Skip to content
πŸš€ We're launching soon β€” Join 200+ businesses on the waitlist

Privacy Policy

Last updated: 7 May 2026

This Privacy Policy explains how EURegWatch collects, uses, and protects your personal data. We comply with the EU General Data Protection Regulation (GDPR, Regulation 2016/679) and the Austrian Data Protection Act (DSG).

1. Data Controller

EURegWatch, operated by Vladimir Cuca, Ungargasse 20, 1030 Vienna, Austria. Email: privacy@euregwatch.com. We respond to data requests within 30 days as required by GDPR.

2. What we collect, why, and on what legal basis

  • Email address β€” to send you the regulatory digest you signed up for. Legal basis: Art. 6(1)(b) β€” performance of contract; Art. 6(1)(a) for the waitlist.
  • Account profile (industry, countries) β€” to filter regulations to your business. Art. 6(1)(b).
  • Payment data β€” handled exclusively by Paddle (our Merchant of Record); we never store card details. Art. 6(1)(b).
  • Usage logs and email engagement β€” for security and delivery quality. Art. 6(1)(f) β€” legitimate interest.

3. Retention

Account data is kept for the lifetime of your account and deleted within 30 days of cancellation. Payment records are retained for 7 years per Austrian Β§132 BAO. Server logs: 30 days. Email engagement logs: 12 months. Waitlist emails: until launch + 90 days, or until you unsubscribe.

4. Third-party processors

We use Supabase (database hosting, EU West/Frankfurt), Paddle (payment + Merchant of Record), Resend (email delivery), Cloudflare (DNS, CDN), and Anthropic (AI summarisation of public legal texts). Each is bound by a Data Processing Agreement. Anthropic only receives publicly available EU legal text β€” never your personal data.

5. Your rights

Under GDPR you have the right to access, rectify, erase, restrict the processing of, port, and object to the use of your data, as well as to withdraw consent. Contact us at privacy@euregwatch.com to exercise any of these. You can also lodge a complaint with the Austrian Data Protection Authority (www.dsb.gv.at) or the supervisory authority in your country.

6. Cookies

We use the minimum number of cookies required to run the service: theme (your dark/light preference) and NEXT_LOCALE (your language preference). No advertising cookies. No third-party trackers. Paddle sets strictly necessary session cookies only on payment / checkout pages. We use Cloudflare Web Analytics for traffic measurement, which does not use cookies and does not track individuals.

7. International transfers

Account data is stored in the EU (Frankfurt). Limited transfers to non-EU processors occur only under EU Standard Contractual Clauses and the safeguards required by GDPR Chapter V.

8. Security

HTTPS (TLS 1.3) on all pages, AES-256 encrypted database at rest, Row-Level Security on all customer data tables, secrets stored in Cloudflare Workers Secrets and Supabase Vault. We will notify you within 72 hours of any personal data breach affecting your account.

9. Children

EURegWatch is a B2B service. We do not knowingly collect data from anyone under 16.

10. Changes to this policy

Material changes are notified to subscribed users by email at least 30 days before they take effect. Minor updates are reflected here with a new β€œLast updated” date.