ConcAI
Back to home
Legal document

Privacy Policy

Last updated: 7 April 2026

1. Data Controller

ConcAI di Manuel Concari — Tax ID: CNCMNL99C20L885Z — Via Rio Faellano 1027, 41054 Marano sul Panaro (MO), Italy — Email: info@conca.ai
Tel.: +39 389 683 7534 — Website: conca.ai

Note
For any request regarding your personal data, contact the data controller directly at the email address above. Requests are processed within 30 days.

2. Data Collected

We collect the following personal data:

  • Registration data: email, name (optional)
  • Payment data: processed by Stripe/PayPal (we do not store card data)
  • Business data: name, address, phone, photos, reviews entered in the form
  • Navigation data: technical cookies, IP address (anonymised)
  • Referral data: affiliate code, IP hash for deduplication (no raw IP)

3. Purposes of Processing

  • Creation and management of user account
  • Generation of the requested website
  • Payment processing
  • Sending transactional emails (order confirmation, site ready)
  • Management of the affiliate programme
  • Service improvement

4. Legal Basis

Processing is based on: contract performance (requested service), consent (non-essential cookies, email marketing), legitimate interest (security, fraud prevention).

5. Third-Party Services

  • Supabase Inc. (USA) — database and authentication; data on EU-West servers; safeguard: SCC (EU Dec. 2021/914)Privacy Policy
  • Stripe Inc. (USA) — payments, PCI DSS Level 1; EU entity: Stripe Payments Europe Ltd. (Ireland); safeguard: DPF + SCCPrivacy Policy
  • Vercel Inc. (USA) — hosting of the conca.ai platform; safeguard: DPF + SCC (EU Dec. 2021/914)Privacy Policy
  • Netlify Inc. (USA) — hosting of client demo sites; safeguard: DPF + SCC (EU Dec. 2021/914)Privacy Policy
  • Anthropic PBC (USA) — Claude AI model (site generation); zero data retention on commercial APIs, data is not used to train AI models; safeguard: SCC + DPFPrivacy Policy
  • Google LLC (USA) — Places API, Business Profile; safeguard: DPF + SCC (EU Dec. 2021/914)Privacy Policy
  • Aruba S.p.A. (Italy) — domain registration and management; data in EUPrivacy Policy
  • Google LLC (USA) — reCAPTCHA v3 (anti-spam protection); collects IP and behavioural data; safeguard: DPF + SCC (EU Dec. 2021/914)Privacy Policy
  • Zoho Corporation (India/USA) — SMTP for transactional emails (no-reply@conca.ai); EU entity: Zoho B.V. (Netherlands); safeguard: SCC + DPFPrivacy Policy

The list of data processors may be updated periodically. The latest version is always available on this page.

Transparency
All third-party providers are selected for their GDPR compliance and European data protection regulations.

6. Data Retention

Data is retained for the duration of the contractual relationship and for the subsequent 10 years as required by Italian tax law. Demo site data is deleted after 15 days from creation, following confirmation. The user may request early deletion at any time.

7. Data Subject Rights (GDPR)

Pursuant to the GDPR (EU Regulation 2016/679), you have the right to: access, rectification, erasure, restriction, portability and objection.

How to exercise your rights
Send a request to info@conca.ai. We will respond within 30 days of receipt.

8. Cookies

We use essential technical cookies and, with prior consent, analytical cookies. See our Cookie Policy for details.

9. International Data Transfers

Some services (Vercel, Stripe, Anthropic) may transfer data to the USA on the basis of Standard Contractual Clauses (SCC) approved by the European Commission.

Questions about privacy?Contact us at info@conca.ai — we will respond within 30 days as required by the GDPR.