Política de privacidad

**Aviso**: Esta es una traducción para facilitar la lectura. En caso de disputa legal, prevalece la [versión francesa original](/fr/legal/). --- ## 1. Data controller The data controller is: Pierre Moreau-Paganelli (Sole proprietor (auto-entrepreneur)) SIREN: 914 474 200 35 rue de la Jonquière, 75017 Paris, France Contact: support@askaurel.com ## 2. Data collected When you use Ask Aurel, we collect: **Data you provide:** - Email address (mandatory for account creation) - First and last name (optional) - Preferences (language, theme, custom agents) - Conversation content (questions and AI responses) **Data collected automatically:** - IP address (for anti-fraud and rate-limiting) - User-agent (browser, OS) - Browser fingerprint (for public demo only) - Technical logs (request timestamps, error codes) **Payment data:** - No banking data is stored by us. Stripe handles payments entirely, in line with its own privacy policy. ## 3. Processing purposes Your data is used for: | Purpose | Legal basis | |---|---| | Service provision (auth, chat, agents) | Performance of contract | | Billing and payment management | Legal obligation | | Fraud and abuse prevention | Legitimate interest | | Service improvement (anonymized statistics) | Legitimate interest | | Transactional emails (magic link, receipts) | Performance of contract | | Marketing emails (never without explicit consent) | Consent | ## 4. Data recipients We share certain data with the following **sub-processors**: | Sub-processor | Role | Country | |---|---|---| | Supabase Inc. | Authentication and database | EU (Ireland) | | Vercel Inc. | Hosting | USA (DPF) | | Stripe Inc. | Payment processing | USA (DPF) | | Resend Inc. | Transactional email | USA (DPF) | | Cloudflare Inc. | Anti-bot (Turnstile) | USA (DPF) | | Anthropic, OpenAI, Google, Mistral, xAI, DeepSeek | AI request processing | Variable | ⚠️ **Important**: the content of your questions is sent to AI providers for processing. Per their public policies, **Anthropic, OpenAI, and Google do NOT use API data to train their models**. Equivalent terms apply to Mistral, xAI, and DeepSeek. You should **not submit sensitive or confidential personal data** in your questions. ## 5. Retention periods | Data | Period | |---|---| | User account | While active + 3 years after last login | | Conversations | While account is active (you can delete them at any time) | | Technical logs | 12 months | | Billing data | 10 years (French tax obligation) | | Browser fingerprints (demo) | 30 days | ## 6. Your rights Under GDPR, you have the following rights: - **Access**: obtain a copy of your data - **Rectification**: correct inaccurate data - **Erasure**: delete your account and data - **Restriction**: limit certain processing - **Portability**: receive your data in a structured format (JSON) - **Objection**: refuse certain processing (anti-fraud, marketing) - **Withdraw consent**: at any time for consent-based processing To exercise your rights: support@askaurel.com. We respond within **30 days maximum**. ## 7. Cookies Our use of cookies is detailed in the [Cookie Policy](/legal/cookies). ## 8. Security Your data is encrypted in transit (HTTPS/TLS 1.3) and at rest (Supabase encryption). Passwords are never used (magic link authentication only). In the event of a data breach, we commit to notifying the CNIL within 72 hours as required by GDPR. ## 9. Complaint to the data protection authority If you believe your rights are not respected, you may file a complaint with the **CNIL** (French DPA): Commission Nationale de l'Informatique et des Libertés 3 Place de Fontenoy — TSA 80715 75334 PARIS CEDEX 07 — France [www.cnil.fr](https://www.cnil.fr)