Legal

Privacy Policy

Last updated: June 2026

1. Who we are

This Privacy Policy describes how [COMPANY NAME] ("we", "us"), the publisher of the CuriaLex platform (the "Platform"), collects, uses, and protects the personal data of its Users, in accordance with the General Data Protection Regulation (GDPR) and applicable French law.

For any question relating to this policy or to your personal data, you may contact us at [PRIVACY CONTACT EMAIL].

2. Data we collect

Depending on your use of the Platform, we may collect:

  • Identification data: name, email address, and authentication information (managed via our authentication provider, Clerk);
  • Account and subscription data: selected plan, trial and subscription status, billing history (processed via our payment provider, Stripe);
  • Usage data: questions submitted to the Platform, generated answers, conversation history, and technical logs (browser type, IP address, pages visited);
  • Communications: any correspondence you send us (support requests, contact forms).

3. How we use your data

We use your personal data to:

  • Create and manage your account, and provide access to the Platform;
  • Process your subscription and payments;
  • Operate the research and conversational features of the Platform, including retaining conversation history so you can resume previous research;
  • Provide technical and customer support;
  • Improve the Platform through aggregated, anonymized usage analytics;
  • Send you service communications (e.g. trial expiry, billing) and, with your consent, marketing communications;
  • Comply with our legal and regulatory obligations.

We do not analyze the content of your questions or conversations for any purpose other than providing and improving the Platform's core functionality.

4. Legal basis for processing

Our processing of your personal data is based on, depending on the case: the performance of the contract between you and us (provision of the Platform and subscription management), your consent (e.g. marketing communications), our legitimate interest (e.g. service security and improvement), and compliance with our legal obligations (e.g. accounting records).

5. Sharing of data

We never sell your personal data. Your data may be shared with the following categories of recipients, strictly for the purposes described in this policy:

  • Hosting providers, for storing the Platform's infrastructure and data;
  • Clerk, for authentication and account management;
  • Stripe, for payment processing;
  • Providers of the artificial intelligence models used by the Platform (e.g. OpenAI, Anthropic, Pinecone), under contractual terms that prohibit the use of your data to train their models;
  • Judicial or administrative authorities, where required by law.

6. AI models and your data

Your questions and conversations are processed by third-party artificial intelligence providers solely to generate the answers displayed to you. Under the commercial API terms governing these providers, your data is never used to train or improve their general-purpose AI models.

7. Data security

We implement appropriate technical and organizational measures to protect your personal data, including encryption of data in transit, access controls limiting data access to authorized personnel, and the use of reputable infrastructure and payment providers.

8. Data retention

We retain your personal data for as long as your account is active. Following account closure, your data is deleted within 30 days, except for:

  • Billing and accounting records, retained for the period required by applicable law (typically up to 10 years);
  • Information we are required to retain to comply with a legal obligation or to resolve a dispute.

9. Your rights

In accordance with the GDPR, you have the right to access, rectify, erase, and port your personal data, the right to restrict or object to its processing, and the right to withdraw your consent at any time where processing is based on consent. To exercise these rights, contact us at [PRIVACY CONTACT EMAIL]. You also have the right to lodge a complaint with the relevant data protection supervisory authority (in France, the CNIL).

10. International transfers

Some of our service providers may be located outside the European Economic Area. Where this is the case, we ensure that appropriate safeguards are in place, such as the European Commission's Standard Contractual Clauses, to protect your personal data.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified to Users through the Platform or by email before taking effect.