Privacy policy
Last update: 15/07/2025
1. Introduction
The purpose of this privacy policy is to provide clear, transparent and precise information on the way in which the company Scintiaa simplified joint stock company with share capital of €3,000, registered with the Lyon Trade and Companies Register under number 930 581 749 and domiciled at 3 rue de Genève, 69006 Lyon, processes personal data as part of the operation of its website and SaaS platform.
Scintia attaches particular importance to the protection of privacy, data security and compliance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679) and applicable French data protection legislation.
This policy specifies :
- The data collected and processed by Scintia ;
- The purposes and legal bases of this processing;
- The rights of data subjects;
- The commitments made by Scintia to guarantee data confidentiality and security.
This policy applies to all data processing carried out in the context of :
- Browsing the scintia.ai website;
- The use of services offered via the Scintia SaaS platform by professional customers;
- Access to the platform's interfaces by end users created by customers (agents, managers, supervisors, etc.).
If you have any questions about this policy or how to exercise your rights, please contact our RGPD representative at the following address: privacy@scintia.ai.
2. Who is affected by this policy?
This privacy policy applies to all persons whose personal data is collected or processed by Scintia, in the following contexts:
a) Visitors to the scintia.ai website
These are the people consulting the website, whether they are simply visitors or users interacting via a form (contact, demo, newsletter).
The data concerned includes
Information entered in forms (surname, first name, email, message)
Technical navigation data (IP address, cookies, browser type, pages visited, etc.)
b) Platform customers Scintia (SaaS users)
These are companies or professionals who have taken out a subscription or created a user account on the SaaS platform.
These customers can access different modules (Developer Panel, Business Panel, Closing Panel, Manager Panel).
The data processed may include :
Customer identification information (name, company, email, telephone, billing information)
Platform usage data (settings, call history, AI agent configuration, transcripts, recordings if activated)
c) Users created by customers
Scintia customers can create accounts for their own employees (human agents, supervisors, managers, etc.). These users have access to certain secure interfaces on the platform.
The data concerned generally includes :
Surname, first name, business e-mail address, business telephone number
Role or access level within the client organisation
Activity data linked to their use of the platform (calls, actions, files, internal tickets)
In this context, Scintia acts as subcontractor data on behalf of its professional customers, in accordance with article 28 of the RGPD.
3. What data are collected?
Scintia collects only the data necessary for the proper operation of its website, its SaaS platform and the provision of its services. This data varies according to your status (visitor, customer, end user) and your level of interaction with the tools offered.
a) Data collected on the scintia.ai website
When you browse the website or fill in a form, Scintia may collect the following information:
Identifying information: surname, first name, e-mail address, company, telephone number, business sector, etc.
Data sent via contact or demo request forms
Technical browsing data: IP address, type of device, type of browser, pages visited, browsing time, etc.
Data from cookies: user preferences, audience measurement (Google Analytics, Pixel Meta)
b) Data collected when using the SaaS platform (business customers)
When you create an account on the platform or use one of the modules, the following data may be collected:
Account information: surname, first name, company, job title, professional e-mail address, telephone number
Service configuration data: creation of AI agents, prompts, activation times, allocated numbers, etc.
Call data: caller number, date and time, duration, status (answered/unanswered)
Call content: audio recordings (if enabled), transcripts, summaries, extracted keywords
Billing information: payment method, transaction information via Stripe, payment schedule, etc.
Technical data: connection logs, usage history, errors encountered, etc.
c) Data concerning users created by customers
Customers can create accounts for their internal staff (agents, managers, supervisors) on the platform. For these users, Scintia collects :
Identification details: surname, first name, professional email address, telephone number
Role and level of access to the platform
Usage data: actions carried out on the platform, calls handled, tickets opened or closed, performance (where applicable)
Voice or transcribed data if the user is associated with an AI agent
Scintia only processes this data in the name and on behalf of its professional clients, within the strict framework of the functionalities offered by the platform.
4. Why these data collected
Scintia collects and processes personal data only for specific, explicit and legitimate purposes. These purposes vary according to the type of user and the use of the site or platform.
a) For visitors to the scintia.ai website
Data collected via forms or cookies is used for the following purposes:
Responding to contact or demo requests
Managing pre-contractual information requests
Measure the site's audience and improve its ergonomics
Personalise the content displayed and improve the user experience
Ensure the security of the site and prevent abuse or attempted fraud
b) For customers using the SaaS platform
The data collected during registration or use of the platform is necessary for :
Create and manage customer accounts
Configure subscribed services (AI agents, numbers, call scenarios)
Ensure the commissioning and smooth operation of the proposed functionalities
Monitor the performance of voice or human agents
Generating calls, transcribing exchanges, analysing sentiments or keywords
Monitoring support tickets and customer relations
Manage invoicing, subscriptions, payments and any overruns
c) For users created by customers
The data of internal users created by client companies is processed for :
Give them access to their business panel area
Manage their role, actions and traceability on the platform
Facilitate supervision by the client company's internal managers
Monitor usage statistics, performance and operational activity
Record or transcribe their calls if the functionality is activated by the customer
In this context, Scintia acts as a subcontractor, in accordance with Article 28 of the RGPD. The customer remains solely responsible for the lawfulness of the collection of user data that it creates.
