← Back

Privacy Policy

Last updated: July 2026

Who we are

Concierge is operated by Fortuna Ventures, based in the Netherlands. We can be reached at privacy@fortunaventures.it.com for any privacy-related questions or requests.

What personal data we collect and why

We only collect data that is strictly necessary to provide the service. When you use Concierge, we collect:

  • Your name — so the person on the call knows who they're speaking with.
  • Your phone number — to connect the call to you via Twilio, our call infrastructure provider.
  • Payment data — processed entirely by Stripe. We never see or store your card details. Stripe is GDPR-compliant and PCI-DSS certified.
  • Call transcript (inbound speech only) — if you consent at the payment step, the words you speak during the call are transcribed in real time by Twilio and used to help our team provide better assistance during the call. This transcription is processed by Twilio and Anthropic (the AI provider). No audio recording is made or stored.

The legal basis for processing your name, phone number, and payment data is contract performance (Article 6(1)(b) GDPR) — we need this data to deliver the service you paid for. The legal basis for transcription is consent (Article 6(1)(a) GDPR), which you give explicitly before paying.

What we do not do

  • We do not record audio of calls.
  • We do not sell your data to third parties.
  • We do not use your data for advertising or profiling.
  • We do not share your data with anyone except the sub-processors listed below, to the minimum extent necessary to operate the service.

Sub-processors

  • Stripe (payment processing) — stripe.com/privacy
  • Twilio (call infrastructure and transcription) — twilio.com/legal/privacy
  • Anthropic (AI analysis of transcribed speech, used only if transcription is enabled) — anthropic.com/privacy
  • DigitalOcean (server infrastructure, Netherlands region) — digitalocean.com/legal/privacy-policy

All sub-processors are contractually bound to GDPR-compliant data processing terms.

How long we keep your data

Your name, phone number, and call transcript are deleted from our systems within 30 days of your call. Payment records are retained for 7 years as required by Dutch tax law (Belastingdienst). You can request earlier deletion of non-financial data at any time.

Your rights under GDPR

You have the right to: access the data we hold about you; correct inaccurate data; have your data deleted (right to erasure); restrict or object to processing; withdraw consent at any time (for transcription); and receive a copy of your data in a portable format. To exercise any of these rights, email privacy@fortunaventures.it.com. We will respond within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

Cookies

We use only strictly necessary functional cookies — a session token required for Stripe's payment security. No tracking, analytics, or advertising cookies are used. No cookie consent banner is required for strictly necessary cookies under Dutch law.

Data transfers outside the EU

Twilio and Anthropic are US-based companies. Both operate under EU Standard Contractual Clauses (SCCs) for data transfers, as required by GDPR. Stripe processes EU payment data within the EU.

Changes to this policy

If we make material changes to this policy, we will update the date above. Continued use of the service after changes constitutes acceptance.

Contact

Fortuna Ventures — privacy@fortunaventures.it.com