Privacy policy
Last updated: March 2026 — GDPR-compliant
1. Data controller
NEXPERIO SAS, publisher of L'Atelier du ChatBot.
Contact: contact@atelierduchatbot.com
2. Data collected
2.1 Account creation
| Data | Purpose | Legal basis | Duration |
|---|---|---|---|
| Email address | Authentication, communication | Performance of the contract | Account + 3 years |
| Payment information | Billing (via Stripe) | Performance of the contract | 10 years (legal obligation) |
2.2 Use of the service
| Data | Purpose | Legal basis | Duration |
|---|---|---|---|
| Access logs (IP) | Security, debugging | Legitimate interest | 90 days |
| Chatbot conversations | Service improvement | Performance of the contract | 12 months |
| Leads collected via chatbot | Transfer to operator | End-user consent | 30 days after cancellation |
| Analytics data (anonymized) | Product improvement | Legitimate interest | 26 months |
3. Recipients
- Supabase — database hosting, EU-West Paris region
- Vercel — web hosting
- Stripe — payments (Stripe policy)
- Anthropic / OpenAI / Google — AI processing of messages (pseudonymized data)
No data is sold to third parties.
4. Your rights (GDPR)
You have the rights of access, rectification, erasure, portability, objection and restriction. To exercise them: contact@atelierduchatbot.com. Response time: 30 days maximum.
5. End-user data from your chatbots
As the operator of a chatbot, you are the data controller for data collected from your end users. NEXPERIO SAS acts as a data processor.
6. Security
TLS encryption in transit, encryption at rest, strict access control, regular audits.
7. Transfers outside the EU
Some sub-processors (OpenAI, Anthropic) may process data in the United States, governed by the European Commission's Standard Contractual Clauses (SCC).
8. Complaint
You may lodge a complaint with the French data protection authority CNIL: www.cnil.fr/en