Last updated: April 22, 2026
Conclavik is a closed-access analytical tool operated by Altanest SAS, a company registered in France. This policy describes how we collect, use, and protect your personal data when you, as an existing authorised user, use the Conclavik service (conclavik.com and its API).
Under the EU General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:
We do not sell your personal data. We do not use your submitted questions to train AI models. Questions are processed by third-party AI providers (Anthropic, OpenAI, Google, xAI) according to their respective API terms of service.
Account data is retained as long as your account is active. You have full control over your data:
Deleted data is permanently removed from our servers and cannot be recovered. Server logs (containing IP addresses) are retained for 30 days for security purposes. Cryptographic attestation records, which contain only content hashes, processing parameters, and digital signatures (no question text or analysis content), are retained indefinitely to support compliance verification, even after content deletion.
We share data with the following third-party processors, each bound by data processing agreements:
When you submit a query, Conclavik transmits the question text and routing parameters to four large language model providers under their paid commercial API tiers: Anthropic, OpenAI, Google, and xAI (all United States). We do not transmit your account email, payment data, or other directly identifying information to these providers. Where your query itself contains personal data, that content is transmitted as part of the prompt; you are responsible for the content you submit.
Anthropic, OpenAI, and Google contractually do not train models on customer API content under their commercial terms. xAI's published Grok API terms do not contain an explicit no-training commitment; we rely on the absence of identifying information in standard query bodies and monitor changes to its terms.
The Customer is the data controller for any personal data submitted within queries. Conclavik acts as data processor with respect to such input data, processing it solely to execute the requested multi-model analysis. Conclavik acts as data controller for system data (account information, billing records, request logs).
Your account data and analysis results are stored on servers in Germany (EU). Question content is transmitted to AI providers whose servers are located in the United States; these transfers rely on the Standard Contractual Clauses (SCCs) and equivalent safeguards under GDPR Art. 46 incorporated in each provider's commercial terms.
Under the EU General Data Protection Regulation, you have the right to:
To exercise any of these rights, contact us at the address below.
You also have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), the French data protection authority, at cnil.fr, or with any other competent EU supervisory authority.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the CNIL within 72 hours of becoming aware of the breach, as required by GDPR Art. 33. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay (GDPR Art. 34), describing the nature of the breach, its likely consequences, and the measures taken to address it.
Conclavik does not make automated decisions that produce legal effects or similarly significantly affect you (GDPR Art. 22). The AI analysis outputs are informational tools provided for your consideration; they do not constitute binding decisions, and no automated profiling of users is performed.
Authentication is managed by Clerk SSO. All traffic is encrypted via TLS (HTTPS). API keys are generated with cryptographically secure random generators. Sensitive data is encrypted at rest with AES-256. API endpoints are protected by rate limiting to prevent abuse. Access to infrastructure is restricted to authorized personnel only.
Clerk SSO sets a small number of strictly necessary cookies required to maintain your authenticated session; under Article 82 of the French Data Protection Act and CNIL guidance, these are exempt from prior consent. We do not use advertising or third-party tracking cookies. For audience measurement we run a self-hosted Umami instance which does not set cookies, does not fingerprint users, and stores no IP addresses (only a hashed country-level signal).
Conclavik is not directed at children and is intended for users aged 18 and over. We do not knowingly collect personal data from children under 16 (the age of digital consent in France under Article 8 GDPR / Art. 45 LIL). If you believe we have done so, contact contact@conclavik.com for deletion.
Altanest SAS
SIREN: 877 916 916 · TVA: FR67 877 916 916
20 Rue Guillaume Fichet, 74000 Annecy, France
Email: contact@conclavik.com