Last updated: April 1, 2026
Duey Compliance, Inc. · California, United States · privacy@getduey.com
Your privacy matters to Duey Compliance. This Privacy Policy explains what information we collect, how we use and protect it, and the choices available to you — including your rights under the California Consumer Privacy Act (CCPA/CPRA) and other applicable state laws.
Duey Compliance, Inc. ("Duey," "we," "us," or "our") operates the Duey Compliance platform accessible at getduey.com and through related mobile applications and APIs (collectively, the "Service" or "Platform"). This Privacy Policy describes our practices for collecting, using, disclosing, and protecting personal information and business information in connection with your use of the Service.
This Policy applies to:
This Policy does not apply to the practices of third parties that we do not own or control, or to individuals that we do not employ or manage, except as described herein.
When you create an account, use the Service, or communicate with us, you may provide the following categories of information:
When you access or use the Service, we and our service providers automatically collect:
We may collect or receive information about you or your business from:
The nature of compliance management means we may collect sensitive business information, including details about regulatory violations, pending investigations, government notices, and financial information. We treat this information with heightened care and use it only as necessary to provide and improve the Service.
We use the information we collect primarily to operate and deliver the Service, including:
We use your contact information to communicate with you about:
You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by adjusting your notification preferences in your account settings. Transactional and operational communications (e.g., receipts, security alerts, critical compliance reminders) may continue even if you opt out of marketing.
We use aggregated, de-identified data derived from user behavior and business profiles to analyze trends, understand how the Service is used, measure the effectiveness of features, and conduct compliance research. This de-identified data may be used or shared for research or business purposes without restriction.
We may use your information to:
We do not sell your personal information to third parties for their own marketing purposes. We share information only in the following circumstances:
We share information with vendors and service providers who perform functions on our behalf, such as:
These service providers are contractually obligated to protect your information and use it only for the purposes we specify.
To verify your business profile and surface compliance obligations, the Service queries public government databases and registries. This is done on your behalf to provide the Service and does not constitute a disclosure of your data to those agencies beyond what you independently have on record.
If you choose to connect with a compliance professional through the Platform (e.g., a CPA, attorney, or licensing consultant from our referral network), we will share relevant business profile and compliance data with that professional at your direction. Such professionals are independently responsible for the data you share with them.
We may share aggregated, de-identified information that cannot reasonably be used to identify you or your business for industry research, marketing, analytics, or other lawful purposes.
If Duey undergoes a merger, acquisition, restructuring, bankruptcy, or sale of all or substantially all of its assets, your information may be transferred as part of that transaction. We will notify you by email and/or prominent notice on the Platform in advance of any such transfer and describe your choices at that time.
We may disclose your information if we believe in good faith that such disclosure is necessary to:
We may share your information for any other purpose with your explicit consent.
We retain personal and business information for as long as necessary to provide the Service, fulfill the purposes described in this Policy, and comply with legal obligations:
| Data Category | Retention Period |
|---|---|
| Active account data | Duration of subscription + 2 years after account closure |
| Compliance and permit records | Up to 7 years (consistent with applicable statute of limitations) |
| Billing records | 7 years (tax and accounting purposes) |
| Log and usage data | Up to 13 months in identifiable form, then aggregated or deleted |
| Marketing opt-out records | Indefinitely, to honor your preferences |
After applicable retention periods, we will securely delete or anonymize your information. You may request earlier deletion of certain data as described in Section 8 (Your Privacy Rights).
| Cookie Type | Purpose | Can Be Disabled? |
|---|---|---|
| Strictly Necessary | Authentication, security, session management | No |
| Functional | Language preferences, remembered settings | Yes |
| Analytics | Usage analysis, performance improvement (e.g., Google Analytics) | Yes |
| Marketing / Attribution | Campaign effectiveness measurement | Yes |
Most browsers allow you to control cookies through settings. You can also opt out of certain analytics and marketing cookies through our Cookie Preference Center, accessible via the "Cookie Settings" link in the footer of our website. Note that disabling strictly necessary cookies will impair your ability to use the Platform.
