Last updated: April 22, 2026
Conclavik is operated by Altanest SAS, a company registered in France. This policy describes how we collect, use, and protect your personal data when you use the Conclavik API and website (conclavik.com).
When you submit an early access request, we collect your email address, professional role, company name, intended use case, and referral source. This data is used solely to evaluate your application and may be forwarded to our internal communication tools for processing.
Under the EU General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:
We do not sell your personal data. We do not use your submitted questions to train AI models. Questions are processed by third-party AI providers (Anthropic, OpenAI, Google, xAI) according to their respective API terms of service.
Account data is retained as long as your account is active. You have full control over your data:
Deleted data is permanently removed from our servers and cannot be recovered. Server logs (containing IP addresses) are retained for 30 days for security purposes. Cryptographic attestation records, which contain only content hashes, processing parameters, and digital signatures (no question text or analysis content), are retained indefinitely to support compliance verification, even after content deletion.
We share data with the following third-party processors, each bound by data processing agreements:
When you submit a query, Conclavik transmits the question text and a small set of routing parameters (model identifier, temperature, system prompt, jurisdiction flags) to four large language model providers operating under enterprise API terms: Anthropic (United States), OpenAI (United States), Google (United States, Vertex AI / Gemini API), and xAI (United States, Grok API). We do not transmit your account email, payment data, or other directly identifying information to these providers. Where your query itself contains personal data, that content is transmitted as part of the prompt; you are responsible for the content you submit.
Each of the four providers is engaged under a paid commercial API tier whose terms restrict the use of customer content for model training:
Conclavik does not store any training-related opt-in flag on your behalf, and we do not negotiate exceptions to these baseline terms. We rely exclusively on each provider's commercial tier; we do not submit user queries through any free, consumer, or trial-tier endpoint that would carry weaker protections. We do not retain copies of provider responses outside the analysis record stored under your account, which is governed by §4 of this policy.
The Customer is the data controller for any personal data submitted within queries. Conclavik acts as data processor with respect to such input data, processing it solely to execute the requested multi-model analysis. Conclavik acts as data controller for system data (account information, billing records, request logs). Conclavik offers a Data Processing Agreement to enterprise customers on request. Contact contact@conclavik.com to initiate. Material changes to AI provider terms will be reflected in this Privacy Policy within 30 days of becoming aware.
The following processors are activated only when you enable their data jurisdiction on the analysis page:
No data is sent to any jurisdiction you have not explicitly enabled. Chinese providers are subject to the Personal Information Protection Law (PIPL) of the People's Republic of China.
Conclavik provides a data jurisdiction filter that lets you control which regions process your analysis queries. By default, only US-based providers are active. You may enable additional jurisdictions (EU, China) before each analysis.
The jurisdiction filter is a client preference tool designed to help you manage data flows. It is not a legal guarantee of data residency or regulatory compliance. We recommend consulting your own legal counsel for specific regulatory requirements.
For clients requiring strict data residency guarantees, dedicated deployment options are available. Contact us at contact@conclavik.com.
Your questions are processed by AI providers whose servers may be located outside the European Economic Area (EEA), including in the United States. These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent safeguards under GDPR Art. 46, as incorporated in each provider's data processing agreements. Specifically: Anthropic, OpenAI, Google, and xAI each maintain data processing terms that include EU-approved transfer mechanisms. Your account data and run results remain stored on servers in Germany (EU). Only the question content is transmitted to AI providers during processing, and API-tier usage means your data is not used for model training by these providers.
When Chinese jurisdiction models are enabled by you, query data is transmitted to providers in the People's Republic of China. Standard Contractual Clauses (SCCs) are in place where applicable. You explicitly opt in to each jurisdiction via the analysis interface.
Under the EU General Data Protection Regulation, you have the right to:
To exercise any of these rights, contact us at the address below.
You also have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), the French data protection authority, at cnil.fr, or with any other competent EU supervisory authority.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the CNIL within 72 hours of becoming aware of the breach, as required by GDPR Art. 33. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay (GDPR Art. 34), describing the nature of the breach, its likely consequences, and the measures taken to address it.
Conclavik does not make automated decisions that produce legal effects or similarly significantly affect you (GDPR Art. 22). The AI analysis outputs are informational tools provided for your consideration; they do not constitute binding decisions, and no automated profiling of users is performed.
Authentication is managed by Clerk SSO. All traffic is encrypted via TLS (HTTPS). API keys are generated with cryptographically secure random generators. Sensitive data is encrypted at rest with AES-256. API endpoints are protected by rate limiting to prevent abuse. Access to infrastructure is restricted to authorized personnel only.
Authentication tokens are stored in localStorage on the dashboard. Clerk SSO sets a small number of strictly necessary cookies required to establish and maintain your authenticated session: typically __session (the signed session JWT, ~1h rolling lifetime), __client_uat (last-auth-time signal used to synchronise sessions across tabs), __clerk_db_jwt (development-only database session) and CSRF protection tokens. These cookies are essential for the service to function and, under Article 82 of the French Data Protection Act and CNIL guidance, are exempt from prior consent. We do not use advertising cookies or third-party tracking cookies. For audience measurement, we operate a self-hosted instance of Umami Analytics on analytics.conclavik.com, running entirely on Altanest infrastructure. No data is shared with third parties. Umami does not set cookies, does not fingerprint users, and does not track users across sites. IP addresses are hashed at collection for approximate country-level attribution and are not stored. In line with CNIL guidance, this anonymous audience measurement is exempt from prior consent requirements.
Conclavik is not directed at children. The service is intended for users aged 18 and over, and you must confirm you meet this age requirement when creating an account. We do not knowingly collect personal data from children under 16 (the age of digital consent in France under Article 45 of the French Data Protection Act, giving effect to Article 8 GDPR). If we become aware that we have collected personal data from a user under 16 without appropriate parental consent, we will delete that data and terminate the associated account without undue delay. A parent or legal guardian who believes their child has provided personal data to Conclavik may contact contact@conclavik.com to request review and deletion.
Altanest SAS
SIREN: 877 916 916 · TVA: FR67 877 916 916
20 Rue Guillaume Fichet, 74000 Annecy, France
Email: contact@conclavik.com