Privacy Policy

v3.02026-04-28

Data Controller

The data controller is NAYAVADA, a French simplified joint-stock company, publisher of the Sqant platform, registered under SIRET number 105 183 297 00016, with its registered office at 47 rue Vivienne, 75002 Paris, France.

For any questions regarding the protection of your personal data, you may contact NAYAVADA by contacting us directly.

Data We Collect

NAYAVADA collects the following categories of data depending on the context of use.

Account Data

When you create an account: name, email address, encrypted password. This data is necessary to provide the Service.

Payment Data

When you purchase credits: payment data is collected and processed exclusively by Stripe. NAYAVADA does not store any credit card data.

Usage Data

When you use the Service: conversation content (inputs and outputs), uploaded files, session metadata (timestamps, mode used, language selected).

You agree to anonymise any documents you submit to the Service. Before submitting a document containing third-party personal data, you must replace them with pseudonyms. Content submitted to the Service is transmitted to LLM Providers in isolation: it is neither stored nor reused by these providers beyond the immediate processing of the request. NAYAVADA retains conversations in accordance with the retention periods described in Section 5. You bear sole responsibility if you submit third-party personal data without anonymisation.

The Service may generate non-invertible numerical vectors from exchanges to improve conversational continuity. These vectors contain no personal data and cannot be used to reconstruct conversation content. You may request their deletion at any time.

Technical Data

Data automatically transmitted by your browser: IP address, browser type, operating system, pages visited. This data is used exclusively for the operation and security of the Service.

Purposes and Legal Bases

Each processing activity relies on a legal basis in accordance with the General Data Protection Regulation (GDPR).

Performance of Contract

The provision of the Service, user account management, conversation processing, billing, and technical support are based on the performance of the contract between you and NAYAVADA (Article 6(1)(b) GDPR).

Legitimate Interest

The security of the Service and prevention of abuse are based on NAYAVADA's legitimate interest (Article 6(1)(f) GDPR).

Legal Obligation

The retention of certain data for evidentiary purposes, tax compliance, or in response to lawful government requests is based on NAYAVADA's legal obligations (Article 6(1)(c) GDPR).

No Model Training

No user data is used to train any artificial intelligence model. Neither NAYAVADA nor its LLM Providers retrain their models on user data. This is a contractual commitment.

Cookies

NAYAVADA uses only technical cookies strictly necessary for Service operation: session authentication and user preferences.

NAYAVADA does not use any advertising cookies, tracking cookies, or third-party analytics tools.

Data Retention

Retention periods vary by data category and account status.

Conversations

Conversations are retained according to their status. Standard conversations (not marked as favourites and not filed in a folder) are automatically deleted after 90 days of inactivity. Conversations marked as favourites or filed in a folder are retained for 365 days of inactivity, then automatically deleted. The inactivity date corresponds to the last modification of the conversation. You may manually delete your conversations at any time from the interface.

An automated daily purge deletes conversations whose retention period has expired. You may export your conversations in Markdown format and manually delete any conversation immediately and irreversibly at any time.

Account Data

Account data is retained for the duration of your use of the Service. Upon account deletion, personal data is deleted within thirty (30) days, except where retention is required by law.

Inactive Accounts

An account with no credits and no activity is retained for twelve (12) months, then permanently deleted. You will be notified at least thirty (30) days before deletion.

Subprocessors and Data Sharing

NAYAVADA uses specialised subprocessors to provide the Service. No subprocessor uses your data to train its models.

Language Model Providers

Processing of requests by language models. Location: United States and European Union. No retraining on user data. Transfers to the United States are governed by standard contractual clauses (SCCs) adopted by the European Commission.

Data Hosting

Hosting of account data and conversations. Location: European Union. AES-256 encryption at rest, TLS in transit.

Application Hosting

Web application hosting. Serverless functions configured in the European Union. DDoS protection may involve temporary transit through the United States (IP address only).

Payment

Credit card payment processing by a third-party payment processor. NAYAVADA does not store any credit card data.

No Sale of Data

NAYAVADA does not sell, rent, or share any personal data with third parties for commercial, advertising, or profiling purposes.

International Data Transfers

Certain subprocessors are located in the United States: language model providers and, occasionally, the application host (DDoS protection, IP address only).

These transfers are governed by standard contractual clauses (SCCs) adopted by the European Commission, in accordance with Article 46(2)(c) GDPR.

Your Rights

Under the GDPR, you have the following rights regarding your personal data.

Find your national data protection authority

Right of Access

You may obtain confirmation that your personal data is being processed and receive a copy.

Right of Rectification

You may request the correction of inaccurate or incomplete data.

Right to Erasure

You may request the deletion of your personal data. Account deletion takes effect within thirty (30) days.

Right to Data Portability

You may request to receive your data in a structured, commonly used, and machine-readable format. Conversation export is available in Markdown format from the Service.

Right to Object

You may object to the processing of your data based on legitimate interest.

Right to Restriction

You may request the restriction of processing of your data in the cases provided by Article 18 GDPR.

Exercising Your Rights

To exercise your rights, contact NAYAVADA by contacting us directly. NAYAVADA will respond within thirty (30) days. In the case of complex requests, this period may be extended by two months, with prior notification.

If you believe your rights have not been respected, you may lodge a complaint with the data protection authority in your country of residence.

Security

NAYAVADA implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. These measures include encryption of data at rest (AES-256) and in transit (TLS), secure authentication, and role-based access control.

In the event of a personal data breach likely to result in a risk to your rights and freedoms, NAYAVADA will notify the competent data protection authority within seventy-two (72) hours and inform affected individuals without undue delay, in accordance with Articles 33 and 34 GDPR.

Changes to This Privacy Policy

NAYAVADA reserves the right to modify this Privacy Policy. In the event of a material change, you will be notified at least thirty (30) days before the change takes effect, through an in-app notification and, for account holders, by email to the address associated with your account.

If you disagree with the changes, you may close your account by contacting us directly before the effective date. Your continued use of the Service after the effective date constitutes acceptance.

The current version is always available on the Sqant website.

Voir les Conditions Générales →