Privacy Policy
Last updated: April 23, 2026
1. Data Controller
The controller of your personal data is:
Stratelya SASU, trading under the InekIA brand
- Registered office: 60 Rue François-Ier, 75008 Paris, France
- SIREN: 989 300 926
- VAT: FR95989300926
- Legal representative: Moussa Rahmouni
- Contact: contact@inekia.io
For any question regarding the processing of your personal data, please contact us at the address above.
2. Data we collect
We collect the following categories of data:
2.1 Data you provide directly
- Identity: first name, last name
- Contact: professional email address, phone number (optional)
- Company: company name, job title (optional)
- Authentication: password (stored in hashed form, never in plain text)
- Payment: we do not store any banking information. Payments are processed by Stripe (sub-processor), which complies with PCI-DSS standards
2.2 Data collected automatically
- Usage data: pages visited, analyses performed, queries sent to our AI agents
- Technical data: IP address, browser, operating system, connection timestamps
- Cookies: see our cookie policy below
2.3 Data from third-party sources
As part of our market intelligence and prospecting features, we may collect public data about third-party companies via:
- Apollo.io (B2B data)
- LinkedIn (public profiles only)
- Crunchbase (company data)
- Public press sources
3. Purposes and legal bases of processing
| Purpose | Legal basis |
|---|---|
| Providing the service (authentication, access to features) | Performance of contract |
| Billing and payment management | Performance of contract + legal obligation (accounting) |
| Customer support and service-related communications | Performance of contract |
| Service improvement (aggregated usage analytics) | Legitimate interest |
| Sending newsletters and marketing communications | Consent (explicit opt-in, revocable at any time) |
| Fraud prevention and security | Legitimate interest |
| Compliance with legal obligations (accounting, tax) | Legal obligation |
4. Use of artificial intelligence models
Our features rely on artificial intelligence models provided by leading third-party vendors.
Important commitment: We never use your data to train our own AI models or those of our vendors. The data you submit to our AI agents is processed to generate an immediate response and is not reused for training purposes.
Our AI vendors operate under enterprise agreements that exclude reuse of prompts for model training (Zero Data Retention or equivalent).
5. Recipients and sub-processors
Your personal data may be shared with the following categories of sub-processors, all bound by a GDPR-compliant contract:
| Recipient category | Purpose | Location | Transfer outside the EU |
|---|---|---|---|
| Web hosting and cloud infrastructure | Application hosting | Europe / United States | Yes (standard contractual clauses) |
| Database and authentication service | Secure storage of user data | European Union | No |
| Payment processor | Payment processing (PCI-DSS certified) | United States | Yes (standard contractual clauses) |
| Artificial intelligence model providers | Generation of AI analyses and responses | Europe / United States | Yes (standard contractual clauses) |
| Transactional email provider | Sending service-related emails (confirmation, password reset) | United States | Yes (standard contractual clauses) |
| B2B enrichment provider | Public company and prospect data | United States | Yes (standard contractual clauses) |
| Audience measurement and advertising provider | Anonymized analytics and ad-conversion tracking | United States | Yes (standard contractual clauses) |
For transfers outside the European Union, we rely on the Standard Contractual Clauses (SCC) of the European Commission or on adequacy decisions where applicable. This policy covers users located in the European Union, the European Economic Area, and the United Kingdom (UK GDPR).
The precise list of sub-processors used is available on request to contact@inekia.io, as part of your right of access (Article 15 GDPR).
6. Data retention
| Type of data | Retention period |
|---|---|
| Active account data | For the duration of the subscription |
| Usage data (logs, analyses) | 30 days after cancellation |
| Billing data (invoices, receipts) | 10 years (statutory accounting obligation) |
| Marketing data (after unsubscription) | Immediate deletion |
| Analytics cookies | 13 months maximum |
| Prospects from third-party sources (Apollo) | 3 years from last interaction |
At the end of these periods, data is deleted or anonymized.
7. Your rights
Under the GDPR, you have the following rights:
- Right of access: obtain a copy of your data
- Right to rectification: correct inaccurate data
- Right to erasure ("right to be forgotten"): request deletion of your data
- Right to restriction of processing
- Right to data portability: receive your data in a structured format
- Right to object to processing based on legitimate interest
- Right to withdraw consent at any time (for consent-based processing)
- Right to issue post-mortem directives
To exercise these rights, contact us at contact@inekia.io. We will respond within a maximum of 30 days.
In case of disagreement, you may lodge a complaint with the French Data Protection Authority (CNIL):
- cnil.fr
- 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
8. Security
We implement technical and organizational measures to protect your data:
- Encryption of data in transit (HTTPS/TLS)
- Password hashing (bcrypt or equivalent)
- Two-factor authentication available
- Strict access rules (Row Level Security) on our databases
- Regular security audits
- Automatic encrypted backups
In the event of a data breach affecting your rights and freedoms, we will notify you within 72 hours, in accordance with Article 33 of the GDPR.
9. Cookies
We use the following cookies:
| Category | Purpose | Consent required |
|---|---|---|
| Essential | Authentication, user preferences | No (exemption) |
| Analytics | Anonymous audience measurement (Google Analytics) | Yes |
| Marketing | Ad conversion tracking (Google Ads) | Yes |
You can manage your preferences via our cookie banner or your browser settings.
10. Minors
Our service is reserved for adults (18 and over) or minors acting in a professional capacity with parental authorization. We do not knowingly collect data from minors under 16 without parental consent.
11. Changes to this policy
This policy may be amended. In the event of a substantial change, you will be notified by email at least 30 days before the changes take effect. The last-updated date appears at the top of this document.
12. Contact
For any question regarding your personal data:
- Email: contact@inekia.io
- Postal address: Stratelya SASU – DPO, 60 Rue François-Ier, 75008 Paris, France