Conclavik

Privacy Policy

Last updated: March 20, 2026

Conclavik is operated by Altanest SAS, a company registered in France. This policy describes how we collect, use, and protect your personal data when you use the Conclavik API and website (conclavik.com).

1. Data We Collect

  • Account data: email address and authentication profile (managed by Clerk SSO), API key.
  • Usage data: questions submitted to the API, model selections, timestamps, and run consumption.
  • Payment data: processed by Stripe. We do not store credit card numbers. We store Stripe customer IDs and transaction records.
  • Technical data: IP addresses in server logs (retained for 30 days), request metadata.

When you submit an early access request, we collect your email address, professional role, company name, intended use case, and referral source. This data is used solely to evaluate your application and may be forwarded to our internal communication tools for processing.

2. Legal Basis for Processing

Under the EU General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

  • Contractual necessity (Art. 6(1)(b)): processing your account data, API usage, and payments is necessary to provide the service you requested.
  • Legitimate interest (Art. 6(1)(f)): processing technical data (IP addresses, request metadata) for security, fraud prevention, and service improvement.
  • Legal obligation (Art. 6(1)(c)): retaining transaction records as required by French tax and commercial law.

3. How We Use Your Data

  • To provide and operate the Conclavik API service.
  • To process payments and manage your account balance.
  • To detect abuse, prevent fraud, and maintain security.
  • To improve our service and fix issues.

We do not sell your personal data. We do not use your submitted questions to train AI models. Questions are processed by third-party AI providers (Anthropic, OpenAI, Google, xAI) according to their respective API terms of service.

4. Data Retention & Deletion

Account data is retained as long as your account is active. You have full control over your data:

  • Delete individual runs: remove any consensus run and its results from your dashboard at any time.
  • Delete your account: permanently erase your account, all runs, results, and payment history via the dashboard ("Danger Zone").

Deleted data is permanently removed from our servers and cannot be recovered. Server logs (containing IP addresses) are retained for 30 days for security purposes.

5. Third-Party Processors

We share data with the following third-party processors, each bound by data processing agreements:

  • Clerk (authentication) โ€” manages user sign-in, session tokens, and OAuth flows.
  • Stripe (payments) โ€” stripe.com/privacy
  • Anthropic, OpenAI, Google, xAI (AI model providers) โ€” questions are sent to these providers for processing via their APIs.
  • Hetzner (hosting) โ€” servers located in Germany (EU).
  • Resend Inc. โ€” transactional email delivery (analysis report notifications).

6. International Data Transfers

Your questions are processed by AI providers whose servers may be located outside the European Economic Area (EEA), including in the United States. These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent safeguards under GDPR Art. 46, as incorporated in each provider's data processing agreements. Specifically: Anthropic, OpenAI, Google, and xAI each maintain data processing terms that include EU-approved transfer mechanisms. Your account data and run results remain stored on servers in Germany (EU). Only the question content is transmitted to AI providers during processing, and API-tier usage means your data is not used for model training by these providers.

7. Your Rights (GDPR)

Under the EU General Data Protection Regulation, you have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Request deletion of your data.
  • Export your data in a portable format.
  • Object to or restrict processing.

To exercise any of these rights, contact us at the address below.

You also have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertรฉs (CNIL), the French data protection authority, at cnil.fr, or with any other competent EU supervisory authority.

8. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the CNIL within 72 hours of becoming aware of the breach, as required by GDPR Art. 33. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay (GDPR Art. 34), describing the nature of the breach, its likely consequences, and the measures taken to address it.

9. Automated Decision-Making

Conclavik does not make automated decisions that produce legal effects or similarly significantly affect you (GDPR Art. 22). The AI consensus outputs are informational tools provided for your consideration โ€” they do not constitute binding decisions, and no automated profiling of users is performed.

10. Security

Authentication is managed by Clerk SSO. All traffic is encrypted via TLS (HTTPS). API keys are generated with cryptographically secure random generators. Sensitive data is encrypted at rest with AES-256. API endpoints are protected by rate limiting to prevent abuse. Access to infrastructure is restricted to authorized personnel only.

11. Cookies

We use one strictly necessary cookie (NEXT_LOCALE) to remember your language preference, with a duration of one year. Authentication tokens are stored in localStorage on the dashboard. Clerk SSO may set additional cookies required for authentication sessions. We do not use tracking cookies, advertising cookies, or third-party analytics.

12. Contact

Altanest SAS
SIREN: 877 916 916 ยท TVA: FR67 877 916 916
20 Rue Guillaume Fichet, 74000 Annecy, France
Email: contact@conclavik.com