Privacy Policy

Last Updated: February 2026

Consono ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the consono.ai website and related services (the "Service").

This Privacy Policy is provided in accordance with Regulation (EU) 2016/679 (the "General Data Protection Regulation" or "GDPR") and the Belgian Act of 30 July 2018 on the Protection of Natural Persons with Regard to the Processing of Personal Data.

Please read this Privacy Policy carefully. By using our Service, you acknowledge that you have read and understood this Privacy Policy.

Table of Contents
1. Data Controller

The data controller responsible for your personal data is:

Consono

Email: info@consono.ai

Website: https://consono.ai

Consono is a commercial name of

Dynactionize NV

Schillerstraat 8

2050 Antwerp (Belgium)

VAT: BE0545.872.052

For all data protection matters, you can contact us at info@consono.ai.

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

2.1 Data You Provide Directly

  • Account information: name, email address, and password when you create an account
  • Profile information: any additional information you choose to add to your profile
  • Communications: information you provide when you contact us (e.g., support requests, feedback)
  • User Content: any content you post, upload, or share through the Service, which may contain personal data

2.2 Data Collected Automatically

  • Technical data: IP address, browser type and version, operating system, device type, screen resolution
  • Usage data: pages visited, time spent on pages, click patterns, features used, referring/exit pages
  • Log data: server logs including access times, error logs, and request data
  • Cookie data: information collected through cookies and similar tracking technologies

2.3 Data from Third Parties

We may receive personal data about you from third parties, such as social login providers (if you choose to sign in using a third-party account) or business partners. We will inform you of the source and categories of data received in accordance with Art. 14 GDPR.

3. Purposes and Legal Bases for Processing

We process your personal data for the following purposes and on the following legal bases under Art. 6(1) GDPR:

PurposeLegal BasisData Categories
Provide and operate the Service(b) Performance of contractAccount info, technical data
Communicate with you(b) Contract / (f) Legitimate interestsContact info, communications
Improve and develop Service(f) Legitimate interestsUsage data, technical data
Analytics and monitoring(a) ConsentCookie data, usage data
Security and fraud prevention(f) Legitimate interestsTechnical data, log data
Comply with legal obligations(c) Legal obligationAll relevant data
Marketing communications(a) ConsentContact info, preferences

Legitimate interests: Where we rely on legitimate interest as a legal basis, our interests include: ensuring the security and integrity of our Service, improving our Service, understanding how users interact with the Service, and fraud prevention. We have carried out balancing tests to ensure that your fundamental rights and freedoms do not override our legitimate interests. You may request details of these balancing tests by contacting us.

4. Data Sharing and Recipients

We may share your personal data with the following categories of recipients:

  • Service providers: Third-party companies that perform services on our behalf, such as hosting, analytics, customer support, and email delivery. These providers act as data processors and process your data only on our instructions under a data processing agreement (Art. 28 GDPR).
  • Legal and regulatory authorities: Where required by law, regulation, legal process, or governmental request.
  • Business transfers: In connection with a merger, acquisition, reorganisation, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such transfer and any choices you may have regarding your data.
  • With your consent: We may share your data with other third parties when you have given us your explicit consent to do so.

We do not sell your personal data to third parties.

5. International Data Transfers

Your personal data is stored and processed within the European Economic Area (EEA). We do not transfer your personal data outside the EEA.

All our service providers who process personal data on our behalf are established within the EEA or are subject to appropriate safeguards ensuring an adequate level of data protection.

Should this change in the future, we will ensure that any transfer of personal data outside the EEA is carried out in compliance with Chapter V of the GDPR, using appropriate safeguards such as Standard Contractual Clauses (SCCs) adopted by the European Commission, adequacy decisions, or other legally recognised mechanisms. We will update this Privacy Policy accordingly.

6. Data Retention

We retain your personal data only for as long as is necessary for the purposes for which it was collected. The criteria used to determine our retention periods include:

  • The duration of our contractual relationship with you
  • Whether there is a legal obligation to retain the data (e.g., tax or accounting requirements)
  • Whether retention is necessary for the establishment, exercise, or defence of legal claims
  • Our legitimate business interests (e.g., fraud prevention)

When personal data is no longer necessary for the purposes for which it was collected, we will securely delete or anonymise it.

