Legal
Privacy policy
Effective 1 July 2026 · Conformery
This explains what personal data Conformery collects, why, and what we do with the documents you upload. It is written in plain English; if anything here is unclear, email us and we will clarify or fix the wording.
Information we collect
When you create an account we store your email address and an authentication record managed by our database provider (we never see or store your raw password). When you use the product we store the product details you enter (name, SKU, category, target markets and the attribute answers you give), the checklist items generated from them, and any notes you add.
If you upload documents to your vault (test reports, signed declarations, technical files) we store the file and the metadata you attach to it. If you contact support we keep the content of that conversation so we can help you and follow up.
We also collect basic technical data automatically: your IP address, browser and device type, and request timestamps. This is standard web-server logging, kept to run the service reliably and to investigate abuse; it is not combined with advertising profiles.
How we use your information
We use your data to run the service you signed up for: authenticating you, generating and updating your checklists, storing your vault documents, watching deadlines that affect your tracked products, and generating your Declaration of Conformity. We use it to respond when you contact support, and to keep the service secure and stop abuse.
We do not use your account data or uploaded documents to train any model, and we do not sell personal data to anyone.
Your uploaded documents
Vault documents are private to your account. We do not show them to other users, publish them, or share them with anyone outside our team, and only access them ourselves if you ask us to for a support request. Deleting a document or your account removes it from live storage; residual copies in backups age out on our normal backup rotation.
Payments and sub-processors
Stripe handles all payment processing for the Pro plan; we never see or store your card number. We use a small number of sub-processors to run the service: our database and authentication provider, our hosting provider, and Stripe for billing. Each only receives the information it needs to do its job, for example your email address and plan for billing.
Cookies
We use essential cookies: a session cookie that keeps you signed in, and a small preferences cookie. Neither is used to track you across other websites. We do not use third-party advertising cookies or ad trackers, and we do not need your consent for cookies that are strictly necessary for the service to work.
Security
Data is encrypted in transit between your browser and our servers, and our database and storage providers encrypt data at rest. Access to production data is limited to the small team that operates Conformery and is scoped to what each person's role needs.
Data retention, deletion and your rights
We keep your data while your account is active. Email us to access, correct, export or delete your data; we will action deletion requests promptly, aside from records we are required to keep for tax, accounting or legal reasons. You can also delete your own products, checklist items and vault documents at any time from inside the app.
Children
Conformery is a business tool and is not directed at children. We do not knowingly collect personal data from anyone under 16.
International transfers
Our database, hosting and payment providers may process data in countries other than yours. Where that happens we rely on the safeguards those providers make available, such as their own data-processing agreements and standard contractual clauses.
Changes to this policy
If we make material changes to this policy we will update the effective date above and, where the change is significant, let account holders know by email.
Governing law and contact
This policy is governed by the laws of England and Wales. For any question about your data, email hello@conformery.com.