Shopping Cart

No products in the basket.

Shopping Cart

No products in the basket.

Privacy & GDPR Notice

Last Updated: 09/06/2025

1. Introduction

Acorn Star Limited, trading as CompliWizard (“CompliWizard,” “we,” “us,” or “our”), is committed to respecting your privacy and safeguarding your personal data. This Privacy & GDPR Notice explains how we collect, process, store, and protect your information in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

Under GDPR, CompliWizard acts as the Data Controller for personal data collected when you sign up for our Service, visit our website, or otherwise interact with us.

3. Personal Data We Collect

  1. Account & Contact Information

    • Registration: When you create an account, we collect your name and email address.

    • Communication & Marketing: We may use your name and email address to send you updates, marketing offers, newsletters, and information related to the Service. You can opt out of marketing emails at any time by following the unsubscribe link in any such email.

  2. AI-Generated Form Inputs

    • Strong Advice Not to Include Personal Data: When you use our AI-driven forms, we strongly advise you not to include any personal data (especially that which could identify an individual) or any other sensitive information (e.g., health details, financial information, etc.).

    • Third-Party Processing: The text you enter into these forms is sent to OpenAI GPT or similar large language model services for processing and generation of draft compliance documents. This means any data you input may be transferred to and processed by OpenAI (or a similar provider).

    • User Responsibility: By choosing to enter personal information into our AI question fields, you acknowledge that you do so voluntarily and at your own risk. CompliWizard is not responsible for any personal or sensitive data you choose to provide in these form fields.

  3. Payment Information

    • If you subscribe to a paid plan, payment details are typically handled by a secure third-party payment processor (e.g., Stripe, PayPal). We do not store your full payment card details on our systems.

  4. Limited Usage Data

    • We may collect minimal technical information about your visit to our Site (e.g., server logs) for security and operational purposes. We do not actively use invasive analytics or profiling technologies.

4. Purpose and Legal Basis for Processing

  1. Provision of Service

    • Contractual Necessity (GDPR Art. 6(1)(b)): We use your registration data to create and manage your account, provide you access to AI document generation, and facilitate our paid services.

  2. Communications & Marketing

    • Consent (GDPR Art. 6(1)(a)): We rely on your explicit opt-in to send you marketing and promotional communications. You can withdraw consent at any time.

  3. Technical & Security Measures

    • Legitimate Interests (GDPR Art. 6(1)(f)): We may process minimal usage data to maintain the security and proper functioning of our Site and Service.

  4. Compliance & Legal Obligations

    • Legal Obligation (GDPR Art. 6(1)(c)): We may be required to retain certain data for tax, audit, or regulatory compliance.

5. Data Sharing and Transfers

  1. OpenAI GPT or Similar Providers

    • AI Processing: Any text you submit in the questionnaire fields is sent to our AI provider to generate draft documents. The AI provider acts as a separate data controller or processor for that text, depending on its policies. We strongly discourage submitting any personal or sensitive information in those fields.

  2. Service Providers

    • Hosting & Infrastructure: We use reputable hosting providers within the EEA (or with GDPR-compliant safeguards) to store your account information.

    • Payment Processors: For paid subscriptions, we use third-party processors (e.g., Stripe, PayPal) who adhere to strict PCI-DSS standards.

    • Email/Marketing Services: If we use an email marketing platform, it processes your email address on our behalf strictly for sending communications you have consented to.

  3. Legal Obligations

    • We may disclose data if required to do so by law or court order, or when we believe disclosure is necessary to protect our rights, user safety, or comply with legal obligations.

6. International Transfers

  • If we transfer data outside the European Economic Area (EEA), we ensure an adequate level of protection via Standard Contractual Clauses (SCCs) or equivalent measures approved by the European Commission.

7. Data Retention

  1. Account Data:

    • We retain your name and email address as long as you have an active account with us or as needed to provide the Service.

    • Upon account deletion, we will delete or anonymize your personal data unless we are legally required to retain it for a longer period.

  2. AI Inputs:

    • Generally, we do not store the text you input into the forms beyond what is necessary to generate and deliver your documents. However, the AI provider (OpenAI or similar) may retain some or all of the content for a limited time to train or improve its models, depending on their policies. Refer to OpenAI’s own privacy policy for details.

  3. Payment Records:

    • We retain payment records to comply with tax and financial regulations, typically for 6 years, unless a longer period is required by local law.

8. Your Rights Under GDPR

Subject to GDPR and other applicable data protection laws, you have the right to:

  • Access: Request a copy of the personal data we hold about you.

  • Rectification: Correct any inaccuracies in your personal data.

  • Erasure (“Right to be Forgotten”): Ask us to delete your personal data under certain conditions.

  • Restriction of Processing: Request that we limit the processing of your data.

  • Data Portability: Obtain your personal data in a structured, commonly used, machine-readable format.

  • Object: Object to certain processing activities on grounds relating to your particular situation.

  • Withdraw Consent: If processing is based on consent (e.g., marketing), you may withdraw consent at any time.

To exercise these rights, please contact us at [insert contact email]. We will respond within one month, subject to any applicable extensions permitted by law.

9. Security Measures

  • We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

10. Children’s Privacy

  • Our Service is not directed at individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can remove it.

11. Changes to This Notice

  • We may update this Privacy & GDPR Notice from time to time. The “Last Updated” date at the top indicates when it was revised. Continued use of our Service after such revisions constitutes acceptance of the updated Notice.

12. Contact Us

If you have any questions regarding this Notice, wish to exercise your rights, or have concerns about our privacy practices, please email us at support @ acornstar dot com

You also have the right to lodge a complaint with the Irish Data Protection Commission or your local supervisory authority if you believe we are infringing data protection rights.