5. What is the legal basis for this processing?
In accordance with the General Data Protection Regulation (GDPR), each processing of personal data carried out by Scintia has a clearly identified legal basis.
a) Consent (article 6.1.a of the RGPD)
Certain data are only collected with your express consent, in particular :
Sending a contact or demo form
Subscription to commercial communications (if offered)
Depositing non-essential cookies (audience measurement cookies, targeted advertising)
Activation of call recording (option activated by the end customer)
You can withdraw your consent at any time by contacting us or by changing your preferences (for cookies).
b) Performance of the contract (Article 6.1.b of the RGPD)
When you are a customer of the Scintia platform, the majority of processing operations are necessary for the performance of the contract concluded between you and Scintia. This concerns in particular:
Creating and managing your account
Configuring AI agents and associated services
Handling calls, transcripts and recordings
Access to panels, ticket tracking and number management
Billing, paying subscriptions, calculating overruns
c) Legitimate interest (Article 6.1.f of the RGPD)
Scintia may also process certain data on the basis of its legitimate interests, in particular in order to :
Ensuring the security of its systems and data
Preventing fraud and misuse
Improve the performance and reliability of the platform
Carry out anonymised statistical analyses for the purposes of continuous improvement
Monitor the performance of agents (AI or human) for optimisation purposes
In this context, Scintia always strives to strike a fair balance between its interests and the rights and freedoms of data subjects.
d) Legal obligation (article 6.1.c of the RGPD)
Lastly, certain data may be retained or processed in order to comply with legal obligations, in particular :
To respond to requests from judicial or administrative authorities
To comply with accounting and tax obligations
To manage the rights of data subjects (proof of consent, deletion, opposition, etc.)
6. With which do we share data?
Personal data processed by Scintia is used exclusively in connection with the services offered. It may be shared with internal recipients or technical subcontractors only in cases where this is necessary for the proper performance of the contract, the security of the platform or compliance with a legal obligation.
Scintia never sells, resells or transfers your personal data to third parties for advertising or unjustified purposes.
a) Internal recipients
The data are accessible, within the limits of their respective missions, to the following teams:
Technical team: to host, support and maintain services.
Customer support team: for handling support requests and managing tickets.
Scintia's internal sales team: to manage customer relations and monitor subscriptions (via the Closing Panel, reserved for internal sales staff only).
b) Technical sub-contractors
Scintia uses specialist third-party service providers to provide certain essential functions. These subcontractors act solely on Scintia's instructions, are governed by RGPD-compliant subcontracting agreements (DPA), and undertake not to process data for any other purpose.
Here are the main subcontractors used:
Service provider | Purpose of processing | Data localisation |
Twilio | Provision of telephone call services (inbound and outbound) | European Union or United States (under standard contractual clauses) |
OpenAI | Real-time call processing (transcription, sentiment analysis, keyword detection) | Instant processing, no storage - United States |
Stripe | Online payment, subscription management, payment schedules, reminders | European Union or United States (with DPA and RGPD compliance) |
n8n | Automating workflows between departments (internal and external) | Hosted and secured by Scintia in an RGPD-compliant environment |
NeonDB | Main PostgreSQL database | Data centres located in the European Union |
Microsoft Azure | Backup and complementary cloud infrastructure | European region |
Google (Analytics / reCAPTCHA) | Audience measurement, anti-bot protection (website only) | Pseudonymised data - consent required via cookie banner |
A complete, up-to-date list of subcontractors is available on request from privacy@scintia.ai.
A complete, up-to-date list of subcontractors is available on request from privacy@scintia.ai.
c) Transmission to third parties
Personal data is never passed on to third parties except in the following cases:
Legal or regulatory obligation, such as a request from an authorised judicial or administrative authority;
In the event of a proven legitimate interest in fraud prevention or the management of a major security incident;
At the express request of the data subject or with his/her clear consent.
7. How much from How long is the data kept?
Scintia keeps personal data only for as long as is strictly necessary for the purposes for which it was collected and in accordance with applicable legal and regulatory obligations.
The retention period varies according to the nature of the data and the profile of the user concerned.
a) Website visitor data
Type of data | Shelf life |
Data entered via contact or demo forms | 12 months from the last incoming contact |
Browsing data (cookies) | 13 months maximum (see cookies policy) |
b) Customer data (SaaS users)
Type of data | Shelf life |
Account details (identity, company, email, role) | As long as the account is active + 3 years after deletion (for evidential purposes) |
Billing and payment data (Stripe) | 10 years (accounting obligation) |
Configuration data (AI agents, schedules, prompts, scenarios) | For as long as the customer uses the platform or until manually deleted |
Call data: metadata (duration, number, status) | 24 months |
Call data: audio recordings (if activated) | Until manually deleted by the customer (no automatic deletion unless indicated) |
Data transcribed or analysed by AI | Identical to the retention period for corresponding calls |
c) Data on users created by customers (agents, supervisors, etc.)