7. Cookies and Tracking Technologies

Our Service uses cookies and similar technologies. Cookies are small text files placed on your device when you visit our website.

7.1 Types of Cookies

Strictly Necessary Cookies

Essential for the Service to function (e.g., session management, authentication). These do not require your consent under the ePrivacy Directive.

Functional Cookies

Remember your preferences and settings to enhance your experience. These require your consent.

Analytics Cookies

Help us understand how users interact with our Service (e.g., page views, navigation paths). These require your consent.

Marketing Cookies

Used to deliver relevant advertisements and track campaign effectiveness. These require your consent.

7.2 Cookie Consent

In accordance with the Belgian Act of 13 June 2005 on Electronic Communications and the ePrivacy Directive (Directive 2002/58/EC, as amended), we obtain your prior consent before placing any non-essential cookies on your device. You can manage, modify, or withdraw your cookie consent at any time through our cookie settings.

7.3 How to Control Cookies

In addition to our cookie consent tool, you can control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the Service.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage, in accordance with Art. 32 GDPR. These measures include, but are not limited to:

  • Encryption of data in transit (TLS/SSL) and at rest where appropriate
  • Access controls and authentication mechanisms
  • Regular security assessments and testing
  • Employee training on data protection and security
  • Incident response and breach notification procedures

While we strive to protect your personal data, no method of electronic transmission or storage is 100% secure. In the event of a personal data breach, we will comply with the notification requirements under Articles 33 and 34 of the GDPR.

9. Your Rights Under the GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15): You have the right to obtain confirmation as to whether your personal data is being processed and, if so, to access the data and receive a copy.
  • Right to rectification (Art. 16): You have the right to have inaccurate personal data corrected and incomplete data completed.
  • Right to erasure (Art. 17): You have the right to request the deletion of your personal data in certain circumstances (e.g., the data is no longer necessary, you withdraw consent, or processing is unlawful).
  • Right to restriction of processing (Art. 18): You have the right to restrict the processing of your personal data in certain situations.
  • Right to data portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21): You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right not to be subject to automated decision-making (Art. 22): You have the right not to be subject to a decision based solely on automated processing.
  • Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw that consent at any time.

9.1 How to Exercise Your Rights

To exercise any of the above rights, please contact us at info@consono.ai. We will verify your identity before processing your request. We will respond within one (1) month, which may be extended by two (2) further months where necessary (Art. 12(3) GDPR).

Exercising your rights is free of charge. However, where requests are manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on the request (Art. 12(5) GDPR).

9.2 Right to Lodge a Complaint

If you believe that our processing of your personal data infringes the GDPR or Belgian data protection law, you have the right to lodge a complaint with the Belgian Data Protection Authority:

Gegevensbeschermingsautoriteit (GBA) / Autorité de protection des données (APD)

Drukpersstraat / Rue de la Presse 35

1000 Brussels, Belgium

Phone: +32 (0)2 274 48 00

Email: contact@apd-gba.be

Website: https://www.gegevensbeschermingsautoriteit.be

You also have the right to lodge a complaint with the supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement (Art. 77 GDPR).

10. Children's Privacy

Our Service is not directed at children under the age of 16 (or such lower age as applicable in the relevant EU Member State under Art. 8 GDPR; in Belgium, the age is 13). We do not knowingly collect personal data from children under this age. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at info@consono.ai, and we will take steps to delete such data.

11. Automated Decision-Making and Profiling

We do not currently engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you within the meaning of Art. 22 GDPR. Should this change, we will update this Privacy Policy and, where required, obtain your explicit consent.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email (to the address associated with your account) or by a prominent notice on the Service at least thirty (30) days before the changes take effect.

Where changes affect the legal basis for processing or introduce new purposes, we will ensure compliance with applicable GDPR requirements, including obtaining your consent where necessary.

We encourage you to review this Privacy Policy periodically. The "Last updated" date at the top of this policy indicates when the last revisions were made.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:

Consono

Email: info@consono.ai

Website: https://consono.ai

This privacy policy complies with GDPR and Belgian data protection law