Sign in

Privacy policy

Last updated 2026-05-20

Compasly is a public review platform. We collect the minimum data needed to operate the service, never sell it, and give you full control over what we hold about you.

This policy explains exactly what we collect, why, how long we keep it, and how to exercise your rights under the GDPR, the UK GDPR, the California CCPA, and Russia 152-FZ.

1. Data we collect

Account data — email, optional display name, locale, country (ISO code, derived from your IP at sign-in), authentication tokens.

User-generated content — reviews, replies, claim proofs, business profile edits.

Technical data — IP address (truncated after 30 days), browser user-agent, referrer, language.

We do not collect: precise location, device IDs, biometrics, financial data, or any special-category personal data.

2. Why we process it

Operating the platform (contract): showing your reviews, sending magic-link emails, processing your business claims.

Fraud + abuse prevention (legitimate interest): rate limits, anti-bot challenges, manual moderation.

Product improvement (consent — opt-in via the cookie banner): anonymous analytics, A/B testing.

Marketing (consent): the optional newsletter you subscribe to in our footer.

3. How long we keep it

Account data: until you delete the account (or 5 years inactive, then auto-purge).

Reviews + replies: indefinitely while public, unless you ask for removal (or you delete your account — 30-day grace then cascade-delete).

Technical logs: 30 days. IP addresses are truncated to /24 (IPv4) or /48 (IPv6) before storage.

4. Who we share it with

We use a small number of processors, each bound by a DPA: Cloudflare (CDN + anti-bot Turnstile), PostgreSQL hosting (data store), Mailpit / SMTP provider (transactional email), Meilisearch (search index — hosted in the same region as the database).

We never sell your data, never share it with data brokers, and never run any kind of ad targeting.

5. Your rights

Access — download all data we hold about you via dashboard → Security → Export.

Erasure — request account deletion via dashboard → Security → Delete account. 30-day grace, then permanent cascade.

Rectification — edit your reviews + profile fields anytime.

Objection / restriction — email support@compasly.com.

Lodge a complaint — your national data-protection authority (e.g. ICO, CNIL, Roskomnadzor).

6. Contact

Data Protection Officer: support@compasly.com.

For general questions use /contact. For security issues, see /.well-known/security.txt.