The EU AI Act high-risk obligations are now in force.

Privacy Policy

Last updated: 10 March 2026

Who we are

Janus Compliance is an AI governance consultancy operated by Michael Onyekwere. We build compliant AI systems and provide data protection advisory services for businesses in Ireland, the United Kingdom, and Nigeria.

Contact: If you have questions about this policy or your data, contact us through our contact form.

What data we collect

We collect the following personal data:

  • Contact form submissions: Your name, email address, service interest, budget range, and any additional information you provide in your message. Collected via Formspree.
  • Analytics data: Anonymous usage data including pages visited, time on site, device type, and approximate location (country/city level). Collected via Google Analytics 4.
  • Cookies: See our Cookie Policy for details.

We do not collect sensitive personal data. We do not buy or sell personal data.

Why we collect it (legal basis)

Under GDPR Article 6, we process your data on the following bases:

  • Consent — for analytics cookies (you can opt out at any time).
  • Legitimate interest — for contact form data, to respond to your enquiry and provide you with relevant information about our services.
  • Contract performance — if you become a client, to deliver the services you've engaged us for.

How we use your data

  • To respond to your enquiry within 24 hours
  • To provide a quote for services you've requested
  • To deliver contracted services
  • To improve our website and understand how visitors use it
  • To comply with legal obligations

We will never use your data for automated decision-making or profiling.

Who we share it with

We share your data only with the following processors:

  • Formspree — processes contact form submissions. Data stored in the US under Standard Contractual Clauses.
  • Google Analytics — processes anonymised usage data. Google LLC, US, under Standard Contractual Clauses.
  • Vercel — hosts our website. Vercel Inc, US, under Standard Contractual Clauses.

We do not share your data with any other third parties, advertisers, or data brokers.

International transfers

Some of our processors are based in the United States. Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission and the UK Information Commissioner's Office.

How long we keep it

  • Contact form data: 2 years from last contact, then deleted.
  • Client project data: 6 years after project completion (legal requirement).
  • Analytics data: 14 months (Google Analytics default retention).

Your rights

Under GDPR and the UK Data Protection Act 2018, you have the right to:

  • Access — request a copy of the data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your data
  • Restriction — ask us to limit how we use your data
  • Portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — for any processing based on consent

To exercise any of these rights, contact us via our contact form. We will respond within 30 days.

Complaints

If you're not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Changes to this policy

We may update this policy from time to time. Any changes will be posted on this page with an updated "last updated" date. We will not reduce your rights under this policy without your explicit consent.