GDPR Compliant

Privacy Policy

Protection & Transparency

Preamble

Protecting your data is our absolute priority. We apply a "Privacy by Design" policy.

Symbioze.ai is committed to complying with applicable regulations, including the General Data Protection Regulation (GDPR) and the French Data Protection Act.

This privacy policy informs you about how we collect, use, share, and protect your personal data when you use our services.

Data Collection

We only collect data strictly necessary for providing our services:

  • Professional data: Professional email address, name, position, company
  • Usage metrics: Aggregated and anonymized data relating to platform usage (connection time, features used, etc.)

⚠️ Zero Training Policy

NO training on client data. We never use your data to train, improve, or fine-tune our AI models. Your data remains strictly confidential and is only used for providing the contracted service.

Purpose of Processing

Your personal data is processed for the following purposes:

  • Service delivery: Execution of ordered agentic AI services, management of your user account, experience personalization
  • Billing: Invoice issuance and tracking, payment management
  • Customer support: Responding to your requests, resolving technical incidents, continuous service improvement
  • Legal obligations: Compliance with accounting, tax, and regulatory obligations

Data Sharing (Sub-processors)

We may share your data with third-party sub-processors, only within the strict framework of service provision, and provided they meet the same security and confidentiality standards:

  • Hosting: Vercel / AWS (or other certified host) — Secure data storage and cloud infrastructure
  • LLM Providers: OpenAI / Anthropic — Enterprise API access only, with contractual guarantees against using data for training

All our sub-processors are subject to strict contractual clauses guaranteeing the protection of your data and their GDPR compliance.

Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, alteration, or disclosure:

  • Encryption: TLS 1.3 for all communications, encryption of data at rest
  • Access Control: Multi-factor authentication, principle of least privilege, regular access audits
  • Infrastructure Security: Hosting on certified platforms (ISO 27001, SOC 2), regular and secure backups
  • Monitoring: Continuous monitoring, anomaly detection, incident response plan

Your Rights

In accordance with GDPR, you have the following rights regarding your personal data:

  • Right of Access: You can obtain a copy of your personal data that we hold
  • Right to Rectification: You can request correction of inaccurate or incomplete data
  • Right to Erasure: You can request deletion of your data (Right to be Forgotten), subject to legal retention obligations
  • Right to Data Portability: You can retrieve your data in a structured, commonly used format
  • Right to Object: You can object to the processing of your data for legitimate reasons
  • Right to Restriction: You can request restriction of processing in certain cases

Contact DPO (Data Protection Officer)

To exercise your rights or for any questions regarding the protection of your data, contact us at: youness.rahali@symbioze.ai

We commit to responding to your request within one month maximum.

Last updated: