Conformy

Privacy Policy

Overview

Conformy is a compliance tool for the EU AI Act. We take your privacy seriously and collect only the data necessary to provide the service. This policy explains what we collect, why, and your rights.

What we collect

When you use Conformy, we may collect the following personal data:

  • Email address — used for authentication (passwordless login).
  • Document data — the information you enter when generating compliance documents. This may include descriptions of your AI systems.
  • Basic usage data — pages visited, features used, and technical information such as browser type. This helps us improve the service.

What we do not collect

We do not collect payment information directly. If you purchase a subscription, payments are processed by our third-party payment provider, who acts as the Merchant of Record. We never see or store your credit card details.

How we use your data

We use your data to:

  • Provide the service — generate and store your compliance documents.
  • Authenticate your account via login links.
  • Improve the service based on aggregated, anonymized usage patterns.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Third-party services

We use the following categories of third-party services to operate Conformy:

  • Hosting provider — our servers are hosted within the EU/EEA.
  • AI/LLM provider — when generating compliance documents, your input is sent to a large language model provider. We only send the data necessary for document generation.

We choose providers that offer adequate data protection and, where possible, EU-based data processing.

Cookies

Conformy uses only essential cookies required for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

Data retention

Your account data and documents are retained for as long as your account is active. If you delete your account, your data will be removed within 30 days. Anonymized, aggregated usage data may be retained indefinitely.

Your rights

Under the GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request that we correct inaccurate data.
  • Deletion — request that we delete your account and associated data.
  • Data portability — request your data in a machine-readable format.

To exercise any of these rights, contact us at [email protected].

Contact

Questions about this privacy policy? Contact us at [email protected].