Legal

Privacy Policy

Last Updated: March 2026

I. Data Controller

The controller of your personal data is Michał Majka Neurogrine, NIP (Tax ID): 6772308416, REGON: 356828551, address: 7/14 Armii Krajowej St., 30-150 Krakow, Poland (hereinafter: "Conscriba", "We","Us").

II. Legal Basis and Purpose of Processing

We process personal data in compliance with the GDPR (EU) and CCPA/CPRA (USA). Our processing is based on the necessity to perform a contract (Art. 6(1)(b) GDPR) and our legitimate interests (Art. 6(1)(f) GDPR), such as ensuring service security and preventing fraud.

  • Account Registration: We collect your email address, name, and profile data provided by Social Login providers (Google, GitHub, LinkedIn). We also process authentication cookies and temporary browser-side state required to keep you signed in and complete secure login flows.
  • Service Provision: We process data necessary to generate WebMCP interfaces and provide traffic analytics. Where the Conscriba tracking snippet is installed, the browser stores a temporary session identifier in sessionStorage so we can group events generated within the same tab session.
  • Subscription & Payments: Payments are handled by our Merchant of Record, Creem (Estonia). We process your billing information only to the extent necessary to confirm payment status and comply with tax regulations.
  • Marketing: We only send marketing communications with your explicit, verifiable consent (Opt-in).
  • Consent Management: We store your cookie consent preference in your browser's localStorage so your analytics choice persists across page loads.

III. AI Agents Data vs. Personal Data (Critical Distinction)

Conscriba specializes in monitoring the interactions of AI Agents (e.g., GPTBot, ClaudeBot, etc.) with the User's website. We draw a strict line between personal data and machine data:

  1. Machine Data: Identifiers of bots, timestamps, tool calls, and machine traffic patterns do not constitute personal data under GDPR or CCPA as they do not relate to an identified or identifiable natural person.
  2. Anonymization: Any IP addresses processed during the filtering of human vs. bot traffic are immediately anonymized or hashed, unless they are strictly necessary for security purposes (e.g., mitigating active DDoS attacks).

IV. Children's Privacy (COPPA & GDPR)

Our Service is not directed to individuals under the age of 13 (USA) or 16 (EU, depending on local laws). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected such data, we will delete it immediately.

V. Data Sharing and Sub-processors

To provide our Service, we share data with the following categories of trusted recipients:

  • Merchant of Record: Creem (Estonia) for global tax compliance and payment processing.
  • Hosting Providers: AWS servers located in Europe (Frankfurt).
  • Analytics: If you opt in to analytics cookies, we use Google Analytics on conscriba.comto measure page usage, product journeys, and conversion events such as registration, login, pricing, and waitlist interactions.
  • Anti-abuse and Bot Protection: We use Cloudflare Turnstileon waitlist and related public forms to reduce spam and abusive submissions.

Important: We do not sell your personal data to third parties.

VI. International Data Transfers

Whenever we transfer data outside the European Economic Area (EEA), we ensure a similar degree of protection by implementing Standard Contractual Clauses (SCCs)approved by the European Commission or by relying on the Data Privacy Frameworkfor US-based entities.

VII. Your Rights

Depending on your location, you have the following rights:

  • EU Users (GDPR): You have the right to access, rectify, or erase your data, the right to data portability, and the right to object to processing.
  • USA Users (CCPA/CPRA): You have the Right to Knowwhat data is collected, the Right to Delete, and the Right to Opt-Out of Sale/Sharing. While we do not sell data, this notice is provided for legal compliance.

VIII. Data Retention

  • Personal Data: We retain your data for the duration of your active subscription and for the period required by tax laws (typically 5-10 years for billing records).
  • Machine Data: AI analytics and aggregated bot data may be stored indefinitely in a non-identifiable form for trend analysis.