Privacy policy

This policy describes how SHRIVATSA (Assilya) collects and processes personal data through the assilya.fr website and the Assilya platform, in accordance with Regulation (EU) 2016/679 (GDPR) and the French Data Protection Act of 6 January 1978, as amended.

Data controller and roles

For the website, the commercial relationship and account management (prospects, clients, billing), the data controller is SHRIVATSA (SASU), 156 route de la Salvetat, 31470 Fontenilles, France. Contact: contact@assilya.fr, phone +33 (0)5 82 95 06 78.

When operating the Assilya platform, where SHRIVATSA processes end-user data on behalf of its business clients, it acts as a processor within the meaning of Article 28 GDPR; the client (merchant) is then the data controller. Such processing is governed by a data processing agreement (DPA) entered into with the client.

No data protection officer (DPO) has been appointed; any question may be sent to the contact address above.

Data collected and purposes

Depending on your relationship with Assilya, the following data is processed:

• Prospects (demo form): name, business email, store name, platform, message volume and optional message. Purpose: handle your request, arrange a demo and contact you back.
• Clients (account and subscription): identification and account data, login credentials, billing data. Purposes: service provision, account management, billing, support and security.
• Usage data: technical logs, connection and browsing data. Purposes: security, abuse prevention, maintenance and improvement of the service.
• Data processed on behalf of the client: content of end-user messages, imported order and delivery data, required for the AI agents to operate. Here Assilya acts as a processor.

Legal bases

• Consent: demo form, non-essential cookies.
• Performance of a contract or pre-contractual measures: service provision, account management.
• Legal obligation: retention of invoices and accounting obligations.
• Legitimate interest: service security, fraud prevention, platform improvement.

Recipients and sub-processors

Data is never sold. It is accessible to authorised SHRIVATSA staff and to technical sub-processors acting on instructions and bound by confidentiality:

• OVHcloud (OVH SAS): hosting, within the European Union.
• Resend: delivery of transactional emails.
• Stripe: payment and subscription billing.
• Anthropic (Claude) and OpenAI (GPT): AI processing of messages to generate suggestions and replies.
• Google: reCAPTCHA (form anti-spam protection) and, where applicable, Google Tag Manager, Google Analytics 4 (audience measurement) and Google Ads (advertising and conversion measurement), subject to consent.

Transfers outside the European Union

Some sub-processors (notably Anthropic, OpenAI, Stripe and Google) are established in the United States or may process data there. Such transfers are governed by appropriate safeguards within the meaning of Articles 44 et seq. GDPR: European Commission standard contractual clauses and, where applicable, certification under the EU-US Data Privacy Framework.

Artificial intelligence

The Assilya platform uses artificial intelligence models (Anthropic, OpenAI) to analyse messages and produce suggestions or replies.

• Content processed through the platform is not used to train AI models, in accordance with the contractual commitments made with these providers.
• Depending on the autonomy level set by the client, the AI operates in suggestion mode (human validation) or automatic reply mode; the client retains control of and responsibility for the replies sent.
• No decision producing legal effects or significantly affecting you is taken solely on the basis of automated processing within the meaning of Article 22 GDPR.
• In accordance with applicable transparency obligations (notably the EU Artificial Intelligence Act), users are informed when they interact with an AI system.

Retention periods

• Prospects: up to 3 years from the last contact.
• Client accounts: for the entire duration of the contractual relationship.
• Accounting data and invoices: 10 years, in accordance with legal obligations.
• Data processed on behalf of the client: for the duration of the contract, then deleted or returned in accordance with the data processing agreement.
• Cookies: as per the durations shown in the table below.

Security

SHRIVATSA implements appropriate technical and organisational measures to protect data: encryption in transit, access control, hosting within the European Union, backups and logging.

Your rights

In accordance with the GDPR, you have the right to access, rectify, erase, object to, restrict and port your data, as well as the right to withdraw your consent and to set instructions on the fate of your data after your death. To exercise them, write to contact@assilya.fr.

If your data is processed by Assilya on behalf of one of its clients (merchant), send your request directly to that client, who is the data controller; Assilya will assist in that context.

You may also lodge a complaint with the French data protection authority, the CNIL.

Changes

This policy may be updated to reflect changes to the service or regulations. The last update date is shown at the top of the page.

Cookies and trackers

On your first visit, a banner lets you accept or refuse non-essential cookies. You can change your choice at any time using the button below.

The form is protected by reCAPTCHA: Google's privacy policy and terms of service apply.

Manage my cookies

You can review or withdraw your consent at any time:

Manage my cookies