Privacy Policy

This Privacy Policy explains how RECOSA collects, uses, and protects personal data when you use our website and AI-powered regulatory compliance platform.

1. Who we are

RECOSA (“we”, “us”, “our”) is an AI-powered regulatory compliance platform operated by Fabrice Fonder, sole trader, based in Belgium. Contact: contact@recosa.eu. Website: https://recosa.eu.

2. What RECOSA does

RECOSA is a compliance co-pilot that helps SMEs understand and work towards compliance with EU regulations including GDPR, NIS2, and the EU AI Act. The platform provides AI-powered compliance Q&A, gap assessments, document generation, website compliance audits, regulatory monitoring, and alerts.

3. Personal data we may collect

Depending on how you interact with RECOSA, we may collect contact details, company information, account information, billing information, platform usage data, submitted compliance questions, generated document inputs, website audit inputs, and technical data such as IP address, device information, browser type, and log data.

4. How we use personal data

We use personal data to provide and improve the RECOSA platform, answer enquiries, manage accounts and subscriptions, process payments, generate compliance outputs requested by users, monitor service performance, prevent misuse, comply with legal obligations, and communicate important service updates.

5. AI processing and important limitation

RECOSA uses AI systems to interpret publicly available regulatory texts and guidance, answer compliance questions, assess gaps, and generate documents. AI outputs may contain errors or omissions and are for informational and guidance purposes only. RECOSA is not a law firm and does not provide legal advice. Important compliance documents should be reviewed by a qualified legal professional before use.

6. Legal bases for processing

We process personal data where necessary to perform a contract with you, respond to pre-contractual enquiries, comply with legal obligations, pursue legitimate interests such as service security and improvement, or where you have given consent, for example for optional communications.

7. Sharing and processors

We may share personal data with service providers that help us operate RECOSA, such as hosting, analytics, payment, email, support, and AI infrastructure providers. We do not sell personal data. Where required, we use appropriate data processing agreements and safeguards.

8. Retention

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, including account management, legal compliance, dispute resolution, security, and legitimate business records. Retention periods may vary depending on the type of data and applicable legal requirements.

9. Your rights

Subject to applicable law, you may have the right to access, correct, delete, restrict, object to processing of, or request portability of your personal data. You may also withdraw consent where processing is based on consent. To exercise these rights, contact us at contact@recosa.eu.

10. Security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. No online service can guarantee absolute security, but we work to maintain appropriate safeguards for the nature of the data processed.

11. Availability and changes

We may update or modify the RECOSA service and this Privacy Policy from time to time. If we make material changes, we will notify registered users where appropriate. The latest version will always indicate the date it was last updated.

12. Governing law

This Privacy Policy is governed by Belgian law, without prejudice to any mandatory rights you may have under the law of your country of residence.

13. Contact

For any questions about this Privacy Policy or how RECOSA handles personal data, contact us at contact@recosa.eu. Address: Belgium.