Privacy Policy
Overview
Conformy is a compliance tool for the EU AI Act. We take your privacy seriously and collect only the data necessary to provide the service. This policy explains what we collect, why, and your rights.
What we collect
When you use Conformy, we may collect the following personal data:
- Email address โ used for authentication (passwordless login).
- Document data โ the information you enter when generating compliance documents. This may include descriptions of your AI systems.
- Basic usage data โ pages visited, features used, and technical information such as browser type. This helps us improve the service.
What we do not collect
We do not collect card or other payment details. Credits are purchased as a one-off via an invoice we send by email, which you pay through your normal bank or accounting routines. We never see or store any card information.
How we use your data
We use your data to:
- Provide the service โ generate and store your compliance documents.
- Authenticate your account via login links.
- Improve the service based on aggregated, anonymized usage patterns.
We do not sell, rent, or share your personal data with third parties for marketing purposes.
Third-party services
We use the following categories of third-party services to operate Conformy:
- Hosting provider โ our servers are hosted within the EU/EEA.
- AI/LLM provider โ when generating compliance documents, your input is sent to a large language model provider. We only send the data necessary for document generation.
We choose providers that offer adequate data protection and, where possible, EU-based data processing.
Cookies
Conformy uses only essential cookies required for authentication and session management. We do not use tracking cookies or third-party advertising cookies.
Data retention
Your account data and documents are retained for as long as your account is active. If you delete your account, your data will be removed within 30 days. Anonymized, aggregated usage data may be retained indefinitely.
Your rights
Under the GDPR, you have the right to:
- Access โ request a copy of the personal data we hold about you.
- Correction โ request that we correct inaccurate data.
- Deletion โ request that we delete your account and associated data.
- Data portability โ request your data in a machine-readable format.
To exercise any of these rights, contact us at [email protected].
Contact
Questions about this privacy policy? Contact us at [email protected].