LEGAL
Your privacy matters. This policy explains what data we collect, how we use it, and your rights as a user of RegenCompliance.
Last Updated: May 5, 2026
Dibb Enterprises LLC ("Company," "we," "us," or "our"), operating as RegenCompliance, provides an FDA/FTC compliance scanning platform for healthcare practices at app.regencompliance.ai. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our website and services (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.
We collect the following categories of information:
Email address, password (hashed), clinic name, and treatment types offered. This information is collected during account registration and is required to provide the Service.
Marketing text you submit for compliance scanning, along with scan results, compliance scores, flagged violations, and AI-generated rewrites. This content is stored as part of your audit trail.
Payment details are collected and processed by Stripe. We do not store your full credit card number, CVC, or other sensitive payment details on our servers. We receive only a payment confirmation, last four digits of your card, and billing address from Stripe.
Information about how you interact with the Service, including pages visited, features used, scan frequency, and timestamps. This data helps us improve the platform.
If you contact us for support, we collect the content of your support tickets, including any attachments or screenshots you provide, along with your email address and communication history. This data is used solely to resolve your support request.
RegenCompliance is a marketing compliance tool. We do not collect, access, process, or store any of the following:
HIPAA DISCLAIMER
RegenCompliance is NOT HIPAA compliant and is not designed or intended to process, store, or transmit Protected Health Information (PHI). You must not submit any content containing patient names, medical records, treatment histories, health conditions tied to identifiable individuals, or any other PHI through the Service. The Service is designed exclusively for analyzing marketing and advertising content. If you inadvertently submit PHI, contact us immediately at support@regencompliance.com so we can delete it from our systems.
We use the information we collect for the following purposes:
We use the following third-party service providers to operate the platform:
Stores your account data, scan history, and compliance records. Handles user authentication and session management. Data is encrypted at rest.
Processes all subscription payments and billing. Stripe is PCI-DSS Level 1 certified. We never store your full payment details on our servers.
Scan content you submit is sent to the Anthropic Claude API for compliance analysis and rewrite generation. Anthropic processes this data according to their API data usage policy and does not use API inputs to train their models.
Hosts the RegenCompliance web application. Vercel provides edge network delivery, serverless function execution, and aggregate Web Analytics (Speed Insights and basic page-view counts collected without third-party cookies).
Delivers transactional emails such as account confirmations, password resets, and billing notifications. Currently inactive; transactional email may be routed through GoHighLevel instead. Activated by the operator when configured.
Receives contact records and pipeline events (signup, application, subscription lifecycle, account deletion) for sales follow-up and marketing sequences. Each event is opt-in via webhook configuration; missing webhook config means no data is sent.
Infrastructure is in place for error and performance monitoring. PII (email, IP, request bodies on auth/payment paths) is scrubbed before events reach Sentry. Currently disabled; enabled only when the operator configures the Sentry DSN.
During signup and password reset, the SHA-1 prefix of the candidate password (first 5 characters) is sent to HIBP's k-anonymity API to check whether that password appears in a known breach. The full password and full hash never leave our server.
We use a minimal number of cookies to operate the Service:
| Cookie | Purpose | Duration |
|---|---|---|
| regen_demo | Demo session tracking for free compliance scans | 90 days |
| sb-* | Supabase authentication and session management | Session / persistent |
| cookie_consent | Records your cookie consent preference | 1 year |
| __stripe_* | Set by Stripe.js when you visit a checkout page or open the Customer Portal. Used for payment-fraud detection. | Session / 1 year |
| _vercel_* | Vercel infrastructure cookies (deployment routing, Speed Insights aggregation). No personal identifiers. | Session |
We do not use third-party advertising cookies, tracking pixels, or behavioral analytics cookies that share identifiable data with external parties.
Your scan history, compliance reports, and account data are retained for the duration of your active subscription. If you cancel your account, we retain your data for 30 days to allow for reactivation. After 30 days, your scan history, account data, and all associated records are permanently deleted from our systems. Anonymized, aggregated data that cannot be linked back to your account may be retained indefinitely for the purpose of improving our compliance rules.
If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):
To exercise any of these rights, contact us at support@regencompliance.com. We will respond within 30 days.
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
To exercise your CCPA rights, contact us at support@regencompliance.com.
We take the security of your data seriously. All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security). Data stored in our database is encrypted at rest through Supabase's built-in encryption. Access to production systems is restricted to authorized personnel and protected by multi-factor authentication. While no system is 100% secure, we implement industry-standard security practices to protect your information.
The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@regencompliance.com.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email and/or through an in-app notification at least 14 days before the changes take effect. The "Effective Date" at the top of this policy indicates when it was last updated. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.
For any questions about this Privacy Policy, to exercise your data rights, or to submit a data-related request, contact us at:
Dibb Enterprises LLC
Operating as RegenCompliance
Email: support@regencompliance.com
Website: app.regencompliance.ai