Privacy Policy

Data Controller

• [TO BE COMPLETED - Company name]
• [TO BE COMPLETED - Address]
• Email: contact@audit-ia.com
• Data Protection Officer (DPO): [TO BE COMPLETED]
• DPO contact: [TO BE COMPLETED - dpo@audit-ia.com]

Data We Collect

Purposes and Legal Basis

We process your data for the following purposes:

• Account management and authentication — Legal basis: contract performance
• Provision of audit and consent certification services — Legal basis: contract performance
• Billing and subscription management — Legal basis: contract performance and legal obligation
• Security monitoring and fraud prevention — Legal basis: legitimate interest
• Service improvement and analytics — Legal basis: legitimate interest
• Service-related communications (alerts, reports) — Legal basis: contract performance
• Legal and regulatory compliance — Legal basis: legal obligation

Data Recipients

Your data may be shared with the following categories of recipients:

• Stripe — Payment processing (PCI-DSS certified)
• Amazon Web Services (AWS) — Infrastructure and data storage (EU region: eu-west)
• Email service provider — Transactional email delivery
• AI processing provider — Compliance audit analysis (data anonymized where possible)
• Legal authorities — When required by law or court order

Data Retention

We retain your data for the following periods:

• Account data: duration of account activity + 3 years after deletion
• Consent proofs: 5 years (legal retention for compliance evidence)
• Audit results: 3 years
• Technical logs: 12 months
• Billing data: 10 years (legal obligation)

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access — Obtain a copy of your personal data
• Right to rectification — Correct inaccurate or incomplete data
• Right to erasure — Request deletion of your data (subject to legal retention obligations)
• Right to data portability — Receive your data in a structured, machine-readable format
• Right to object — Object to processing based on legitimate interest
• Right to restriction — Restrict processing in certain circumstances
• Right to withdraw consent — Where processing is based on consent

To exercise your rights, contact us at: [TO BE COMPLETED - dpo@audit-ia.com]

You also have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés): www.cnil.fr

Cookies and Trackers

We use the following types of cookies:

• Essential cookies — Required for website operation (authentication, security). Cannot be disabled.
• Analytics cookies — Help us understand how visitors use the site. Can be disabled.
• Preference cookies — Remember your settings (language, theme). Can be disabled.

You can manage your cookie preferences at any time through your browser settings.

International Data Transfers

Your data is primarily stored within the European Union. If data transfer outside the EU is necessary (e.g., for AI processing), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

Data Security

We implement appropriate technical and organizational measures to protect your data, including: encryption in transit (TLS) and at rest, access controls and authentication, regular security audits, intrusion detection systems, and cryptographic signing of consent proofs.

Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be communicated via email or through a notice on our website. The date of the last update is indicated at the top of this page.

Contact

For any questions regarding this privacy policy or your personal data, please contact us at: contact@audit-ia.com