Skip to content

Privacy Policy

This Privacy Policy explains how Condulo collects, uses, discloses, and protects information in connection with the condulo.com website and the products and services we offer.

Last Updated: July 9, 2026

1. Who we are

Condulo (“Condulo,” “we,” “us,” or “our”) provides research reports and related services to professional and institutional users. This Policy applies to the condulo.com website (the “Site”) and to the information we process about visitors, prospective customers, and customers (together, “you”). It does not apply to third-party websites or services that we link to, which are governed by their own privacy notices.

If you have questions about this Policy or our privacy practices, contact us at privacy@condulo.com.

2. Information we collect

We collect the following categories of information:

Usage and device data (analytics)

When you visit the Site, our privacy-friendly analytics providers may process information such as pages viewed, referring pages, approximate location derived from your IP address, browser and device type, and performance metrics. We use Vercel Web Analytics and Vercel Speed Insights for this purpose. These tools are designed to be cookieless and do not build advertising profiles about you. We load them only after you opt in and never when your browser sends a Global Privacy Control (GPC) signal. See Your Privacy Choices and Section 8 (Cookies and analytics) below.

Information you provide to us

The Site does not use web forms or accounts. If you email us (for example, at an address published on the Site), we receive your email address, the contents of your message, and any information you choose to include. We use this information to respond to you and to manage our relationship with you.

Payment information

When we offer paid products, payments are processed by Stripe, Inc. (“Stripe”), our third-party payment processor. Your full payment card details are collected and processed directly by Stripe and do not pass through or get stored on Condulo’s servers. We may receive limited transaction information from Stripe, such as confirmation of payment, the last four digits of a card, and billing contact details, to fulfill your order and maintain our records. Stripe processes your information under its own privacy policy, available at stripe.com/privacy, and may set cookies or otherwise process data for payment processing, fraud prevention, and its own compliance purposes.

3. How we use information

We use the information described above to:

  • Operate, maintain, secure, and improve the Site;
  • Understand how the Site is used and measure and improve its performance;
  • Respond to your inquiries and communicate with you;
  • Process and fulfill orders, deliver purchased reports, and provide customer support;
  • Detect, investigate, and prevent fraud, abuse, security incidents, and other harmful or unlawful activity; and
  • Comply with our legal obligations and enforce our agreements, including our Terms of Sale & Use.

4. Legal bases for processing

Where required by applicable law, we rely on the following legal bases to process your information: your consent (for example, for non-essential analytics); the performance of a contract with you (for example, to fulfill an order); our legitimate interests in operating, securing, and improving our business in a manner that is not overridden by your rights; and compliance with our legal obligations. Where we rely on consent, you may withdraw it at any time as described in Section 6.

5. How we share information (service providers and subprocessors)

We do not sell your personal information for money. We share information only in the limited circumstances below:

  • Service providers. We use vetted vendors that process information on our behalf and under our instructions, including Vercel Inc. (website hosting and privacy-friendly analytics; see vercel.com/legal/privacy-policy) and Stripe, Inc. (payment processing; see stripe.com/privacy).
  • Legal and safety. We may disclose information if required to do so by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a security incident.
  • Business transfers. If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to this Policy.

Some analytics or advertising-related sharing can be treated as a “sale” or “sharing” under certain US state privacy laws even when no money changes hands. We treat any such activity as subject to opt-out and honor your choices as described in Section 6 and on the Your Privacy Choices page.

6. Your privacy rights and choices

Depending on where you live, applicable state privacy laws (including the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and comparable laws in states such as Virginia, Colorado, Connecticut, Texas, and others) may give you the following rights:

  • Access / know. Request confirmation of whether we process your personal information and access to that information and details about our processing.
  • Delete. Request deletion of personal information we have collected about you, subject to legal exceptions.
  • Correct. Request correction of inaccurate personal information.
  • Portability. Request a copy of certain information in a portable format.
  • Opt out of sale, sharing, and targeted advertising. Direct us not to sell or share your personal information or use it for targeted advertising.
  • Appeal. Where provided by law, appeal a decision we make about your request.

You are entitled to exercise these rights free from unlawful discrimination. To exercise any of these rights, email us at privacy@condulo.com. We will verify your request using information reasonably necessary to confirm your identity, and you may use an authorized agent where permitted by law. We will respond within the timeframes required by applicable law.

Global Privacy Control and opt-out preference signals. The Site recognizes and honors the Global Privacy Control (GPC) browser signal as a valid request to opt out of the sale or sharing of your personal information. When we detect a GPC signal, we automatically disable non-essential analytics for your browser. You can also manage your analytics choice at any time on the Your Privacy Choices page.

7. “Do Not Sell or Share”

We do not sell your personal information for monetary consideration. To the extent our use of analytics constitutes “sharing” or a “sale” under applicable state law, you can opt out through the Your Privacy Choices page or by enabling a Global Privacy Control signal in your browser.

8. Cookies and analytics

The Site does not use advertising cookies or third-party tracking cookies. Our analytics providers (Vercel Web Analytics and Vercel Speed Insights) are designed to be cookieless and load only after you opt in and never when a Global Privacy Control signal is present. When we offer paid products, Stripe may set cookies that are necessary to process payments and prevent fraud. You can control non-essential analytics on the Your Privacy Choices page.

9. Data retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, including to provide our services, maintain business and financial records, resolve disputes, and comply with our legal obligations. Analytics data is retained in aggregated or de-identified form according to our providers’ standard retention periods. Email correspondence is retained for as long as needed to manage our relationship with you and for our recordkeeping and legal purposes. When information is no longer needed, we delete or de-identify it.

10. Security

We maintain reasonable administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, misuse, or alteration. Payment card data is handled by Stripe using industry-standard security controls and does not touch our servers. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Children’s privacy

The Site is intended for professional and institutional audiences and is not directed to children. We do not knowingly collect personal information from anyone under 16 years of age. If you believe a child has provided us personal information, contact us at privacy@condulo.com and we will take appropriate steps to delete it.

12. International visitors

We operate in the United States, and our providers may process information in the United States and other countries. If you access the Site from outside the United States, you understand that your information may be transferred to, stored, and processed in the United States, where data-protection laws may differ from those in your jurisdiction.

13. Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the “Last Updated” date above. Material changes will be reflected on this page, and your continued use of the Site after an update constitutes acceptance of the revised Policy.

14. Contact us

For questions, concerns, or requests regarding this Policy or your personal information, contact us at privacy@condulo.com.