1. Data controller
The data controller is Rapidsend ,Inc Coporate, 651 N Broad St,Suite 206, 19709 Pontoise, United State.
For any question related to personal data or to exercise your rights, contact: [email protected].
2. Categories of personal data we process
- Account data: first and last name, email address, hashed password, language, time zone.
- Billing data: company name, billing address, intra-community VAT number (for B2B), payment identifier returned by our payment processor. We do not store full payment-card numbers on our servers.
- Usage data: pages visited, features used, number of generations, credits consumed, browser user-agent, IP address, technical error logs.
- Content data: prompts / inputs you submit to AI tools and outputs returned to you.
- Support data: the content of tickets and emails you send us.
3. Purposes and legal basis
- Providing the Service and managing your account — legal basis: performance of the contract (Art. 6(1)(b) GDPR).
- Processing payments, invoicing, and preventing fraud — legal basis: performance of the contract and legitimate interest (Art. 6(1)(b) and (f)).
- Sending service communications (billing notices, security alerts, product changes) — legal basis: performance of the contract and legitimate interest.
- Providing customer support — legal basis: performance of the contract.
- Measuring usage to improve the Service (aggregated analytics) — legal basis: legitimate interest.
- Complying with legal obligations (accounting, tax, requests from authorities) — legal basis: legal obligation (Art. 6(1)(c)).
- Marketing emails about our own services, only with your prior consent — legal basis: consent (Art. 6(1)(a)).
4. Recipients and sub-processors
We rely on a limited set of vetted service providers, acting as sub-processors on our behalf, to operate the Service:
- Hosting & infrastructure: LWS (14 Rue la grigonne , Paris France) — hosting of the website and the application.
- Email delivery: [email provider — to be completed].
- Payment processing: [Stripe / other PCI-compliant processor — to be completed].
- AI model providers (via OpenRouter, Inc.): OpenAI, L.L.C. (United States) for text generation; Google LLC (United States) for image and text generation. Prompts you submit are transmitted to these providers so they can return generated outputs.
- Customer support tooling: in-app only — no external helpdesk SaaS is used.
5. International transfers
Some of our sub-processors are located outside the European Economic Area, in particular in the United States. Where that is the case, transfers are framed by appropriate safeguards, including the Standard Contractual Clauses adopted by the European Commission and, where applicable, complementary technical and organisational measures.
On request, we can provide reasonable information about the safeguards in place for a specific transfer.
6. Retention periods
- Account data: for the duration of the account, then up to 3 years after the last activity, before anonymisation or deletion.
- Billing and accounting data: 10 years, in accordance with French accounting and tax obligations.
- Content data (prompts and outputs): according to the retention window of your plan, which you can shorten or extend via your account settings. Items you delete are removed from active systems within 30 days.
- Support data: up to 3 years after the last exchange.
- Technical logs: up to 12 months.
- Marketing consents: until withdrawal, and up to 3 years from the last interaction for documentation purposes.
7. Your rights
You have the following rights regarding your personal data, in the conditions set by applicable law: right of access, right of rectification, right of erasure, right to restrict processing, right to data portability, right to object, right not to be subject to a decision based solely on automated processing, and right to withdraw your consent at any time for processing based on consent.
You can exercise these rights at any time by contacting [email protected]. We may ask for elements allowing us to verify your identity.
You also have the right to lodge a complaint with the French data protection authority (Commission Nationale de l'Informatique et des Libertés — CNIL, 3 Place de Fontenoy, 75007 Paris, www.cnil.fr) or with the supervisory authority of your country of residence.
8. Security
We apply reasonable technical and organisational measures to protect personal data, including encryption in transit (HTTPS/TLS), restricted access for staff, security updates, logging, and vetted sub-processors bound by contractual obligations. No system is perfectly secure; in case of a personal-data breach likely to result in a risk to individuals, we notify the CNIL within 72 hours and — where required — inform affected individuals.
9. Cookies
Our website uses a limited set of cookies and similar technologies. See our Cookie Policy for details and for managing your preferences.
10. Automated decision-making
We do not take decisions producing legal or similarly significant effects on individuals based solely on automated processing within the meaning of Article 22 GDPR. The content generation itself is automated, but it is a drafting tool; it does not take decisions about you.
11. Children
The Service is intended for professionals and adult users. It is not directed to minors, and we do not knowingly collect personal data from minors.
12. Changes
We may update this Privacy Policy. Material changes will be notified by email or through an in-app message before taking effect.
13. Contact
Data-protection contact: [email protected]. Postal: Rapidsend ,Inc Coporate, 651 N Broad St,Suite 206, 19709 Pontoise, United State.