Book demo

Website Privacy Policy

Scope

Last updated: May 29, 2026.

This Privacy Policy applies only to Conelio's publicly accessible marketing website, including the landing page, demo page, about page, imprint, and this privacy page.

It also applies to demo requests and other contact messages submitted through the website or by email. The signed-in Conelio app, training sessions, roleplays, feedback, onboarding, and organization-specific program features are not covered by this policy and are explained separately inside the app.

1. Controller

The controller responsible for personal data processed on this website is:

Dr. Timo Koch (Conelio Labs - project)
Weißenseestr. 122
81539 Munich
Germany
Email: hello@conelio.ai

Conelio is not currently required to appoint a Data Protection Officer under Art. 37 GDPR. Privacy enquiries may be sent to the email address above.

2. Website access and server logs

When you visit our website, our server processes technically necessary access data so that the website can be delivered, operated reliably, and protected against abuse. This may include in particular:

  • IP address
  • date and time of access
  • requested URL and amount of data transferred
  • referrer URL, if transmitted by your browser
  • browser type, operating system, language settings, and user agent
  • HTTP status codes and technical error data

The purposes are website delivery, technical troubleshooting, IT security, and abuse prevention. The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest is the secure, stable, and user-friendly operation of the website.

Server logs are usually stored for up to 14 days and then deleted or anonymized, unless longer retention is necessary to investigate security incidents or abuse.

3. Demo requests and contact

If you request a demo or contact us, we process the data you provide, in particular name, work email address, organization or program, message, request language, and technical metadata such as timestamp, IP address, and user agent.

We use this data to process your request, prepare a demo, ask follow-up questions, prevent form abuse, and document business communication.

The legal basis is Art. 6(1)(b) GDPR where processing is necessary to take pre-contractual steps at your request. For B2B communication, form security, and traceable handling of enquiries, the legal basis is Art. 6(1)(f) GDPR. Our legitimate interest is to handle incoming enquiries efficiently and securely.

Required fields in the demo form are necessary to process the request. Without them, we cannot meaningfully respond. Please do not include sensitive information in the message field unless it is necessary for the demo request.

4. Email communication

If you contact us by email, we process your email address, the content of your message, technical email metadata, and any additional information you voluntarily provide. The purpose is to respond to your message and document the communication.

The legal basis is Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR, depending on the content of the communication. Our legitimate interest is efficient handling of incoming communication.

5. Cookies and similar technologies

The public marketing website currently does not use analytics, advertising, or tracking cookies. Language selection is handled through the URL and not through a tracking cookie.

If technically necessary cookies or similar technologies are used, they serve only to provide an expressly requested digital service or to transmit information securely. The legal basis for access to terminal equipment is then Section 25(2) TDDDG; subsequent processing of personal data is based on Art. 6(1)(f) GDPR or, where applicable, Art. 6(1)(b) GDPR.

We use non-essential cookies or similar technologies on the marketing website only if you have given valid prior consent.

6. External links

Our website contains links to external services, in particular LinkedIn. If you click an external link, you leave our website. The respective provider is responsible for personal data processing on the destination page.

We do not embed LinkedIn plugins or comparable social-media tracking elements on the marketing website.

7. Recipients and service providers

Personal data is disclosed to recipients only where necessary for the purposes described above or where we are legally required to do so. Recipients may include:

  • hosting and infrastructure providers, currently IONOS, for website operation and server logs
  • email/SMTP providers for sending and receiving demo and contact requests
  • tax, legal, or other professional advisers where necessary to protect legal interests or comply with obligations
  • authorities or courts where we are legally required to disclose data

Where service providers process personal data on our behalf, we conclude data processing agreements under Art. 28 GDPR.

8. International data transfers

We operate the website using infrastructure in Germany. Transfers to countries outside the EU/EEA may occur in connection with support, security, or administrative services provided by internationally operating providers.

Where personal data is transferred to a third country without an adequacy decision, we rely on appropriate safeguards under Art. 46 GDPR, in particular EU Standard Contractual Clauses, or on an applicable derogation under Art. 49 GDPR.

9. Retention

We retain personal data only for as long as necessary for the relevant purposes:

  • Server logs: usually up to 14 days, unless longer retention is necessary to investigate security incidents or abuse.
  • Demo and contact requests: generally up to 12 months after the last substantive communication. If the request leads to a business relationship or statutory retention obligations apply, individual records may be retained longer, in particular under commercial and tax law.
  • Email communication: as long as necessary to process and document the matter; business-relevant correspondence may need to be retained longer under statutory requirements.

When data is no longer required and no statutory retention obligation applies, we delete or anonymize it.

10. Your rights

Subject to the GDPR, you have in particular the following rights:

  • access to personal data (Art. 15 GDPR)
  • rectification of inaccurate data (Art. 16 GDPR)
  • erasure (Art. 17 GDPR)
  • restriction of processing (Art. 18 GDPR)
  • data portability (Art. 20 GDPR)
  • objection to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR)
  • withdrawal of consent with effect for the future (Art. 7(3) GDPR), where processing is based on consent

To exercise your rights, send a message to hello@conelio.ai. We may ask you to verify your identity where necessary to process your request.

11. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

For non-public bodies in Bavaria, the competent authority is generally:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Germany
Website: https://www.lda.bayern.de/

12. No automated decision-making

No automated decision-making, including profiling within the meaning of Art. 22 GDPR, takes place on the public marketing website.

13. Changes to this policy

We may update this Privacy Policy if legal requirements, technical processes, or the website change. The current version will be published on this page.