Privacy Policy

Last updated: February 10, 2026

1. Purpose and Scope

This privacy policy aims to inform users of Scribarius services about the collection, processing, retention, and protection of their personal data in accordance with the General Data Protection Regulation (GDPR). Scribarius is committed to protecting user privacy and ensuring the security of their personal data, in compliance with applicable regulations.

This policy applies to all data collected through our websites, applications, services, as well as commercial and technical interactions related to Scribarius.

It supplements the Terms of Service and the Terms of Sale, which govern access to and use of the services.

2. Acceptance of the Policy

By using Scribarius services, you acknowledge that you have read, understood, and unconditionally accepted this privacy policy. If you do not accept it, please do not use our services.

3. Data Controller

4. What Data Do We Collect and Where Does It Come From?

Types of Personal Data Collected

We collect personal data necessary to provide our services, including:

  • Identifiers (name, surname, email address, phone number)
  • User account data (language, preferences, status)
  • Technical data (IP addresses, logs, device identifiers)
  • Payment data (no banking information is stored by Scribarius)
  • Interaction data (forms, communications with support)

Automatically Collected Data

Certain technical data is automatically collected to ensure security and optimize the user experience (cookies, logs, IP addresses).

User-Provided Data

The data collected comes from registration forms, contact forms, and interactions through Scribarius services. It also includes information exchanged in the context of business relationships and customer support.

Google Data and Google Workspace APIs

Scribarius limits the collection and storage of data from your Google account to only the information essential for the operation and improvement of the services offered. This data is never used to train or develop general-purpose artificial intelligence models without your explicit consent.

Regarding Google Workspace APIs, their use is strictly limited to enabling customized features for your account, within the framework of an optimized user experience, while respecting confidentiality commitments.

Furthermore, when a transfer of your Google data to third-party artificial intelligence solutions is necessary, this transfer is exclusively intended to execute the services you have requested. It is never used to feed or improve general or non-specific AI models.

5. For What Purposes Do We Use Your Personal Data?

Data is used to:

  • Manage user accounts and provide subscribed services
  • Communicate with users (support, notifications)
  • Personalize and improve our services
  • Comply with our legal and tax obligations
  • Ensure security and fraud prevention

6. On What Legal Bases Do We Process Your Personal Data?

Data processing is based on:

  • Explicit user consent
  • Performance of the contract (service provision)
  • Legal obligations
  • Legitimate interest for security and service improvement

7. Where Is Your Data Hosted and Is It Transferred to Third Parties?

Scribarius hosts all user data exclusively in France, with French providers, to ensure a high level of security, sovereignty, and GDPR compliance. When selecting its providers, Scribarius systematically prioritizes French companies. Failing that, European providers are chosen to ensure equivalent data protection.

Certain essential features such as integrations with Gmail or Outlook, audience measurement (Google Analytics), or payments via Stripe rely on third-party services that may involve processing outside the European Union. Such processing is limited to what is strictly necessary to provide the expected services, and any transfers are governed by Standard Contractual Clauses (SCCs) or other safeguards recognized by the European Commission.

Scribarius does not share any personal data with third parties for marketing, advertising, or commercial purposes, unless explicit consent is given. Apart from cases strictly necessary for the operation of the service, no transfers to non-European entities are made.

8. How Long Do We Retain Your Personal Data?

Data is retained according to the following criteria:

  • Personal data: for the duration necessary to provide the service
  • Payment and accounting data: 10 years in accordance with tax legislation
  • Technical data: limited to the duration of the security or functional purpose

User accounts are deleted after 6 months of inactivity. An alert is sent to the user after 5 months of inactivity, giving them one month to log back in to cancel the deletion. During this 30-day period, the user may also request the export of their data before deletion.

9. What Are Your Rights Regarding Your Personal Data?

Users have the following rights regarding their data:

  • Access, rectification, and erasure
  • Objection and restriction of processing
  • Data portability
  • Withdrawal of consent at any time
  • Right to file a complaint with the CNIL (French Data Protection Authority)

10. How Do We Ensure the Security of Your Data?

Technical and organizational measures are implemented to ensure the confidentiality and security of data. Access is strictly limited to authorized personnel.

11. What Is Our Policy on Cookies and Similar Technologies?

Scribarius uses localStorage to ensure the proper functioning of its services, including managing session persistence, display preferences, and certain technical information related to the user's device.

With your explicit consent, we collect anonymized data on platform usage. This data allows us to improve our services and adapt our offering to user needs. You may refuse or withdraw your consent at any time without affecting the essential features of the platform.

12. How Do We Inform You of Changes?

Any changes to this privacy policy will be communicated to users via an update on this page. The most recent version will always be available on our website.

13. Applicable Law and Jurisdiction

This privacy policy is governed by French law. Any dispute relating to the collection, processing, or protection of users' personal data shall be subject to the exclusive jurisdiction of the competent courts of Île-de-France.

14. How to Contact Us About Your Personal Data?

For any questions or to exercise your rights regarding your personal data, please contact our Data Protection Officer (DPO) at the contact details provided in the "Data Controller" section.