Privacy policy

How komplai handles personal data on this website and in our products. Version 1.0 — published 19 May 2026.

2026-05-19

Data controller

The data controller for komplai's website and free tools is Progressify ApS, CVR no. 40351981, with offices in Denmark. Contact at hej@komplai.dk. For customers under a master agreement, the customer is the data controller for their own processing; komplai is the data processor. See the Data Processing Agreement tab for the terms.

What we collect

The contact form on the website collects name, email and an optional free-text message. If you sign in to a komplai product (hub, docs, templates) we store the email and name from your identity provider (Zitadel or your own IdP via SAML/OIDC), plus the documents and settings you create yourself. We store IP addresses in access logs for up to 30 days for operations and abuse protection. The website uses no third-party cookies; we set only technical cookies strictly necessary for sessions (the Auth.js session cookie). The free text redactor at redact.komplai.dk stores no input — the text is processed in memory and discarded immediately.

Purpose and legal basis

Contact enquiries: legitimate interest (GDPR art. 6(1)(f)) — being able to respond to you. Product use (hub/docs/templates): performance of a contract (art. 6(1)(b)) when you have entered into one; legitimate interest for prospects. Operations, troubleshooting and abuse protection: legitimate interest (art. 6(1)(f)). We do not process special categories (art. 9) on this website.

Retention and deletion

Contact-form enquiries: kept for at most 2 years after the last communication. Access logs: 30 days. Product data (under master agreement): defined in the DPA; default is deletion or return on contract termination plus a 30-day grace period. Backups rotate with 30-day retention and are then auto-deleted.

Your rights

You have the right to access, rectification, erasure, restriction of processing, data portability and objection per GDPR art. 15–21. Write to hej@komplai.dk — we respond within 30 days. If you are a customer and data controller, your data subjects' requests normally route through you; we support you as processor per the DPA.

How to complain

You can complain to the Danish Data Protection Agency (Datatilsynet), Carl Jacobsens Vej 35, 2500 Valby, Denmark. Email dt@datatilsynet.dk, phone +45 33 19 32 00. We encourage reaching out to us first — most things can be resolved faster directly.

Where data lives

All primary processing happens on our own servers at Hetzner Online GmbH in Falkenstein, Germany. Backup snapshots reside in the same location (Hetzner DE). On-prem LLM (DGX Spark) is located at our offices, not at a hyperscaler. If you actively select an external AI provider (Anthropic, OpenAI, Mistral and others) in your settings, data is sent to that provider's servers — this is your active choice and is documented as an additional sub-processor. The default choice is the local model, and no data leaves the EU.

Web analytics

We measure visits and usage of komplai's sites with our own, in-house analytics — built by us and running on our Hetzner server in Germany. No third parties involved, no Google Analytics, no Meta Pixel. It's cookie-free — no visitor identifier is stored in your browser. Our server derives a daily visitor hash from IP + User-Agent + an internal salt solely to count unique visits per day; the salt rotates at midnight (UTC) and on every server restart, so the hash cannot be tied back to a specific visitor. No information leaves the EU.