Privacy Policy

Last updated: 3 April 2026

Who we are

Janus Compliance is an AI governance consultancy operated by Michael K. Onyekwere. We build compliant AI systems and provide data protection advisory services for businesses in Ireland, the United Kingdom, and Nigeria.

Contact: If you have questions about this policy or your data, contact us through our contact form.

What data we collect

We collect the following personal data:

  • Contact form submissions: Your name, email address, company name, role, service interest, timeline, and any additional information you provide in your message. Collected via Formspree.
  • Breach assessment tool: If you choose to receive follow-up guidance, we collect your email address and assessment results. Collected via Formspree.
  • Analytics data (consent-based): If you accept analytics cookies, we collect anonymous usage data including pages visited, time on site, device type, and approximate location. Collected via Google Analytics 4.
  • Analytics data (cookie-free): We collect anonymous page view and visitor count data without cookies or personal identifiers. Collected via Vercel Web Analytics.
  • Cookies: See our Cookie Policy for details.

We do not collect sensitive personal data. We do not buy or sell personal data.

Why we collect it (legal basis)

Under GDPR Article 6, we process your data on the following bases:

  • Consent — for analytics cookies (you can opt out at any time).
  • Legitimate interest — for contact form data, to respond to your enquiry and provide you with relevant information about our services.
  • Contract performance — if you become a client, to deliver the services you've engaged us for.

How we use your data

  • To respond to your enquiry within 48 hours
  • To provide a quote for services you've requested
  • To deliver contracted services
  • To improve our website and understand how visitors use it
  • To comply with legal obligations

We will never use your data for automated decision-making or profiling.

Who we share it with

We share your data only with the following processors:

  • Formspree — processes contact form submissions. Data stored in the US under Standard Contractual Clauses.
  • Google Analytics — processes anonymised usage data (consent-based only). Google LLC, US, under Standard Contractual Clauses.
  • Vercel — hosts our website and provides cookie-free web analytics. Vercel Inc, US, under Standard Contractual Clauses.

We do not share your data with any other third parties, advertisers, or data brokers.

International transfers

Some of our processors are based in the United States. Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission and the UK Information Commissioner's Office.

How long we keep it

  • Contact form data: 2 years from last contact, then deleted.
  • Client project data: 6 years after project completion (legal requirement).
  • Analytics data: 14 months (Google Analytics default retention).

Your rights

Under GDPR and the UK Data Protection Act 2018, you have the right to:

  • Access — request a copy of the data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your data
  • Restriction — ask us to limit how we use your data
  • Portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — for any processing based on consent

To exercise any of these rights, contact us via our contact form. We will respond within 30 days.

Complaints

If you're not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Changes to this policy

We may update this policy from time to time. Any changes will be posted on this page with an updated "last updated" date. We will not reduce your rights under this policy without your explicit consent.