To opt out of Google Analytics tracking specifically, you may install the Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout.
Some browsers offer a "Do Not Track" (DNT) feature. Our Platform does not currently respond to DNT signals because there is no industry consensus on how such signals should be interpreted. We will revisit this position as standards evolve.
We implement commercially reasonable administrative, technical, and physical security measures designed to protect your information against unauthorized access, disclosure, alteration, or destruction. These measures include:
No method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your information, we will notify you as required by applicable law.
California residents have comprehensive privacy rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). Residents of other states have additional rights that we honor as Duey expands nationally.
| Right | What It Means |
|---|---|
| Right to Know | Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection and use, and the categories of third parties with whom we have shared it. |
| Right to Delete | Request deletion of personal information we have collected about you, subject to certain exceptions (e.g., completing transactions, legal obligations, security). |
| Right to Correct | Request correction of inaccurate personal information we maintain about you. |
| Right to Opt Out of Sale or Sharing | We do not sell personal information. To the extent our use of analytics cookies could be considered "sharing" under the CPRA, you may opt out via our Cookie Preference Center. |
| Right to Limit Sensitive Data Use | Limit our use of sensitive personal information (including government ID numbers) to what is necessary to provide the Service. |
| Right to Non-Discrimination | We will not discriminate against you for exercising any CCPA/CPRA right — no service denial, different pricing, or reduced quality of service. |
As Duey expands operations nationally, we recognize and honor privacy rights established by other state laws, including:
To submit a privacy request:
We will verify your identity before processing your request by confirming the email address associated with your account and, for sensitive requests, asking for additional verification. We will respond to verifiable consumer requests within forty-five (45) days of receipt. If we require additional time (up to an additional 45 days), we will notify you of the extension and the reason.
If we decline to take action on your privacy rights request, you may appeal our decision by emailing privacy@getduey.com with the subject line "Privacy Rights Appeal" within thirty (30) days of receiving our response. We will respond to your appeal within sixty (60) days. California residents who remain unsatisfied may contact the California Privacy Protection Agency at cppa.ca.gov.
The Service is not directed to individuals under the age of eighteen (18), and we do not knowingly collect personal information from children under 18. If we learn that we have inadvertently collected personal information from a child under 18 without verifiable parental consent, we will take steps to delete that information as quickly as possible. If you believe we may have collected information from a child under 18, please contact us at privacy@getduey.com.
The Service is operated in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, which may have data protection laws that differ from those in your country. By using the Service, you consent to the transfer of your information to the United States. We will implement appropriate safeguards for any cross-border data transfers as required by applicable law.
Much of the data we collect relates to your business rather than to you as an individual. We apply the full protections of this Privacy Policy to all data we collect, whether it primarily describes an individual or a business, out of an abundance of caution and respect for your privacy.
If you use the Service on behalf of a business and provide information about other individuals (such as adding authorized users or uploading documents that contain employee information), you represent and warrant that you have the authority to share such information with us and that such sharing complies with applicable law, including any applicable employment laws.
The Service uses automated processes, including machine learning algorithms, to match your business profile to applicable compliance obligations, prioritize compliance risks, and generate recommendations. These automated processes do not make legally significant decisions about you as an individual. If you have concerns about how automated processing affects your compliance profile, you may contact us to request a human review.
Where we use data to train or improve AI models, we use aggregated or de-identified data that cannot reasonably be linked back to your individual business.
The Service may contain links to third-party websites, resources, and government portals. We may also offer integrations with third-party platforms. We are not responsible for the privacy practices of such third parties. We encourage you to review the privacy policies of any third-party service before sharing information with them.
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. If we make material changes, we will notify you by:
Your continued use of the Service after the effective date of the revised Policy constitutes your acceptance of the changes. The most current version of this Privacy Policy is always available at getduey.com/privacy.
Last updated: April 1, 2026 · Version 1.0