Privacy Policy

    Last updated: February 12, 2026

    1. Introduction

    CBlindspot SAS ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use the CBlindspot.ai platform (the "Platform"). This policy complies with the General Data Protection Regulation (GDPR) and applicable French data protection laws.

    2. Data Controller

    The data controller is CBlindspot SAS, registered in France. For data protection inquiries, contact our Data Protection Officer at dpo@cblindspot.ai.

    3. Data We Collect

    We collect the following categories of personal data:

    3.1 Information You Provide

    • Account data: Professional email address, name, company name, job title.
    • Profile data: Preferences, watchlists, saved comparisons, and decision workspace configurations.
    • Communication data: Messages sent through demo requests, contact forms, or expert consultation requests.
    • Payment data: Billing information processed through our third-party payment provider (Stripe). We do not store full payment card details.

    3.2 Information Collected Automatically

    • Usage data: Pages visited, features used, search queries, comparison history, and interaction patterns.
    • Device data: Browser type, operating system, IP address, and device identifiers.
    • Cookies: Session cookies, authentication tokens, and analytics cookies (see Section 8).

    4. Legal Basis for Processing

    We process your data based on the following legal grounds under GDPR Article 6:

    • Contract performance: To provide and manage your account and subscription services.
    • Legitimate interest: To improve the Platform, conduct analytics, and provide personalized recommendations.
    • Consent: For marketing communications and non-essential cookies.
    • Legal obligation: To comply with applicable laws and regulations.

    5. How We Use Your Data

    • To provide, maintain, and improve the Platform and its features.
    • To personalize your experience, including vendor recommendations and market insights.
    • To process subscriptions and payments.
    • To communicate service updates, security alerts, and support messages.
    • To generate aggregated, anonymized analytics and market intelligence reports.
    • To detect and prevent fraud, abuse, and security threats.

    6. Data Sharing

    We do not sell your personal data. We may share data with:

    • Service providers: Hosting (cloud infrastructure), payment processing (Stripe), email delivery, and analytics providers, all bound by data processing agreements.
    • Expert network: When you request expert evaluations, limited contact and project information may be shared with vetted experts under confidentiality agreements.
    • Legal requirements: When required by law, regulation, or legal process.

    7. Data Retention

    We retain your personal data for the duration of your account plus 3 years after deletion for legal and audit purposes. Usage analytics are anonymized after 24 months. You may request earlier deletion subject to our legal obligations.

    8. Cookies

    We use the following types of cookies:

    • Essential cookies: Required for authentication and core functionality. Cannot be disabled.
    • Analytics cookies: Help us understand Platform usage. Can be disabled in your browser settings.
    • Preference cookies: Remember your settings such as theme and language preferences.

    9. Your Rights (GDPR)

    Under GDPR, you have the following rights:

    • Access: Request a copy of your personal data.
    • Rectification: Correct inaccurate or incomplete data.
    • Erasure: Request deletion of your data ("right to be forgotten").
    • Restriction: Restrict processing of your data in certain circumstances.
    • Portability: Receive your data in a structured, machine-readable format.
    • Objection: Object to processing based on legitimate interest or direct marketing.
    • Withdraw consent: Where processing is based on consent, withdraw at any time.

    To exercise these rights, contact us at dpo@cblindspot.ai. We will respond within 30 days.

    10. International Transfers

    Your data may be processed in countries within the European Economic Area (EEA). Any transfers outside the EEA are protected by Standard Contractual Clauses (SCCs) or an adequacy decision by the European Commission.

    11. Data Security

    We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest, access controls, regular security audits, and incident response procedures. Despite these measures, no system is completely secure, and we cannot guarantee absolute security.

    12. Changes to This Policy

    We may update this Privacy Policy periodically. Material changes will be communicated via email or Platform notification at least 30 days before taking effect. Continued use of the Platform after changes constitutes acceptance.

    13. Contact & Complaints

    For privacy inquiries: dpo@cblindspot.ai

    You also have the right to lodge a complaint with the French data protection authority (CNIL) at www.cnil.fr.