Logo Deciris
DECIRIS
All legal documentsEffective: 12-02-2026

Privacy Policy

Official Deciris legal documents.

Privacy Policy

Last updated: 12/02/2026

1. Introduction

Welcome to Deciris. We respect your privacy and are committed to protecting your personal data. This Privacy Policy describes how Deciris (SASU) (“we”, “us”, or “our”) collects, uses, discloses and protects your information when you visit our website or use our software as a service (the “Service”).

This policy applies to:

  • Customers: Businesses or organizations that subscribe to our Service.
  • Users: Individuals authorized by Customers to access the Service.
  • Participants: Individuals who respond to questionnaires or inspections through the Service.
  • Visitors: Anyone browsing our public site.

We comply with the General Data Protection Regulation (GDPR) and applicable French laws.

2. Roles of Data Controller and Data Processor

It is important to distinguish the two main contexts in which we process data:

2.1 When we act as Data Controller We are the Data Controller for:

  • The information you provide when registering a Customer account (e.g. professional contact details, billing information).
  • Users' connection identifiers to the Service.
  • Usage data and analytics regarding your interaction with our platform (used to improve the Service).
  • The marketing communications we send to you (B2B prospects).

2.2 When we act as a Subcontractor We are the Subcontractor for:

  • The content of the questionnaires and templates you create.
  • Participant Data: Responses, names, emails or other data you collect from third parties using our Service.

In this second context, You (the Customer) are the Data Controller. We process this data only on your instructions and in accordance with our Terms of Use and our Data Processing Agreement (DPA).

3. Data we collect

3.1 Data you provide to us

  • Account Data: Name, email address, telephone number, name of organization, SIRET/VAT number (for billing).
  • Billing Data: Billing address and other details required for billing. We do not store credit card or payment method details as billing is handled manually.
  • Communications: Records of your support tickets or emails.

3.2 Data collected automatically

  • Usage Logs: IP addresses, browser type, operating system, referring URL, device information, pages visited, and timestamp.
  • Cookies: Technical cookies required for connection authentication and session security.

3.3 Data processed on behalf of Clients

  • Questionnaire Content: Questions and images that you upload.
  • Answers: Data entered by Participants (which may include text, photos, GPS location if enabled, etc.).

4. How we use data and legal bases

We use personal data for the following purposes, relying on these legal bases under the GDPR:

PurposeLegal Basis
Provision of the Service: Maintenance of your account, activation of the connection, processing functionalities.Performance of the contract (Art. 6(1)(b))
Billing and Administration: Billing and account management.Performance of the contract / Legal obligation
Support: Response to your requests for help.Execution of the contract
Security: Detection and prevention of fraud or abuse.Legitimate interest (guaranteeing the integrity of the system)
Service Improvement: Analysis of usage trends to improve UI/UX.Legitimate interest
Marketing (B2B): Sending product updates to existing customers.Legitimate interest (Passive opt-in) / Consent

For data processed as a Processor (Participant responses), strictly for the purpose of providing the Service as instructed by the Client.

5. Data Sharing and Subprocessors

We do not sell your personal data. We only share data with trusted third-party service providers (“Subprocessors”) necessary to operate our Service.

Current Main Sub-processors:

  • DigitalOcean: Hosting infrastructure (Servers located in the EU).
  • MongoDB Atlas: Database hosting (EU Regions).
  • Agora: Video streaming services for remote inspections.
  • Mailjet: Email delivery services (for invitations and notifications).
  • AI Providers: (ex: Anthropic) for model generation capabilities (Receive only model prompts/questions, not Participant data or personally identifiable information).

We ensure that all suppliers are bound by strict data protection agreements. We may also disclose data if required to do so by law (e.g. court order).

6. International data transfers

Our main servers and databases are located within the European Economic Area (EEA).

If we transfer data outside the EEA (for example, to a US-based tool), we ensure that appropriate safeguards are in place, such as:

  • Adequacy decisions: Transfer to countries considered to provide adequate protection.
  • Standard Contractual Clauses (SCC): Use of EU-approved contracts that require the recipient to protect your data.
  • Data Privacy Framework: Use of the EU-US Data Protection Framework where applicable for US suppliers.

7. Data retention

  • Account data: Retained for as long as your account is active, plus the legal limitation period (e.g. 5 years for contractual claims).
  • Billing data: Kept for 10 years as required by French accounting and tax laws.
  • Participant data/questionnaires: Retained for the duration of the Customer's subscription.
    • Deletion: Removed from production systems within 30 days of account termination.
    • Backups: May exist in encrypted backups for up to 30 days after deletion.

8. Your rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasing: Request deletion of your data (“Right to be forgotten”), subject to legal retention obligations.
  • Limitation: Ask us to limit the processing.
  • Portability: Receive your data in a structured, machine-readable format.
  • Opposition: Object to processing based on legitimate interests or commercial prospecting.

How to exercise your rights: Contact us at contact@deciris.com. We will respond within one month. Note: If you are a Participant wishing to access/delete data collected by one of our Clients, please contact that Client directly. We cannot delete Participant data without the permission of the Data Controller.

9. Security

We implement robust technical and organizational measures to protect data, including:

  • Data encryption in transit (TLS 1.2+) and at rest.
  • Strict access controls and principles of least privilege for our staff.
  • Security assessments and regular updates.

However, no method of transmission over the Internet is 100% secure. You are responsible for maintaining the confidentiality of your password.

10. Cookies

We use cookies mainly for essential purposes (authentication, session management). We do not use third-party advertising cookies, analytics services or tracking technologies.

  • Session cookies: To keep you logged in.
  • Preference cookies: To remember language settings.

You can manage your cookie preferences through your browser settings.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “Last Updated” date at the top will indicate the effective date. Significant changes will be notified by email or via an alert on the dashboard.

12. Contact us

If you have any questions about this policy or our data practices:

Deciris (SASU) 9 RUE DES COLUMNS 75002 PARIS France E-mail: contact@deciris.com