Privacy Policy
Last updated: January 23, 2026
1. Who We Are
NordCheck is a trading name of ASKF, a company registered in France (SIREN: 992 495 960), located at 1 rue Marguerin, 75014 Paris, France.
For any privacy-related inquiries, contact us at: contact@nordcheck.ai
2. Data We Collect
We collect and process the following categories of personal data:
- Account Data: Email address, name, company name (optional) when you create an account.
- Technical Data: IP address, browser type, device information for security and service optimization.
- Payment Data: Processed securely by Stripe. We do not store credit card details.
3. Screening Data (Client Data)
Important: We act as a Data Processor for your screening queries.
- Your Data, Your Control: Names and entities you submit for screening remain your data. You are the Data Controller; we are the Data Processor acting on your behalf.
- Purpose: We process screening queries solely to provide the compliance screening service. We do not use your screening data for any other purpose.
- No Access: Our team does not access, review, or analyze your screening queries except when required for technical support (with your consent) or legal obligations.
- Audit Trail: Screening history is retained to provide you with an audit trail for your regulatory compliance records, as typically required by AML regulations.
- Encryption: All screening data is encrypted in transit (TLS) and at rest.
- DPA Available: A Data Processing Agreement is available upon request for enterprise clients.
4. How We Use Your Data
We process your personal data for the following purposes:
- To provide and maintain our compliance screening services
- To manage your account and subscription
- To communicate service updates and respond to inquiries
- To ensure security and prevent fraud
- To comply with legal obligations
5. Legal Basis for Processing
We process your data based on:
- Contract: Processing necessary to provide our services to you.
- Legal Obligation: We may retain screening records where required to help you meet anti-money laundering regulations.
- Legitimate Interest: For service improvement, security, and fraud prevention.
- Consent: For marketing communications (you can opt-out anytime).
6. Data Sharing & Sub-processors
We use carefully selected third-party service providers (sub-processors) to deliver our services:
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Supabase | Database & Authentication | πͺπΊ EU (Frankfurt) | EU hosting, GDPR compliant |
| Vercel | Website Hosting | πͺπΊ EU (Frankfurt) | EU hosting, DPA available |
| Stripe | Payment Processing | πͺπΊ EU / πΊπΈ US | EU entity, PCI-DSS certified |
| AI Service Providers | AI-powered analysis | πͺπΊ EU / πΊπΈ US | SCCs, DPA in place |
| Data & Search Providers | Sanctions, PEP & adverse media data | πͺπΊ EU / πΊπΈ US | SCCs, GDPR compliant |
We may also share data:
- Legal Requirements: When required by law, court order, or to protect our legal rights.
- Business Transfers: In case of merger, acquisition, or sale of assets (you will be notified).
We do not sell your personal data. We do not share your screening queries with other clients or use them to train AI models.
7. International Transfers
Your data is primarily stored within the European Union (Frankfurt, Germany) via our hosting provider Vercel and database provider Supabase, both configured for EU regions.
Some of our sub-processors may process data in the United States (see table above). For these transfers, appropriate safeguards apply:
- EU-based primary storage: Your account data and screening history are stored in the EU (Frankfurt).
- Sub-processor commitments: Our sub-processors (AI analysis and search data providers) maintain GDPR compliance commitments and privacy policies that include appropriate provisions for international data transfers.
- Technical Measures: All data is encrypted in transit (TLS) and at rest.
- Data minimization: Only necessary data is transmitted to sub-processors for processing.
For adverse media screening, names you submit are sent to our search provider to query publicly available news sources. This data is processed solely for the purpose of providing screening results and is not retained beyond the API request, per the provider's privacy policy.
Enterprise clients requiring formal Data Processing Agreements (DPAs) with specific contractual guarantees can contact us at contact@nordcheck.ai.
8. Data Retention
We retain your personal data for as long as necessary to provide our services and comply with legal obligations:
- Account data: Until account deletion
- Screening history: Available for your export; deleted upon account deletion or upon request
- Billing records: 10 years (French tax law)
9. Your Rights (GDPR)
Under GDPR, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data
- Portability: Receive your data in a portable format
- Objection: Object to processing based on legitimate interest
- Restriction: Limit how we use your data
To exercise these rights, contact us at contact@nordcheck.ai.
10. Cookies
We use cookies to ensure our platform functions properly. Here are the types of cookies we use:
| Cookie Type | Purpose | Duration | Required |
|---|---|---|---|
| Authentication | Keep you logged in securely | Session / 30 days | β Essential |
| Security (CSRF) | Protect against cross-site attacks | Session | β Essential |
| Preferences | Remember your settings (theme, language) | 1 year | β Essential |
| Cookie Consent | Remember your cookie preferences | 1 year | β Essential |
| Analytics | Vercel Analytics (anonymous usage statistics) | Session | βͺ Optional |
Analytics: We use Vercel Analytics to collect anonymous, aggregated usage statistics (page views, general traffic patterns). This service does not use cookies for advertising, does not track individual users across websites, and does not collect personally identifiable information.
No advertising cookies: We do not use third-party advertising cookies or sell data to advertisers.
You can manage cookies through your browser settings. Note that disabling essential cookies may prevent you from using our platform.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our platform.
12. Contact & Complaints
For any questions about this policy or our data practices, contact us at contact@nordcheck.ai.
You have the right to lodge a complaint with the French data protection authority (CNIL): www.cnil.fr