Privacy Policy
Effective date: May 20, 2025
1. Collection and Processing of Personal Data
Types of data collected:
• Identity and contact details: Last name, first name, email address, phone number.
• Interaction content: Messages exchanged with the AI agent 'Lenny', exchange times and interaction indicators.
• Technical logs: Records tracing operations performed by 'Lenny'.
Processing purposes:
• Provide, manage and improve the automated customer relations service.
• Interaction data and technical logs: Kept for 30 days after the end of the contract, unless explicitly requested otherwise.
Data backup:
Data is subject to regular and secure backup, kept until one month before the end of the contract.
2. Use of Google Workspace APIs and Third-Party Services
2AM SAS uses Google Workspace APIs, particularly Gmail, exclusively to:
Read, draft, send and automatically modify incoming emails to effectively manage user requests.
Google Workspace APIs used:
• gmail.readonly
• gmail.compose
• gmail.send
• gmail.modify
Specific commitment regarding Google data:
• No use to train or improve generalized AI or ML models.
• No sharing, transfer or disclosure to third parties without explicit consent or legal obligation.
• Immediate revocation of user data access in case of user disconnection.
Other third-party services used:
• Firebase for secure data hosting.
• OpenAI for advanced AI processing.
• BetterStack for technical log management and tracking.
3. GDPR User Rights
Each user has the following rights:
• Access to their personal data.
• Rectification or deletion of their data.
• Limitation or opposition to data processing.
• Data portability.
Any request will be processed within a maximum of seven (7) calendar days.
In case of dissatisfaction regarding the processing of their data, users can file a complaint with the French Data Protection Authority (CNIL).
4. Processing Security and Confidentiality
2AM SAS implements rigorous technical and organizational measures:
• Encryption in transit and at rest.
• Strict and limited data access management.
• Only project managers have access to customer information, through a strict internal policy and dedicated training.
• Systematic access logging.
In case of personal data breach, affected users will be notified within a maximum of 48 business hours.
5. User Transparency and Information
Users are clearly informed:
• That exchanges are carried out with an AI agent in each email sent (signature).
• That they can be connected to a human operator by sending 'human please' in their message.
6. Further Subcontracting and Data Security
2AM SAS acts as a subcontractor and undertakes to:
• Process data only on written instructions from the client.
• Not keep any unauthorized copy of the data.
• Store data exclusively within the European Union, except with appropriate safeguards in case of transfer outside the EU.
• Immediately inform the client of any request for data access by a third party.
• Help the client carry out GDPR impact assessments.
Any subsequent subcontractors will be notified in advance to clients who may object.
Company
Follow us