Type of data | Shelf life |
Identification data (name, email, telephone, role) | As long as the account linked to the customer is active |
Activity data (logs, actions, calls handled) | 24 months |
Voice or transcribed data | Identical to recorded or transcribed calls, depending on customer settings |
d) Technical data (logs, errors, diagnostics)
Type of data | Shelf life |
Security and connection logs | 6 months |
Application and technical logs | 3 months (can be extended in the event of an incident) |
Scintia applies a system of regular automated purging or manual storage of the data at the end of these periods, unless their retention is necessary for the purposes of proof, compliance or the resolution of a dispute.
8. What are your rights?
In accordance with the General Data Protection Regulation (GDPR), any person concerned by the processing of personal data has the following rights, which they may exercise at any time with Scintia.
a) Right of access
You are entitled to :
- Confirmation that your data will be processed by Scintia;
- Access to your personal data;
- A copy of the data stored.
b) Right of rectification
If you find that your data is inaccurate, incomplete or out of date, you can ask for it to be corrected or completed.
c) Right to erasure (right to be forgotten)
You may request the deletion of your personal data in the cases provided for by the GDPR, in particular if:
- The data are no longer necessary for the purposes for which they were collected;
- You withdraw your consent;
- You object to the processing and there are no compelling legitimate grounds for continuing it.
Certain data may be retained to comply with legal obligations (e.g. accounting retention).
d) Right to limit processing
You may request the temporary suspension of the processing of your data if you dispute its accuracy, if the processing is unlawful, or if you object to it pending verification of legitimate grounds.
e) Right to object
You may object at any time, for reasons relating to your particular situation, to processing based on Scintia's legitimate interests.
In the case of processing for canvassing purposes (e.g. emailings, commercial reminders), this right is absolute.
f) Right to portability
You may request to receive the personal data you have provided to Scintia, in a structured, commonly used and machine-readable format, in order to transfer it to another service provider.
g) Right to withdraw your consent
Where processing is based on your consent, you may withdraw it at any time, without this calling into question the lawfulness of the processing carried out prior to the withdrawal.
h) Right to lodge a complaint with the CNIL
If you feel that your rights are not being respected or that a processing operation is not complying with the regulations, you can submit a complaint to the competent supervisory authority:
CNIL - Commission Nationale de l'Informatique et des Libertés (French Data Protection Authority)
www.cnil.fr
Complaints department
3 Place de Fontenoy - TSA 80715 - 75334 Paris Cedex 0
i) Exercising your rights
To exercise your rights, you can send us a request by email to :
privacy@scintia.ai
Proof of identity may be requested if there is reasonable doubt about your identity.
Scintia undertakes to respond to your request within one month of receipt. This period may be extended by two months in the event of a complex or large number of requests.
9. Cookies and plotters
When you browse the scintia.ai website, cookies or similar technologies may be used to ensure that the site functions properly, to improve the user experience and to measure the audience.
In accordance with current regulations, non-essential cookies (particularly those used for audience measurement or personalisation) are only stored with your consent, which is obtained via an information banner on your first visit.
You can manage your cookie preferences or withdraw your consent at any time by accessing our cookie management module.
For more information on the types of cookies used, how long they are stored and how to configure them, please consult our Cookie Policy.
10. Safety, setting update and contact
a) Data security
Scintia implements rigorous technical, organisational and software measures to guarantee the confidentiality, integrity and availability of personal data processed.
These measures include
- Encryption of sensitive data at rest and in transit ;
- Strong authentication (2FA) for all internal access;
- Partitioning user environments and roles ;
- Secure daily backups, with sliding retention ;
An incident register is kept and a data breach management plan activated in the event of a proven breach. Access to data is strictly limited to authorised and trained personnel, who are bound by an obligation of confidentiality.
Scintia also carries out regular audits of its systems to anticipate and correct any vulnerabilities.
b) Updating the policy
This policy may be amended at any time, in particular to take account of :
- Legislative or regulatory changes;
- Changes to the services on offer;
- Additions or deletions of technical subcontractors;
- Feedback from the CNIL or internal audits.
The date of the last update is shown at the top of the document.
In the event of a substantial change affecting your rights or the purposes of processing, you will be informed by email or directly via the Scintia platform.
c) Contact
If you have any questions about this policy or wish to exercise your rights, you can contact us at :
- By email: privacy@scintia.ai
- By post: SCINTIA SAS, 3 rue de Genève, 69006 Lyon, France
Focus on your core business, Scintia takes care of the rest.
Contact us today to find out how Scintia can transform your telephone reception.
Scintia
Services
Legals
Copyright @2025 , scintia.aiAll rights reserved.
