Privacy Policy

Last updated: April 16, 2026

1. Data controller

The data controller is:

• Company name: Strategixs — Société par actions simplifiée (SAS)
• Address: 50 Avenue des Champs Élysées, 75008 Paris, France
• SIREN: 929 145 621
• SIRET: 929 145 621 00017
• VAT No.: FR61929145621
• Email: [email protected]

For any questions regarding your personal data, contact us at the address above.

2. Data collected

We collect the following data:

• Email: collected via Stripe during payment, or via the capture form (newsletter).
• Submitted texts: the message or situation you submit for analysis.
• Analysis context: relationship type, analysis mode, additional context provided voluntarily.
• Payment data: processed exclusively by Stripe (we do not store card numbers or banking details).
• Technical data: IP address, user-agent, request timestamps (collected automatically for service security).

No user account is created. We do not collect names, postal addresses, or phone numbers.

3. Legal basis for processing

Your data is processed under the following legal bases (GDPR Art. 6):

• Contract performance: processing your order, generating the analysis, managing payment.
• Consent: newsletter signup, voluntary email capture.
• Legitimate interest: service security, fraud prevention, technical logs.

4. Purpose of processing

Your data is used exclusively for:

• Generating your personalized analysis via our AI engine.
• Processing and confirming your payment.
• Contacting you in case of a technical issue related to your order.
• Improving service quality (anonymized and aggregated data only).

Your texts are never used to train AI models.

5. Sub-processors and data sharing

Your data is shared with the following providers, strictly necessary for the operation of the service:

Provider	Role	Location
Stripe, Inc.	Payment processing	USA (DPF certified)
OpenAI, Inc.	AI analysis generation	USA (DPF certified)
Cloudflare, Inc.	Hosting, CDN, database	Global (DPF certified)

Your data is never sold to third parties. No data is shared for advertising purposes.

6. Transfers outside the European Union

Some of our providers are based in the United States. These transfers are governed by:

• The EU-U.S. Data Privacy Framework (DPF) for Stripe, OpenAI, and Cloudflare.
• Standard Contractual Clauses (SCCs) from the European Commission where the DPF does not apply.

In accordance with Article 46 of the GDPR, appropriate safeguards are in place to protect your data.

7. Data retention

• Submitted texts and analyses: 90 days, then automatic deletion.
• Email: retained as long as necessary for the business relationship, maximum 3 years after the last purchase.
• Payment data: retained by Stripe according to their own policy (legal accounting obligations).
• Technical logs: 30 days maximum.
• Newsletter: until unsubscription.

8. Cookies and tracking technologies

This site uses cookies strictly necessary for the operation of the service:

• Technical session: maintaining your browsing session (no tracking cookies).
• Cloudflare: security and performance cookies (cf-bm, __cflb).

We use no advertising, analytics, or profiling cookies. No third-party tracking tools (Google Analytics, Facebook Pixel, etc.) are installed.

9. Your rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of access: obtain a copy of your personal data.
• Right to rectification: correct inaccurate data.
• Right to erasure: request deletion of your data.
• Right to data portability: receive your data in a structured format.
• Right to object: object to the processing of your data.
• Right to restriction: restrict processing in certain cases.
• Right to withdraw consent: at any time, without affecting the lawfulness of prior processing.

To exercise your rights, send an email to [email protected] with the subject "GDPR Request". We will respond within 30 days maximum.

10. Complaints

If you believe that the processing of your data does not comply with regulations, you may file a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés), the French data protection authority:

• Website: www.cnil.fr
• Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07

11. Data security

We implement the following technical and organizational measures:

• HTTPS/TLS encryption on all communications.
• Database encrypted at rest (Cloudflare D1).
• Restricted data access (principle of least privilege).
• Brute-force attack protection (rate limiting).
• Cryptographic verification of payment webhooks.
• No banking data stored on our servers.

12. Minors

This service is intended for individuals aged 16 and over. We do not knowingly collect data from minors under 16. If you are a parent and believe your child has used this service, contact us for deletion.

13. Changes

This policy may be updated. In case of a substantial change, a notice will be displayed on the site. The last updated date at the top of this page prevails.