PolicyDome ("we," "us," or "our") operates the policydome.com website and the Instant GDPR Privacy Policy Checker tool (the "Service"). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data. We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy.
The data controller responsible for your personal data is PolicyDome.
Contact Details for Data Protection Officer (DPO):
Email: dpo@policydome.com
Address: kalervontie 1 b 14, Oulu, Finland
We collect and process personal data for the following specific, explicit, and legitimate purposes, as required by Article 13 of the GDPR:
This purpose is fulfilled when you submit a URL to our Service. We process this data to perform a detailed analysis of the website's privacy policy. This involves crawling the publicly available content of the provided URL, extracting the privacy policy text, identifying key GDPR-related clauses and elements, and generating a compliance report. The legal basis for this specific processing activity is contractual necessity to fulfill your explicit request to use the Service. We collect the URL itself and temporarily process the publicly available text found at that URL to provide the analysis.
This involves collecting anonymized usage data and metrics to understand user interaction with our platform, such as which pages are most visited, the average session duration, and click-through rates. This helps us identify technical issues, optimize the user interface, and enhance the overall quality of our Service. The categories of data processed include anonymized IP addresses, browser type, operating system, device type, pages visited, time spent on pages, and referring URLs. The legal basis for this processing is your freely given, specific, informed, and unambiguous consent obtained via our cookie consent tool. You can withdraw your consent at any time via the cookie settings.
When you contact us via email, we process your contact information (your name, email address) and the content of your message. This data is used solely to respond to your questions, provide technical support, and manage customer service inquiries. The legal basis is our legitimate interest in maintaining effective customer relations and providing timely support. We have conducted a legitimate interest assessment (balancing test) and determined that our interest in responding to your direct inquiries does not override your fundamental rights and freedoms, as the processing is limited to what is necessary to fulfill your request and you have a reasonable expectation that we will process your data for this purpose.
We process technical data, such as anonymized IP addresses and device information, to monitor for and prevent security threats, unauthorized access, and fraudulent use of our Service. This includes analyzing traffic patterns to detect potential cyberattacks or misuse. The legal basis for this is our legitimate interest in protecting our business, our users, and the integrity of our platform. Our legitimate interest assessment found that this processing is essential for the security of our Service and the data we process, and the impact on your privacy is minimal as the data is technical and we use anonymization where possible.
When you use our Service, we may collect the following types of information:
When you use our checker tool, you provide us with a URL. Our system processes the publicly available text content of that website to generate the compliance report. We do not store the full content of your website long-term, nor do we retain any sensitive personal data found on the crawled page. We only retain the URL and the generated compliance report for a maximum of 30 days. This retention is for the operational purpose of allowing you to access the report for a reasonable period and for us to perform internal quality control checks on the analysis results.
We collect information on how the Service is accessed and used. This includes your IP address (anonymized), browser type and version, the pages of our Service that you visit, the time and date of your visit, and other diagnostic data. This is collected with your explicit consent via cookies managed by Google Analytics. To anonymize IP addresses, we apply an anonymization technique that masks the last octet (e.g., 192.168.1.xxx) before being stored, thereby preventing direct identification of the user.
If you contact us via email, we will retain your email address and any other personal data you provide in your message to respond to your inquiry. This data is retained only for the duration of the communication and for a specific period of up to 12 months after the resolution of the inquiry to manage customer relations and for legal and accounting purposes.
Under GDPR, you have the following data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
To exercise any of these rights, please follow these steps:
Send a clear and detailed request to our Data Protection Officer at dpo@policydome.com. Please include "Data Subject Request" in the subject line. In your email, specify which right you wish to exercise (e.g., Right to Access, Right to Erasure) and provide sufficient information to verify your identity. We may require additional information to confirm you are the data subject associated with the data.
Upon receiving your request, we will verify your identity. Our expected response time is within one month of receiving your request. This period may be extended by up to two additional months if the request is complex or we receive a number of requests. We will inform you of any such extension within one month of receiving your request.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you have the right to lodge a complaint with a supervisory authority.
A specific breakdown of your rights and their application:
You have the right to request a copy of the personal data we hold about you. This is also known as a Data Subject Access Request (DSAR).
You have the right to have your information rectified if that information is inaccurate or incomplete. We will update your data upon request.
You have the right to request the deletion of your personal data from our systems. We will erase your data upon your request. Note that this right is not absolute and may not be executable if we are required to retain your data for legal obligations. For example, we may be required by law to retain certain records for tax or accounting purposes for a specific period, even after you have requested their deletion.
You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format to transfer it to another data controller.
If our processing is based on your consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent. You can withdraw your consent for cookies via our cookie banner or settings.
You have the right to lodge a complaint with a supervisory authority. The relevant supervisory authority for data protection in Finland is the Office of the Data Protection Ombudsman. You can find their contact details on their official website.
We do not sell your personal data. We may share your data with the following categories of third-party service providers who assist us in operating our website and providing the Service. All these third parties are bound by strict confidentiality and data protection obligations and act as our data processors under Article 28 of the GDPR.
We use Vercel to host our website and its services. Your data is processed and stored within the European Economic Area (EEA) on their secure servers. Vercel utilizes sub-processors, such as Amazon Web Services (AWS) and Google Cloud Platform (GCP). For a full list of Vercel's sub-processors, please refer to their official documentation.
We use Google Analytics to analyze website usage. This data is anonymized where possible before being processed. Data is transferred to the United States. We have entered into Standard Contractual Clauses (SCCs) with Google to ensure an adequate level of data protection. For a list of Google's sub-processors and more information on their data processing, please see their official policies.
We use a third-party service, such as Mailchimp, to manage customer inquiries and communications. Data is processed within the EEA. For a full list of Mailchimp's sub-processors, please refer to their official documentation.
If we transfer personal data outside the European Economic Area (EEA), we will ensure that the transfer is safeguarded by appropriate measures. For data transfers to the United States (for analytics services), we rely on the implementation of Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection in line with GDPR requirements. In compliance with the Schrems II legal context, we have conducted a Transfer Impact Assessment (TIA) to evaluate the laws and practices of the third country (the United States) and have concluded that the legal safeguards, combined with our technical and organizational measures, provide an essentially equivalent level of data protection to that of the EEA. You can obtain a copy of the SCCs and a summary of our TIA by making a request to our DPO at dpo@policydome.com.
We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. Specifically:
Retained for a maximum of 30 days for operational purposes, then automatically deleted.
Retained for a maximum of 26 months for analytical purposes, then anonymized.
Retained for the duration of the communication and for a period of up to 12 months after the inquiry is resolved to manage customer relations and comply with legal obligations, such as tax and accounting laws.
We have implemented appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:
We use cookies and similar tracking technologies to track the activity on our Service. Cookies are files with a small amount of data that may include an anonymous unique identifier. We use a cookie banner to obtain your explicit and freely given consent for non-essential cookies. You can manage your cookie settings at any time to withdraw your consent. For a detailed list of the cookies we use, please refer to our Cookie Policy.
We do not use your personal data for automated decision-making or profiling in a way that produces legal effects concerning you or similarly significantly affects you.
We may update our Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the "last updated" date. We will also notify registered users of significant changes via email.
Your trusted partner for simplifying GDPR and other data privacy regulations.
© 2025 PolicyDome. All Rights Reserved.