Privacy Policy
Last updated: 28 May 2026
This policy explains what personal data ConforAI processes when you use this website, why, and the rights you have under applicable privacy laws including the EU/UK GDPR, Canada’s PIPEDA and Québec Law 25, and the California CCPA/CPRA.
Contents
1. Who is responsible
The controller for personal data processed via this website is:
c/o Signature Jungfernstieg, Große Bleichen 1-3, Office No. 203 (ResCo-work06)
20354 Hamburg, Germany
Commercial register: HRB 189387, Amtsgericht Hamburg
Email: [email protected]
2. What data we process
a. When you visit the site
Our infrastructure and content-delivery provider (Cloudflare) automatically processes technical connection data — including your IP address, browser type, referring page, and timestamps — to deliver the site securely and defend against attacks. This is standard server/CDN log data.
b. When you request a demo
The "Book a demo" form prepares an email from your own mail application to [email protected]. When you send it, we receive the details you entered — your name, work email, company, preferred time, and any notes — in order to respond and arrange the demo.
c. When you take the AI literacy readiness assessment
The assessment runs in your browser: your answers are scored locally and any PDF report is generated on your device. If you choose to provide your details (name, work email, company, role, country) to receive follow-up, we process them to contact you about your results and our services.
d. Preferences
We store your chosen interface language in your browser's local storage so the site remembers it on your next visit. This stays on your device and is not transmitted to us. See our Cookie Policy.
3. Purposes and legal bases
| Purpose | Legal basis (Art. 6(1) GDPR) |
|---|---|
| Delivering and securing the website | Legitimate interests (lit. f) — operating a safe, functional site |
| Responding to demo requests and enquiries | Steps prior to a contract (lit. b) and/or legitimate interests (lit. f) |
| Following up on assessment results you submit | Consent (lit. a) and/or legitimate interests (lit. f) |
| Complying with legal obligations | Legal obligation (lit. c) |
4. Recipients and third parties
We use a small number of service providers who process data on our behalf or whose resources the site loads:
- Cloudflare — CDN, DNS and security/proxy for this domain (processes connection data and IP addresses).
- Google Fonts — web fonts are loaded from Google servers, which receives your IP address when fonts are fetched.
- jsDelivr / cdnjs (Cloudflare) — front-end libraries (styling and PDF generation) are loaded from these public CDNs.
- Email — when you contact us, your message is processed through our email provider.
We do not sell personal data, and we do not use advertising or cross-site tracking.
5. Data residency and international transfers
For customer accounts, we host data in the region you select at onboarding — the EU (AWS Frankfurt), the US (AWS US-East), the UK (AWS London), Canada (AWS Canada Central), or Asia-Pacific (AWS Singapore) — and it does not leave that region without your instruction. For this website, some providers above may process data outside your region (for example in the United States), safeguarded by EU/UK European Commission's Standard Contractual Clauses, or the EU–Canada adequacy decision for transfers to Canada. You can request information about the safeguards in place by emailing us.
6. Retention
We keep enquiry and demo-request data only as long as needed to handle your request and for a reasonable follow-up period, then delete or anonymise it unless a legal retention obligation applies. Server/CDN security logs are kept for a short period by our provider. Assessment answers processed in your browser are not retained by us unless you submit your details for follow-up.
7. Your rights
Your rights depend on where you are located:
- EU / EEA (GDPR) and UK (UK GDPR / DPA 2018): access, rectification, erasure, restriction, objection, data portability, and withdrawal of consent. You may lodge a complaint with a supervisory authority — in Germany, the Hamburg Commissioner for Data Protection and Freedom of Information (Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit); in the UK, the Information Commissioner’s Office (ICO).
- Canada (PIPEDA & Québec Law 25): access to and correction of your personal information and withdrawal of consent. You may complain to the Office of the Privacy Commissioner of Canada or the Commission d’accès à l’information du Québec.
- California / US (CCPA / CPRA): the right to know, delete, and correct, and to opt out of “sale” or “sharing.” We do not sell or share personal information as defined by the CCPA, and we will not discriminate against you for exercising your rights.
To exercise any right, email [email protected].
8. Security
The site is served over HTTPS. We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse. No method of transmission over the internet is completely secure, but we work to protect your information.
9. Changes
We may update this policy from time to time. The "last updated" date above reflects the current version. Material changes will be made clear on this page.
This policy describes the current processing for the conforai.com website. For data processing under a customer agreement, see our Data Processing Agreement. Questions: [email protected].