Privacy Policy
Privacy Policy
Last updated: 9 June 2026
1. Data controller
The controller under the General Data Protection Regulation (GDPR) and the Slovenian Personal Data Protection Act (ZVOP-2) is:
Conaprojekt, Tehnično svetovanje, Luka Godnič s.p.
Registered seat: Trstenik 74, 4204 Golnik, Slovenija
Email: info@conaprojekt.si
Website: conasnap.com
2. What we collect
Depending on how you use ConaSnap, we may collect:
- Contact data: name, email, company name — when you provide them voluntarily.
- Subscription and billing data: when you subscribe; payment is processed by Stripe. We do not store card numbers. For businesses we collect billing details including the VAT ID.
- Service content: if you use the app, we process voice recordings and their transcriptions, the content and photos of site reports, the location at recording time (for weather), and report recipients.
- Technical data: IP address, browser type, visit time and — with consent only — anonymised analytics.
3. Legal basis and purposes
We process data on the basis of (Art. 6 GDPR):
- Consent (6(1)(a)): analytics, marketing, optional notifications.
- Contract (6(1)(b)): providing the ConaSnap service you order.
- Legal obligation (6(1)(c)): accounting and tax records.
- Legitimate interest (6(1)(f)): service security, abuse prevention, improvements.
4. Retention
- Contact data: 12 months from last contact.
- Subscription / contract data: 10 years (accounting law).
- Service content (reports, recordings): for the life of the subscription or per the data-processing agreement.
- Technical logs: 30 days.
5. Your rights
Under Art. 15–22 GDPR you have the right to access, rectification, erasure, restriction, portability, objection and withdrawal of consent.
Exercise these by emailing info@conaprojekt.si; we reply within 30 days.
You also have the right to lodge a complaint with the supervisory authority — the Information Commissioner of the Republic of Slovenia (www.ip-rs.si).
6. Who we share data with
We share data with trusted processors who help us run the service:
- Hetzner Online GmbH (Germany) — server and automation hosting.
- NeoServ d.o.o. (Slovenia) — billing and the consent log.
- Supabase (EU, Frankfurt; Supabase Inc., USA) — database and authentication.
- Stripe Inc. (USA/EU) — payment processing and tax calculation.
- Resend (USA) — sending reports by email.
- OpenAI (USA) — speech transcription.
- Anthropic PBC (USA) — structuring report content.
- OpenWeatherMap — weather data.
- Google LLC (USA) — analytics, consent only.
All processors are bound by GDPR-compliant agreements. Transfers to the USA rely on Standard Contractual Clauses (SCC) or the Data Privacy Framework.
7. Security
- Encryption in transit (TLS) for all communications.
- Per-organisation data isolation (row-level security at the database).
- Access limited to authorised people, with two-factor authentication for internal systems.
- Regular server and application updates.
8. Cookies
The site uses cookies and similar technologies. See the Cookie Policy for details.
9. Changes
We may update this policy from time to time. For material changes we will notify you on the website or by email. The last-updated date is shown at the top.
10. Contact
Email: info@conaprojekt.si
Registered seat: Trstenik 74, 4204 Golnik, Slovenija