Privacy Policy

The data controller for personal data collected through the website skalp.ai and the SKALP AI service is:

SKALP AI
Legal form: [To be completed]
SIRET: [To be completed]
Registered office: Paris, France
Contact: contact@skalp.ai

In the course of providing our service and operating our website, SKALP AI may collect and process the following categories of personal data:

• Identification data: last name, first name, professional email address, company name, job title.
• Connection and usage data: connection logs, IP address, browsing data, submitted tickets, and interactions with the platform.
• Billing data: company billing details required for invoice issuance (excluding direct banking data).
• Ticket data:functional specifications, code snippets, and D365 F&O configurations submitted when using the service.

SKALP AI does not collect sensitive data as defined under Article 9 of the GDPR (health data, political opinions, biometric data, etc.).

Each processing activity relies on one of the following legal bases:

• Contract performance (Art. 6.1.b GDPR): processing necessary for account creation and management, service delivery, and billing.
• Legitimate interests (Art. 6.1.f GDPR): platform security management, fraud prevention, service improvement, and B2B commercial communications with professional prospects.
• Legal obligation (Art. 6.1.c GDPR): retention of accounting and tax data in accordance with French legal requirements.
• Consent (Art. 6.1.a GDPR): sending marketing communications where required by applicable law.

Collected data is used for the following purposes:

• Creation, management and security of user accounts.
• Provision of the D365 F&O automation service and processing of submitted tickets.
• Billing and payment management.
• Customer support and handling of assistance requests.
• Improvement and development of service features.
• Platform security, abuse and fraud prevention, and access logging.
• Communications relating to service updates, changes to contractual terms, and legal notices.
• Compliance with legal and regulatory obligations (accounting, tax).

Data is retained for the following periods:

• Account and usage data: for the duration of the contractual relationship, then 3 years from termination for commercial prospecting purposes, in line with CNIL (French data protection authority) recommendations.
• Billing data and accounting records: 10 years from the close of the relevant financial year, as required under the French Commercial Code.
• Connection logs and technical data: 12 months, in accordance with obligations under French digital trust legislation (LCEN).
• Ticket data: for the duration of the contract, then 30 days after termination to allow customer export, after which permanent deletion occurs.

Collected data is accessible to SKALP AI's internal teams and, to the strict extent necessary for service delivery, to the following sub-processors:

• Microsoft Azure (cloud infrastructure; application data hosted in datacenters located within the European Union).
• Cloudflare, Inc. (website hosting and anti-spam protection via Cloudflare Turnstile — see Cookies section).
• Any payment service provider, transactional email provider, or technical support provider contractually bound to SKALP AI by confidentiality and GDPR-compliant data protection clauses.

SKALP AI does not sell, rent, or transfer personal data to third parties for commercial purposes.

Where data is transferred outside the European Union (notably via Cloudflare, whose parent company is based in the United States), SKALP AI ensures that such transfers are governed by appropriate safeguards, in particular the Standard Contractual Clauses (SCCs) approved by the European Commission.

Under the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and the French Data Protection Act (loi Informatique et Libertés), you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR): obtain confirmation that data concerning you is being processed and receive a copy.
• Right to rectification (Art. 16 GDPR): have inaccurate or incomplete data corrected.
• Right to erasure (Art. 17 GDPR): request deletion of your data in cases provided for by the regulations.
• Right to restriction of processing (Art. 18 GDPR): request suspension of processing in certain circumstances.
• Right to data portability (Art. 20 GDPR): receive your data in a structured, machine-readable format and transmit it to another controller.
• Right to object (Art. 21 GDPR): object to processing based on legitimate interests, in particular for direct marketing purposes.
• Right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise any of these rights, send your request to contact@skalp.ai with your name and, where applicable, your account reference. SKALP AI will respond within one month of receipt (extendable to two months for complex requests).

If you believe your rights have not been respected, you may lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), 3 Place de Fontenoy — TSA 80715, 75334 Paris Cedex 07 — www.cnil.fr.

The skalp.ai website uses a limited number of cookies and trackers that are strictly necessary for its operation. No advertising or marketing tracking cookies are deployed.

Cloudflare Turnstile:Our contact and registration forms use the Cloudflare Turnstile service, an anti-spam verification tool. This service may place strictly necessary technical cookies to distinguish human users from automated bots. These cookies are not used for advertising tracking purposes. For more information, please see Cloudflare's privacy policy at cloudflare.com/privacypolicy.

Cookies that are strictly necessary for the service to function are exempt from prior consent requirements under applicable law.

SKALP AI implements appropriate technical and organisational measures to protect your personal data against loss, unauthorised access, disclosure, or accidental destruction, including:

• Encryption of data in transit (HTTPS/TLS) and at rest.
• Access control through authentication and permission management.
• Access logging and anomaly monitoring.
• Hosting of application data on Microsoft Azure infrastructure (ISO 27001 certified and GDPR-compliant), in datacenters located within the European Union.

Given the size and nature of our processing activities, SKALP AI is not formally required to appoint a Data Protection Officer (DPO) under Article 37 of the GDPR.

For any questions regarding the protection of your personal data, you may contact us at: contact@skalp.ai.

SKALP AI reserves the right to update this privacy policy at any time to reflect legal, regulatory, or service-related changes. In the event of material changes, account holders will be notified by email. The date of the last update is shown at the top of this document.

We encourage you to review this page regularly to stay informed of the applicable conditions governing the processing of your personal data.