Privacy Policy
Last updated: May 11, 2026
Konklav is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR). This policy describes how we collect, use, and protect your information.
1. Data controller
Konklav is a project edited on an individual basis, intended to be operated in the future by an entity named Wenexora, whose registration is planned after the beta phase. For any question regarding your personal data, write to [email protected]. We respond within a maximum of one month in accordance with Article 12(3) of the GDPR.
2. Data collected
We collect the following data: full name, email address, usage preferences (language, theme), meeting content (messages, decisions, actions), uploaded files, and expert turn usage data.
3. Purposes of processing
Your data is used to: provide and improve the service, manage your account, generate meeting reports, track quota usage, and contact you if necessary.
4. Legal bases for processing
In accordance with Article 6 of the GDPR, the processing of personal data by Konklav is based on the following legal bases:
| Processing | Legal basis (Art. 6 GDPR) | Justification |
|---|---|---|
| Creation and management of the user account | Performance of the contract (Art. 6.1.b) | Necessary to provide the service |
| Authentication and session security | Performance of the contract (Art. 6.1.b) | Necessary for secure operation |
| Running AI meetings (sending messages to agents, generating reports) | Performance of the contract (Art. 6.1.b) | Core of the service subscribed to by the user |
| Storage and export of meeting reports | Performance of the contract (Art. 6.1.b) | Feature requested by the user |
| Tracking of tokens consumed per meeting | Legitimate interest (Art. 6.1.f) | Quota management and billing, proportionate to the user's expectations |
| Sending transactional emails (confirmation, password reset) | Performance of the contract (Art. 6.1.b) | Necessary for account management |
| Sending marketing emails / newsletter | Consent (Art. 6.1.a) | Explicit opt-in required, withdrawable at any time |
| Strictly necessary cookies | Legitimate interest (Art. 6.1.f) | Technical operation of the site, exempt from consent (Art. 82 French Data Protection Act) |
| Service improvement and anonymised usage analysis | Legitimate interest (Art. 6.1.f) | Aggregated data, minimal impact on privacy |
When processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal. When processing is based on legitimate interest, you have the right to object at any time by contacting us at: [email protected]
5. Retention period
Your data is retained as long as your account is active. After account deletion, your data is erased within 30 days, unless legally required to retain it.
6. Your GDPR rights
You have the following rights: access to your data, rectification, erasure (right to be forgotten), portability, restriction of processing, and objection. To exercise these rights, contact [email protected] or use the account deletion feature in settings.
7. Subprocessors
We rely on the following subprocessors: Supabase (application hosting and database, European Union, AWS eu-west-1); Anthropic, PBC (Claude language model for response generation, United States). When you converse with a Konklav agent, your prompt is transmitted to Anthropic for processing. This transfer outside the European Union is governed by the European Commission's Standard Contractual Clauses (SCC). Anthropic is contractually committed to not retaining your requests beyond processing and to not using them to train its models.
8. Cookies and local storage
Konklav uses essential cookies for authentication and preferences (language, theme). No tracking or advertising cookies are used. LocalStorage is used for interface preferences.
9. Security
We implement appropriate technical and organizational measures: data encryption in transit (HTTPS/TLS), role-based access control (RLS), secure authentication, and regular audits.
10. Complaint to the supervisory authority
In accordance with Article 77 of the GDPR, if you believe that the processing of your personal data constitutes a violation of the regulation, you have the right to lodge a complaint with the competent supervisory authority. This right may be exercised at any time, without prejudice to any other administrative or judicial remedy.
Commission Nationale de l'Informatique et des Libertés (CNIL)
3 Place de Fontenoy - TSA 80715
75334 Paris Cedex 07
Phone: 01 53 73 22 22
Website: https://www.cnil.fr
Complaint form: https://www.cnil.fr/fr/plaintes