it for third-party marketing. We share only with:

Service providers: AWS (hosting, eu-west-1), Stripe (payments), PostHog (anonymised analytics). All under data processing agreements.
Legal requirements: when required by law or valid legal process. We notify you where legally permitted.
Business transfers: in a merger or acquisition, with prior email notice.

Data retention

Account data: kept while your account is active plus 90 days post-cancellation for reactivation/export. Compliance scan logs and reports: 24 months. Payment records: 7 years (legal obligation). You may request early deletion of any data not subject to a legal hold.

Security

TLS 1.2+ in transit, AES-256 at rest, least-privilege access controls, MFA on all internal systems, and regular security reviews. We will notify you promptly if a breach affects your personal data.

Your rights

You may access, correct, or delete your account data in your account settings at any time. EU/EEA/UK users have additional rights under the GDPR — see our GDPR page.

Cookies

Essential cookies keep you logged in. Optional analytics cookies (fully anonymised) help us improve the product. Manage preferences via our cookie banner or your browser settings. Full details: Cookies Policy.

Third-party links

Our service may link to third-party sites (e.g. state agency websites). We are not responsible for their privacy practices.

Changes

We will notify you by email of material changes at least 14 days before they take effect. Continued use after the effective date constitutes acceptance.

Questions or requests?

Email us at philip@rolecomply.com — we respond within 2 business days.

RoleComply · Copenhagen, Denmark