Palisai
Draft — pending legal review. This document is not yet legally binding.

Privacy policy

Last updated: 1 June 2026

This privacy policy explains how Palisai collects, uses and protects personal data when you use our website, free tools and platform. We process personal data in accordance with the General Data Protection Regulation (GDPR).

1. Data controller

The data controller responsible for processing your personal data is Conxo ApS (CVR 31939127), Center Boulevard 5, IH307, 2300 København S, Denmark. You can contact us about data protection at info@conxo.dk.

2. What personal data we collect

We only collect the data necessary to provide and improve our services:

  • Account data: name, email address and a secure hash of your password.
  • Billing data: handled by our payment provider (Stripe); we do not store full card details.
  • Scan inputs: domain names and related technical data you enter into our tools.
  • Usage data: aggregated, anonymised web analytics (Plausible, cookieless).
  • Support communications: the contents of enquiries you send us.

3. Purposes and legal basis

We process personal data on the following bases:

  • Performance of a contract (GDPR Art. 6(1)(b)): to provide your account, subscription and the platform.
  • Legitimate interests (Art. 6(1)(f)): to secure, maintain and improve the service.
  • Consent (Art. 6(1)(a)): where required, e.g. marketing communications.
  • Legal obligation (Art. 6(1)(c)): e.g. accounting and tax law.

4. Processors and sub-processors

We only share personal data with trusted providers who process data on our behalf under a data processing agreement:

  • Hetzner Online GmbH (Germany, EU) — hosting and infrastructure.
  • Stripe — payment processing.
  • Resend — sending transactional email.
  • Plausible Analytics — cookieless web analytics.
  • Supabase (self-hosted on our EU infrastructure) — authentication and database.

5. Retention

We retain personal data for as long as necessary for the purposes for which it was collected, and in accordance with the periods below. Data that is no longer needed is deleted or anonymised:

  • Account data (name, email): duration of contract + 3 years (Danish Limitation Act)
  • Billing data and transaction records: 5 years from end of financial year (Danish Bookkeeping Act § 10)
  • Server and access logs: 30 days (legitimate interest — operational security)
  • Support tickets and emails: 2 years (legitimate interest — proof of service delivery)
  • Scan inputs (domain names etc.): maximum 30 days after contract termination (data minimisation principle)
  • Marketing / leads: 1 year after last interaction, or on withdrawal of consent

6. Your rights

Under the GDPR you have the following rights:

  • Access to the data we process about you.
  • Rectification of inaccurate data.
  • Erasure (the right to be forgotten).
  • Restriction of and objection to processing.
  • Data portability.
  • Lodging a complaint with the Danish Data Protection Agency (Datatilsynet, www.datatilsynet.dk).

7. Security

We apply appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls and infrastructure located exclusively within the EU.

8. Changes to this policy

We may update this privacy policy from time to time. Material changes will be communicated via the website or by email. The date at the top indicates when the policy was last updated.

9. Contact

If you have questions about this policy or wish to exercise your rights, contact us at info@conxo.dk or by post: Conxo ApS, Center Boulevard 5, IH307, 2300 København S, Denmark.