Effective Date: 05/13/2025
1. Introduction
This Privacy Policy explains how Calk SAS, a simplified joint-stock company (SAS) registered under the name Calk AI with RCS Paris number 941 032 187, ("Calk", "we", "our", or "us") collects, uses, shares, and protects personal data when you use our services.
Calk AI is committed to protecting your privacy and ensuring the responsible use of your data in compliance with applicable data protection regulations, including the General Data Protection Regulation (GDPR) and French privacy laws.
2. Who is responsible for your data?
The data controller is:
Calk SAS (Calk AI)
SIRET: 941 032 187 00014
RCS Paris
60 rue François 1er 75008 Paris
Email: hello@calk-ai.com
We have not yet appointed a Data Protection Officer (DPO), but you may contact us at the above email with any questions or concerns.
3. What personal data do we collect?
We may collect and process the following categories of personal data:
- Identification data: name, email address, password, company name
- Usage data: login activity, interactions with the platform, preferences
- Content data: documents, messages, and files uploaded or used within the Service
- Payment data: billing information and transaction records (handled by third-party payment processors)
- Technical data: IP address, device type, browser, OS, log data, cookies
We do not collect any sensitive personal data unless explicitly provided by you in your content or use of the Service.
4. How do we collect your data?
We collect data:
- When you create an account
- When you upload files, documents, or connect third-party services (e.g., Google Drive)
- When you use the platform and interact with AI agents
- When you contact us via email or forms
- When you subscribe to a newsletter or request a demo
5. Why do we collect your data?
We process your personal data for the following purposes:
- To provide and improve our Service
- To manage user accounts and authentication
- To respond to support requests or inquiries
- To analyze usage for product improvement
- To comply with legal obligations (e.g., accounting, security)
- To send updates, alerts, or marketing communications (with your consent)
6. Legal basis for processing
Under GDPR, we rely on the following legal bases:
- Performance of a contract: to provide access to and functionality of the platform
- Legitimate interest: to improve the Service, ensure security, and prevent fraud
- Consent: for optional services such as marketing emails
- Legal obligation: to comply with tax, accounting, or legal regulations
- The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.
7. Who has access to your data?
Your personal data may be shared with:
- Our authorized employees and contractors
- Third-party service providers (e.g., hosting, AI providers, payment processors)
- Sub-processors, including cloud infrastructure providers like AWS (servers located in France) and database providers like MongoDB
- Legal or regulatory authorities when required by law
All third parties are contractually bound to protect your data and act in compliance with GDPR and French laws.
8. International transfers
In principle, we host and process data within the European Economic Area (EEA). In cases where data is transferred outside the EEA, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).
9. How long do we retain your data?
We retain your data:
- As long as you are a user or client of our Service
- As required to comply with legal obligations
- Until you request deletion of your account and data
Inactive accounts may be deleted after 24 months of inactivity, with prior notice.
10. Your rights
You have the following rights under GDPR:
- Right of access to your data
- Right to rectification if data is incorrect or incomplete
- Right to erasure ("right to be forgotten")
- Right to restriction of processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent at any time
- Right to lodge a complaint with CNIL (www.cnil.fr)
To exercise any of these rights, please contact us at [Insert Contact Email].
11. Data security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption of data at rest and in transit
- Access control and authentication mechanisms
- Regular audits and security monitoring
- Infrastructure hosted in secure, GDPR-compliant data centers (e.g., AWS France)
We are working toward SOC2 and ISO27001 certifications to further strengthen our security posture.
12. Cookies and tracking
We use cookies and tracking tools for:
- Platform functionality (authentication, session management)
- Performance and analytics (e.g., via Google Analytics)
- Marketing (only with consent)
You can configure cookie preferences in your browser settings or through our cookie banner.
13. Third-party links
The platform may contain links to third-party websites or services. This policy does not apply to third-party sites, and we are not responsible for their privacy practices.
14. Updates to this policy
We may update this Privacy Policy from time to time. We will notify you by email or via the platform if significant changes occur. Your continued use of the Service constitutes acceptance of the updated policy.
15. Contact
For questions, requests, or concerns regarding your data:
Calk SAS (Calk AI)
Email: hello@calk-ai.com
SIRET: 941 032 187 00014
RCS Paris