top of page

Privacy Policy

Privacy Policy

NH Process Solutions, LLC
Website: https://nhprosol.org
Product: https://doicomply.ai

​

Effective Date: Feb. 2026
 

 

1. Introduction

NH Process Solutions, LLC (“NH Process Solutions,” “we,” “us,” or “our”) operates the DoIComply.ai platform (“Platform”). We are committed to protecting your privacy and complying with applicable data protection laws, including:

  • EU General Data Protection Regulation (GDPR)

  • UK GDPR

  • California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)

  • Other applicable U.S. state privacy laws

This Privacy Policy explains how we collect, use, store, disclose, and protect personal data.

 

2. Data Controller

For purposes of GDPR and similar laws:

Data Controller:
NH Process Solutions, LLC
3355 Lenox Road, Atlanta, Georgia, USA
Email: privacy@nhprosol.org

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your data in accordance with GDPR principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

 

3. How Our Infrastructure Works

DoIComply.ai uses a distributed architecture:

  • AWS operates only as the compute environment (application server).

  • Neon PostgreSQL stores persistent database records.

  • Google Cloud Storage stores generated PDF reports.

  • Stripe processes payments.

  • OpenAI API provides AI analysis of publicly available website content.

AWS does not store persistent personal data.

 

4. Categories of Personal Data Collected

A. Account Information

  • Username

  • Email address

  • Password (secure irreversible hash)

  • First and last name (optional)

  • Profile image URL (optional)

Legal Basis (GDPR): Contractual necessity (Art. 6(1)(b))
Purpose: Account creation, authentication, and access to services

B. Compliance Scan Data

  • Website URLs submitted

  • Selected regulatory options (GDPR, CCPA, EU AI Act, etc.)

  • Selected U.S. states

  • Compliance scores

  • Issue counts and severity levels

  • Scan timestamps and duration

Legal Basis: Contractual necessity
Purpose: Provide compliance analysis services

 

C. Compliance Findings & Evidence

  • Issue descriptions

  • Regulatory references

  • Risk levels

  • Remediation recommendations

  • Screenshots of scanned pages

  • Extracted publicly available policy text

  • Cookie analysis results

Legal Basis: Contractual necessity
Purpose: Deliver audit and reporting functionality

 

D. Reports

  • Generated PDF audit reports

  • Report configuration settings

Legal Basis: Contractual necessity

 

E. Session & Technical Data

  • Login session tokens (secure HTTP-only cookies)

  • Temporary cached website content (24-hour expiration)

  • Temporary AI analysis cache (cleared on restart)

Legal Basis: Legitimate interest (service security and performance optimization)

 

F. Payment Information

Payments are processed exclusively by Stripe.
We do not store payment card information.

Legal Basis: Contractual necessity

 

5. Sources of Personal Data

We collect personal data:

  • Directly from you (account creation, URL submission)

  • From publicly accessible websites submitted for scanning

  • From payment transactions processed via Stripe

We do not purchase personal data from brokers.

 

6. How We Use Personal Data

We use personal data to:

  • Provide and maintain the Platform

  • Authenticate users

  • Conduct compliance scans

  • Generate audit reports

  • Improve service accuracy

  • Process payments

  • Prevent fraud and ensure security

  • Comply with legal obligations

We do not sell personal data.

 

7. Data Sharing & Disclosure

We may share personal data with the following service providers:

Provider

Purpose

Data Processed

Neon (PostgreSQL)

Database hosting

All persistent user and scan data

Google Cloud Storage

File storage

PDF audit reports

OpenAI API

AI analysis

Public website content submitted for scanning

Stripe

Payment processing

Payment transaction data

All vendors operate under contractual data protection obligations.

We do not sell or share personal data for behavioral advertising under CPRA definitions.

 

8. International Data Transfers

Data may be processed in the United States.

Where GDPR applies, international transfers are safeguarded using:

  • Standard Contractual Clauses (SCCs)

  • Vendor contractual data protection commitments

  • Encryption in transit and at rest

 

9. Data Retention

Data Type

Retention Period

Account data

Until account deletion

Scan results

Until deleted by user or account termination

Reports

Until deleted by user

Session tokens

1 week

Website content cache

24 hours

Temporary AI memory cache

Cleared on restart

We retain data only as long as necessary for business or legal purposes.

 

10. Security Measures

We implement industry-standard safeguards including:

  • scrypt password hashing

  • Encrypted database connections (TLS)

  • Secure HTTP-only cookies

  • Role-based access controls

  • Environment-variable credential protection

  • Access-controlled report storage

  • Limited AI data exposure (public content only)

No system is 100% secure; however, we maintain reasonable technical and organizational safeguards.

 

11. Your Privacy Rights

A. GDPR Rights (EEA/UK Residents)

You have the right to:

  • Access your personal data (Art. 15)

  • Rectify inaccurate data (Art. 16)

  • Erase data (“Right to be Forgotten,” Art. 17)

  • Restrict processing (Art. 18)

  • Data portability (Art. 20)

  • Object to processing (Art. 21)

  • Withdraw consent (where applicable)

To exercise rights: privacy@nhprosol.org
Response timeframe: 30 days

You may lodge complaints with your supervisory authority.

 

B. CCPA / CPRA Rights (California Residents)

California residents have the right to:

  • Know what personal information we collect

  • Access specific pieces of personal information

  • Request deletion

  • Correct inaccurate information

  • Opt out of sale or sharing (we do not sell/share)

  • Limit use of sensitive personal information (we do not process SPI beyond login credentials)

To submit a request: privacy@nhprosol.org
Verification may be required.

We will not discriminate against users for exercising privacy rights.

 

12. Children’s Privacy

Our services are not directed to children under 16. We do not knowingly collect personal data from minors.

 

13. Cookies & Tracking

We use:

  • Essential session cookies (authentication)

  • Security-related cookies

We do not use third-party behavioral advertising cookies.

 

14. Automated Decision-Making

DoIComply.ai uses AI-assisted compliance analysis.
Results are advisory and do not constitute legal advice.

No automated decisions produce legal or similarly significant effects on individuals under GDPR Article 22.

 

15. Account Deletion

Users may delete accounts by contacting privacy@nhprosol.org.
Upon deletion:

  • Account data is removed

  • Scan history is deleted

  • Reports are deleted

  • Temporary caches expire automatically

 

16. Changes to This Policy

We may update this Privacy Policy periodically.
Changes will be posted with a revised effective date.

 

17. Contact Information

NH Process Solutions, LLC
3355 Lenox Road
Atlanta, Georgia
United States

Email: privacy@nhprosol.org

 

CPRA Disclosure Summary

  • We do not sell personal information.

  • We do not share personal information for cross-context behavioral advertising.

  • We do not use sensitive personal information beyond the scope of our service functionality.

  • We do not use personal information for profiling with legal or significant effects.

bottom of page