Your Data & Privacy

// GDPR rights, data we hold about you, and how to exercise your rights

🇫🇷

All data stays in France — on your own hardware

Your documents, answers, and knowledge base are processed exclusively on this machine, located in PACA Region, France. Nothing leaves the server. No data is sent to OpenAI, Anthropic, Google, or any third party. The AI runs entirely via Ollama (a local open-source runtime) using open-weight models.

📍
Processing Location
Where your data lives and is processed
REGION
PACA, France
JURISDICTION
EU / GDPR
HARDWARE
RTX 5080 GPU
DATA SHARED WITH
Nobody

Your GDPR Rights

ART. 13–14

Right to Be Informed

You have the right to know what data we collect, why, and how long we keep it. This page is that notice.

ART. 15

Right of Access

You can download a full export of everything stored about you at any time using the button below.

ART. 17

Right to Erasure

You can permanently delete your account and all associated data. This is irreversible.

ART. 20

Right to Portability

Your data export is a structured JSON file you can import into other systems.

ART. 5

Data Minimisation

We only store what you explicitly upload. Session tokens expire after 7 days of inactivity.

ART. 25

Privacy by Design

Passwords are hashed with scrypt + 16-byte random salt. Session cookies are HttpOnly, SameSite=Strict.

What We Hold About You

👤 Your Profile
📁 Uploaded Files
🧠 Knowledge Base
Retention Policy
Uploaded files Until you delete
Session tokens 7 days inactivity
Answer cache 24 hours
KB chunks Until you delete
🔒
Our Privacy Commitments
What we do and don't do with your data
No cloud processing All AI inference runs locally on this machine. Your documents never leave your network.
No third-party AI APIs We do not call OpenAI, Anthropic, Cohere, Google AI, or any other external AI service.
No analytics or tracking No Google Analytics, Mixpanel, Sentry, or any external tracking scripts on this site.
Per-user data isolation Your files and KB chunks are stored in a private directory keyed to your user ID. Other users cannot access them.
Passwords never stored in plain text Passwords are hashed with scrypt (N=16384, r=8, p=1) and a unique 16-byte random salt per user.
GDPR jurisdiction Server is located in France (EU). All processing is subject to GDPR Regulation (EU) 2016/679.

⚠ Danger Zone — Delete My Account

This permanently and irreversibly deletes your account, all uploaded files, your entire knowledge base, and all session data. There is no undo.

✉️
Contact the Data Controller
For GDPR requests or questions

For any GDPR requests that cannot be handled through this interface, contact the data controller:

EMAIL [email protected]
RESPONSE TIME Within 30 days (GDPR Art. 12)
DPA AUTHORITY CNIL (France) — cnil.fr