Your privacy matters to us

Compliance Services: Generate EU AI Act documentation, risk assessments, and declarations of conformity specific to your AI systems.

Account Management: Maintain your account, process payments, and provide customer support.

Legal Obligations: Comply with applicable laws and respond to legal requests from authorities.

Service Improvement: Analyze usage patterns to enhance our platform and develop new features.

Communication: Send important updates about your compliance status, deadlines, and service changes.

Location: Your data is stored in EU-based servers through our hosting partner Supabase, ensuring compliance with data residency requirements.

Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Passwords are hashed using industry-standard algorithms.

Access Controls: Strict access controls ensure only authorized personnel can access your data, and only when necessary for support or service delivery.

Audit Trails: We maintain detailed logs of all data access and modifications, with tamper-proof SHA-256 hashing for compliance evidence.

Backups: Regular encrypted backups are maintained for disaster recovery, with automatic deletion after 35 days.

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

Service Providers: Trusted partners who assist in operating our platform (hosting, payment processing, customer support) under strict confidentiality agreements.

Legal Requirements: When required by law, court order, or to protect our rights and safety or that of others.

Business Transfers: In the event of a merger, acquisition, or sale of assets, with advance notice to users.

With Your Consent: Any other sharing will only occur with your explicit consent.

As a data subject under GDPR, you have the following rights:

• Right of Access: Request a copy of all personal data we hold about you
• Right to Rectification: Correct any inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
• Right to Restrict Processing: Limit how we use your data in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to certain types of data processing
• Right to Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, contact us at privacy@conformly.com.

Account Data: Retained while your account is active and for 7 years after closure for tax and legal purposes.

Compliance Documents: Stored for 2 years after account closure to allow you time to download your documentation.

Audit Logs: Maintained for 6 years to comply with accountability requirements under various regulations.

Marketing Data: Deleted immediately upon unsubscribe or account deletion.

We use minimal, essential cookies to:

• Keep you logged in during your session
• Remember your preferences and settings
• Analyze website performance and usage patterns

We do not use advertising cookies or share data with advertising networks. You can control cookie settings through your browser preferences.

We may update this privacy policy to reflect changes in our practices or applicable laws. We will:

• Please check for updated policies at the top of of this page.
• We may, at our discretion, notify users of material changes via email or other communication methods.
• Continued use of our services after the updated policy is posted constitutes your acceptance of the changes

For any privacy-related questions or requests: