Data Protection
Effective date: May 20, 2025
Legal Notice
2AM SAS
Simplified Joint Stock Company (SAS)
24 rue Rambuteau, 75003 Paris
Share capital: €10,000
SIRET: 93527182500017
Intra-community VAT: FR 83935271825
hello@2am-music.com
Publishing Director: Marine Rivollet, President and General Manager
Hosting Provider: OVH
2 rue Kellermann, 59100 Roubaix, France
09 72 10 10 07
www.ovhcloud.com
2. Collection and Processing of Personal Data
Types of data collected:
• Identity and contact details: Last name, first name, email address, phone number.
• Interaction content: Messages exchanged with the AI agent 'Lenny', exchange times and interaction indicators.
• Technical logs: Records tracing operations performed by 'Lenny'.
Processing purposes:
• Provide, manage and improve the automated customer relations service.
• Analyze performance and produce usage statistics.
• Ensure exchange security and legal compliance (GDPR).
Retention period:
• Identity and contact details: Period necessary to fulfill the purposes and in compliance with legal obligations.
• Ensure exchange security and legal compliance (GDPR).
Data backup:
Data is subject to regular and secure backup, kept until one month before the end of the contract.
3. Use of Google Workspace APIs and Third-Party Services
2AM SAS uses Google Workspace APIs, particularly Gmail, exclusively to:
Read, draft, send and automatically modify incoming emails to effectively manage user requests.
Google Workspace APIs used:
• gmail.readonly
• gmail.compose
• gmail.send
• gmail.modify
Specific commitment regarding Google data:
• No use to train or improve generalized AI or ML models.
• No sharing, transfer or disclosure to third parties without explicit consent or legal obligation.
• Immediate revocation of user data access in case of user disconnection.
Other third-party services used:
• Firebase for secure data hosting.
• OpenAI for advanced AI processing.
• BetterStack for technical log management and tracking.
4. GDPR User Rights
Each user has the following rights:
• Access to their personal data.
• Rectification or deletion of their data.
• Limitation or opposition to data processing.
• Data portability.
Any request will be processed within a maximum of seven (7) calendar days.
In case of dissatisfaction regarding the processing of their data, users can file a complaint with the French Data Protection Authority (CNIL).
5. Processing Security and Confidentiality
2AM SAS implements rigorous technical and organizational measures:
• Encryption in transit and at rest.
• Strict and limited data access management.
• Only project managers have access to customer information, through a strict internal policy and dedicated training.
• Systematic access logging.
In case of personal data breach, affected users will be notified within a maximum of 48 business hours.
6. User Transparency and Information
Users are clearly informed:
• That exchanges are carried out with an AI agent in each email sent (signature).
• That they can be connected to a human operator by sending 'human please' in their message.
7. Further Subcontracting and Data Security
2AM SAS acts as a subcontractor and undertakes to:
• Process data only on written instructions from the client.
• Not keep any unauthorized copy of the data.
• Store data exclusively within the European Union, except with appropriate safeguards in case of transfer outside the EU.
• Immediately inform the client of any request for data access by a third party.
• Help the client carry out GDPR impact assessments.
Any subsequent subcontractors will be notified in advance to clients who may object.
8. Privacy Policy Modifications
Any modification to this policy will be published immediately and exclusively on the 2AM website.
9. Applicable Law and Competent Jurisdiction
This policy is governed by French law. In case of dispute, the competent courts are those of the Paris Court of Appeal.
Company
Follow us
