Privacy Policy
Last updated: 2026-05-26
1. Data Controller
The controller of the personal data collected through this site is nuance.
For any question regarding your personal data: contact@example.com.
Remember to replace this address with your actual contact address before going live.
2. Data Collected and Purposes
The personal data collected depends on the features you use. The exhaustive list is in the Subprocessors section below, where each recipient indicates precisely what data they process and for what purpose.
3. Legal Basis for Processing
The processing of your data relies on one of the legal bases set out in Article 6 of the GDPR depending on the context: contract performance, legitimate interest, consent, or legal obligation.
4. Subprocessors and Recipients
To provide this service, we work with third-party subprocessors. Each subprocessor only handles the data strictly required for their task, under a contract compliant with Article 28 of the GDPR.
Vercel Inc.
440 N Barranca Ave #4133, Covina, CA 91723, USA
- Purpose
- Hosting and serverless function execution (Frankfurt region - fra1)
- Data processed
- IP addresses
- Server logs
- Session cookies
- Retention
- 30 days for logs
- Legal basis
- Legitimate interest (Art. 6.1.f GDPR)
- Transfer / details
- Standard Contractual Clauses (SCC). Functions run in the EU (Frankfurt) but legal entity is US-based
- More info
- Privacy policyData Processing Agreement (DPA)
Databricks, Inc. (Neon)
160 Spear Street, 13th Floor, San Francisco, CA 94105, USA
- Purpose
- PostgreSQL database hosting
- Data processed
- All application data stored in the database
- Retention
- Account lifetime (deletion on request)
- Legal basis
- Contract performance (Art. 6.1.b GDPR)
- Transfer / details
- Standard Contractual Clauses (SCC). Database region configurable (eu-central-1 available)
- More info
- Privacy policyData Processing Agreement (DPA)
Resend Inc.
2261 Market Street #4667, San Francisco, CA 94114, USA
- Purpose
- Transactional email delivery
- Data processed
- Recipient email
- Content of sent emails
- Retention
- 30 days for delivery logs
- Legal basis
- Contract performance / legitimate interest
- Transfer / details
- Standard Contractual Clauses (SCC)
- More info
- Privacy policyData Processing Agreement (DPA)
Stripe Payments Europe, Limited
1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Irlande
- Purpose
- Card payment processing
- Data processed
- Name
- Billing address
- Payment information (card numbers never transit through our server, entered directly with Stripe)
- Retention
- Legal accounting period (10 years in France)
- Legal basis
- Contract performance (Art. 6.1.b GDPR) + legal obligation (Art. 6.1.c)
- Transfer / details
- Technical data may be transferred to Stripe, Inc. (USA) via Standard Contractual Clauses
- More info
- Privacy policyData Processing Agreement (DPA)
Cloudflare, Inc.
101 Townsend Street, San Francisco, CA 94107, USA
- Purpose
- File storage and distribution (uploaded binary objects)
- Data processed
- User-uploaded files
- Metadata (name, MIME type, size)
- Retention
- Account lifetime (deletion on request)
- Legal basis
- Contract performance (Art. 6.1.b GDPR)
- Transfer / details
- Standard Contractual Clauses (SCC)
- More info
- Privacy policy
Google Ireland Limited (Google Analytics)
Gordon House, Barrow Street, Dublin 4, Irlande
- Purpose
- Detailed audience measurement (with consent)
- Data processed
- Pages visited
- Session duration
- Traffic source
- Anonymized demographic data
- Anonymized IP address
- Retention
- 14 months by default (configurable)
- Legal basis
- Consent (Art. 6.1.a GDPR), gated by the cookie banner
- Transfer / details
- Possible transfers to Google LLC (USA) via Standard Contractual Clauses
- More info
- Privacy policy
Anthropic PBC
548 Market Street #84749, San Francisco, CA 94104, USA
- Purpose
- AI inference (Claude models) for autonomous agent features
- Data processed
- Varies by agent context. See documentation of each configured agent
- Retention
- 30 days on the Anthropic side (unless opted out)
- Legal basis
- Contract performance / legitimate interest / consent (depending on context)
- Transfer / details
- Standard Contractual Clauses (SCC)
- More info
- Privacy policyData Processing Agreement (DPA)
5. Your Rights
Under the GDPR, you have the following rights over your data:
- Right of access and rectification
- Right to erasure (right to be forgotten)
- Right to data portability
- Right to object and to restrict processing
- Right to withdraw your consent at any time (when processing is based on consent)
- Right to lodge a complaint with the CNIL (cnil.fr) or any other competent authority
To exercise your rights: contact@example.com. We commit to responding within a maximum of one month.
6. Cookies
By default, this site only uses cookies strictly necessary for its operation (session, preferences). No advertising or profiling cookie is set without your explicit consent.
If an audience analytics feature requiring consent is enabled (for example Google Analytics), a consent banner is displayed before any non-essential cookie is set.
7. Modifications
This policy may be updated to reflect changes to the services and subprocessors used. The last update date is shown at the top of this page. Substantial changes will be notified by email to registered account holders.