What is KlarvoEngine?

KlarvoEngine is Klarvo's regulatory intelligence engine. It analyses your AI system through a 3-pass classification pipeline and produces an article-cited compliance memo with obligations, deadlines, and recommended controls — in under 60 seconds.

What is the EU AI Act?

The EU AI Act (Regulation 2024/1689) is the world's first comprehensive AI regulation. It classifies AI systems by risk level and imposes obligations on providers and deployers of AI systems operating in the EU.

Any organisation that provides or deploys AI systems affecting people in the EU — regardless of where the organisation is based. This includes websites with AI chatbots, companies using AI analytics, and businesses integrating AI models into their products.

Prohibited AI practices have been enforceable since February 2025. GPAI model obligations since August 2025. Article 50 transparency and most remaining obligations apply from August 2, 2026.

What are the penalties?

Up to €35 million or 7% of global turnover for prohibited practices. Up to €15 million or 3% for transparency and other violations. For SMEs, the penalty is whichever amount is lower.

GDPR Compliance

Our Commitment to GDPR

Klarvo is fully committed to compliance with the General Data Protection Regulation (GDPR). As a platform designed to help organizations manage EU AI Act compliance, we understand the importance of robust data protection practices.

How We Support Your GDPR Compliance

Beyond our own compliance, Klarvo is designed to help you meet your GDPR obligations:

Data Inventory: Track what data your AI systems process
DPIA Integration: Link AI assessments to existing DPIAs
Documentation: Maintain records of processing activities
Audit Trails: Complete logging for accountability

Your Rights as a Data Subject

Under GDPR, you have the following rights regarding your personal data:

Right of Access (Article 15)

You can request a copy of the personal data we hold about you. We will provide this within 30 days of your request.

Right to Rectification (Article 16)

If your personal data is inaccurate or incomplete, you can request that we correct or complete it.

Right to Erasure (Article 17)

You can request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for its original purpose.

Right to Restriction (Article 18)

You can request that we restrict processing of your data in certain circumstances, such as when you contest its accuracy.

Right to Data Portability (Article 20)

You can request your data in a structured, commonly used, machine-readable format and have it transmitted to another controller.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer:

Email: dpo@klarvo.io
Subject line: "GDPR Rights Request"
Address: Open Digital WEB LTD, 36 Tyndall Court, Lynchwood Business Park, Peterborough, PE2 6LR, United Kingdom

We will respond to your request within 30 days. If we need more time (up to 60 additional days for complex requests), we will inform you.

Lawful Bases for Processing

We process personal data based on the following lawful bases:

Purpose	Lawful Basis
Providing the Service	Contract Performance (Art. 6(1)(b))
Account security	Legitimate Interest (Art. 6(1)(f))
Service improvements	Legitimate Interest (Art. 6(1)(f))
Marketing communications	Consent (Art. 6(1)(a))
Legal compliance	Legal Obligation (Art. 6(1)(c))

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and ensuring compliance with GDPR.

Email: dpo@klarvo.io

Data Processing Agreement

For customers who process personal data through our platform, we provide a Data Processing Agreement (DPA) that meets GDPR requirements for controller-processor relationships.

International Transfers

Your data is primarily stored within the European Economic Area. For any transfers outside the EEA, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR. You can contact your local data protection authority or the authority where we are established.

Related Policies

Contact Us

For any GDPR-related questions or concerns:

Data Protection Officer: dpo@klarvo.io
General Privacy Inquiries: privacy@klarvo.io
Address: Open Digital WEB LTD, 36 Tyndall Court, Lynchwood Business Park, Peterborough, PE2 6LR, United Kingdom