Skip to content
RegenCompliance

Legal

Privacy Policy

Last updated: 2026-06-01

RegenCompliance, operated by Regen Portal LLC, scans healthcare marketing copy for FDA and FTC compliance risk. This policy explains what personal data we collect, why we use it, who we share it with, how long we keep it, and the rights you have over it.

This Privacy Policy is a current working version published while our legal counsel completes final review. It accurately describes how the product handles data today. If you have a question before the final version is posted, email legal@regencompliance.ai.

1. Who we are

RegenCompliance is a software service operated by Regen Portal LLC ("RegenCompliance," "we," "us," or "our"), the controller responsible for the personal data described in this policy. Our service is available at regencompliance.ai and its application subdomain. This policy applies to that website, the application, and related communications.

2. Information we collect

We collect the following categories of personal data:

  • Account and application information. Name, email address, clinic or practice name, role, specialty, and estimated monthly marketing volume, provided when you apply, sign up, or complete onboarding.
  • Content you submit for scanning. Marketing text you paste in, and URLs you ask us to crawl. You should not submit Protected Health Information (PHI); see Section 11.
  • Billing information. A Stripe customer and subscription identifier and your subscription status. We never receive or store your full card number; payment details are handled directly by Stripe.
  • Usage and technical data. IP address and user agent (recorded in our security audit log and anonymized after 90 days), plus standard server logs.
  • Marketing attribution. Campaign source, medium, referrer, and landing path captured through our first-party attribution cookie. See our Cookie Policy.

3. How we use your information

  • Deliver the service: scan submitted content and return compliance flags, severity ratings, and suggested rewrites.
  • Create and manage your account, authenticate you, and operate your subscription.
  • Process recurring subscription payments through Stripe.
  • Provide customer support and respond to your inquiries.
  • Maintain a security and compliance audit trail.
  • Send service messages and, where you have opted in, product updates and marketing communications.

4. Legal bases for processing (EEA/UK users)

Where the EU or UK General Data Protection Regulation applies, we rely on the following legal bases:

  • Performance of a contract: providing the service, managing your account, and processing billing.
  • Legitimate interests: maintaining our audit log and securing the service against abuse and fraud.
  • Consent: sending marketing emails and newsletters, which you may withdraw at any time.
  • Legal obligation: retaining records we are required to keep, such as billing and tax records.

5. How we share your information

We do not sell your personal data. We share it only with the service providers (subprocessors) below, each engaged under a contract that limits them to processing data on our behalf, and where required by law or to protect our rights.

ProviderRoleData involved
SupabaseDatabase, authentication, and file storage (United States)Account profile, scan history, support tickets, audit log
StripePayment processing (United States)Billing identifiers and subscription status. Card details are entered directly with Stripe and never reach our servers.
GoHighLevel (HighLevel)Customer relationship management, transactional email, and marketing automation (United States)Name, email, clinic details, marketing attribution, and lifecycle events
VercelApplication hosting and content delivery (United States)IP address and standard request metadata in server logs
AnthropicAI inference for the scanner (United States)The marketing text or page content you submit for scanning. Under Anthropic's commercial terms, this content is not used to train their models.
ResendEmail delivery for one-time product announcements (United States, conditional)Email address. Used only if and when we send a broadcast announcement.

6. AI processing of scanned content

The scanner uses Anthropic's Claude API to generate compliance flags and rewrite suggestions. When you run a scan, the marketing text or page content you submit is sent to Anthropic for processing and returned to you as analysis. Under Anthropic's commercial terms, this content is not used to train their models. You remain responsible for not submitting Protected Health Information (see Section 11).

7. How long we keep your data

  • Account data: for the life of your subscription and for 90 days after cancellation (a read-only reactivation window), after which it is permanently deleted.
  • Security audit log: rolling 1-year retention, with IP addresses anonymized after 90 days.
  • Billing records: up to 7 years after the last transaction, to meet tax and accounting obligations.
  • Backups: short-rolling backups maintained by our hosting and database providers.

8. How we protect your data

We encrypt sensitive data at rest using industry-standard AES-256 encryption and protect data in transit using TLS. Access to production systems is restricted, and sensitive administrator actions require re-authentication and are recorded in an immutable audit log. No method of transmission or storage is perfectly secure, but we work to protect your data using appropriate technical and organizational measures.

9. Your rights

Depending on where you live, you may have the right to access, correct, delete, export, or restrict the processing of your personal data, to object to processing, to withdraw consent, and to lodge a complaint with your local data-protection authority.

  • Access and export. Request a machine-readable copy of your data from your account settings (Data Export) or by emailing us.
  • Deletion. Delete your account and associated data from your account settings, which also cancels your subscription.
  • Correction. Update your profile details in your dashboard at any time.
  • Withdraw consent. Unsubscribe from marketing emails using the link in any such email.

To exercise any right, email legal@regencompliance.ai. We aim to respond within 30 days. We will not discriminate against you for exercising your rights.

10. California privacy rights (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, to request deletion, to request correction, and to opt out of the sale or sharing of personal information. We do not sell or share your personal information as those terms are defined under California law. The providers listed in Section 5 act as our service providers, not as buyers of your data. You may exercise these rights using the contacts in Section 14, and you may use an authorized agent to submit a request on your behalf.

11. Health information and PHI

RegenCompliance analyzes marketing copy. It is not a HIPAA Business Associate and does not process Protected Health Information (PHI) on behalf of a covered entity. You must remove PHI from any content before submitting it for scanning. We apply an automated filter that removes obvious PHI patterns at scan time, but this is a defense-in-depth measure and not a guarantee. You are responsible for the content you submit.

12. Children's privacy

The service is intended for healthcare practitioners and marketing professionals and is not directed to children under 13. We do not knowingly collect personal data from children under 13. If we learn that we have collected such data, we will delete it.

13. International users

We operate in the United States, and our service providers are located in the United States. If you access the service from outside the United States, you understand that your data will be transferred to, stored, and processed in the United States, where data-protection laws may differ from those in your country.

14. Contact us

For privacy questions or to exercise your rights, email legal@regencompliance.ai. For account or billing support, email support@regencompliance.ai or use our contact form. Postal mail may be sent to Regen Portal LLC, [Regen Portal LLC mailing address].

15. Changes to this policy

We may update this policy as our product and legal obligations evolve. The "Last updated" date at the top reflects the most recent change. For material changes we will provide additional notice, such as an email to your verified address or a notice when you next sign in.

RegenCompliance is a product of Regen Portal LLC. This Privacy Policy is provided for informational purposes, reflects current product behavior, and does not constitute legal advice.