Nous utilisons des cookies pour vous offrir la meilleure expérience sur notre site.

Privacy Policy – Cockpyt AI

Last updated: 20/05/2026

This Privacy Policy describes how the personal data of users of the Cockpyt AI platform is collected, used and protected. It complements the Terms and Conditions of Sale and Use, to which the user is invited to refer.

1. Data Controller

The controller of personal data processing is Florian Zorgnotti, operating as a micro-entrepreneur, registered in the SIRENE register under SIRET number 51860823700039, residing at 4 route de Villefranche, 06340 La Trinité, publisher of the Cockpyt AI platform (hereinafter “the Publisher”).

Contact for any question relating to personal data or to the exercise of your rights: contact@cockpyt.ai

2. Data collected

In the context of the use of Cockpyt AI, the Publisher collects the following categories of data:

  • User account data: last name, first name, email address, password (securely stored using cryptographic hashing).
  • Billing data: company name, billing address, intra-EU VAT number where applicable, transaction history and subscription history. Payment card details are processed directly by Stripe and do not transit through the Publisher’s servers.
  • Business data (scans): submitted prompts, target brand names and URLs, competitor identifiers, GEO analysis results, history of generated reports.
  • Technical data: IP address, browser type, connection and security logs, session data.
  • Data from contact and prospecting forms: if the user fills in a form on the site (demo request, contact, audit, newsletter), the information provided is collected for the purposes indicated in the relevant form.

3. Purposes and legal bases

Data processing is based on the following legal bases:

Purpose Legal basis
Provision of the Cockpyt AI Service (account creation, scan execution, score calculation) Performance of the contract
Payment processing and invoice issuance Legal obligation (accounting and tax)
Service security (fraud prevention, abuse detection, blocking of unauthorized access) Legitimate interest
Transactional communications (report delivery, password reset, technical notifications, alerts) Performance of the contract
Marketing communications (product news, relevant content, offers) Prior consent (opt-in)
Audience measurement and Service improvement Legitimate interest or consent depending on the tools used

4. Retention periods

  • Business data (reports, projects, scans): definitively and irreversibly deleted thirty (30) days after the effective termination of the subscription, in accordance with Article 10 of the T&C.
  • Account data (profile, email): retained for commercial prospecting purposes with the user for a maximum of three (3) years from the user’s last active contact, in accordance with the CNIL’s recommendations for B2B prospecting.
  • Billing data: retained for ten (10) years, in accordance with French accounting and tax obligations (Articles L. 123-22 of the Commercial Code and L. 102 B of the Book of Tax Procedures).
  • Technical and security logs: retained for a maximum period of twelve (12) months.
  • Data from contact forms and non-customer prospects: retained for three (3) years from the last contact initiated by the prospect.

5. Data recipients and subprocessors

Data is processed confidentially by the Publisher. In the context of providing the Service, certain data is transmitted to subprocessors within the meaning of Article 28 of the GDPR, governed by Data Processing Agreements (DPAs):

Subprocessor Purpose Location
Hetzner Database hosting and storage European Union
Stripe Secure payment processing European Union / United States (Data Privacy Framework certified)
Brevo Transactional and marketing email delivery European Union
OpenAI Processing of prompts via the professional API for analysis United States (Data Privacy Framework certified)
Anthropic Processing of prompts via the professional API for analysis United States (Data Privacy Framework certified)
Google Processing of prompts via the professional API for analysis United States (Data Privacy Framework certified)

No user data is sold, rented, shared or transferred to data brokers or used for third-party advertising purposes.

The detailed and up-to-date list of subprocessors can be provided upon request at contact@cockpyt.ai.

6. Data transfers outside the European Union

The technical operation of Cockpyt AI involves the use of artificial intelligence API providers located in particular in the United States. These transfers are governed by the Data Privacy Framework (DPF), which establishes a level of data protection equivalent to the GDPR, and, where applicable, by the Standard Contractual Clauses adopted by the European Commission.

B2B confidentiality guarantee: the professional terms of use of the AI APIs used by Cockpyt AI provide that the business data transmitted (prompts, client sites, competitors) is not used to train, improve or develop the public artificial intelligence models of the relevant providers. The data is processed ephemerally and strictly within the framework of executing the request.

7. Your rights

In accordance with the GDPR and the amended French Data Protection Act, the user has the following rights regarding their personal data:

  • Right of access to the data processed
  • Right to rectification of inaccurate or incomplete data
  • Right to erasure (“right to be forgotten”) of account and usage data
  • Right to data portability in a structured, machine-readable format
  • Right to restriction of processing
  • Right to object to processing on legitimate grounds
  • Right to withdraw consent to marketing communications at any time via the unsubscribe link present in each email

These rights may be exercised by simple request at [GDPR email]. Proof of identity may be requested in case of reasonable doubt as to the identity of the requester. The Publisher undertakes to respond within a maximum period of thirty (30) days.

If the user considers that their rights are not respected, they may lodge a complaint with the French Data Protection Authority (CNIL): 3 place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07 – www.cnil.fr

8. Cookies and trackers

Cockpyt AI applies a minimalist policy regarding trackers.

  • Strictly necessary cookies (exempt from consent): technical cookies essential for authentication, application security (CSRF tokens), session maintenance and memorization of essential display preferences.
  • Audience measurement cookies: used where applicable to measure anonymized use of the Service and improve the experience. These cookies are subject to the user’s prior consent via the dedicated banner.
  • Commercial affiliation cookie (where applicable): if the user signs up via a link from an affiliate partner, an anonymized technical cookie is retained for a maximum period of thirty (30) days. Its sole purpose is to link the subscription to the affiliate for the calculation of their commission, without external browsing tracking.

The user can manage their preferences at any time via the consent banner accessible from the site footer, or via their browser settings.

9. Data security

The Publisher implements appropriate technical and organizational measures to protect personal data:

  • end-to-end encryption of flows between the user and the Platform (HTTPS/TLS)
  • cryptographic hashing of passwords
  • encryption of databases at rest
  • access to technical infrastructure restricted to administrators authenticated via two-factor authentication (2FA)
  • logging and supervision of sensitive accesses
  • regular backup policies

In the event of a personal data breach likely to result in a risk to the rights and freedoms of users, the Publisher undertakes to notify the incident to the CNIL within seventy-two (72) hours and, where applicable, to the affected users, in accordance with Articles 33 and 34 of the GDPR.

10. Minors

The Cockpyt AI Service is exclusively intended for professional (B2B) use and is not designed to be used by minors. The Publisher does not knowingly collect personal data concerning minors. If such collection were brought to its attention, the data would be deleted without delay.

11. Modifications to this Policy

The Publisher reserves the right to modify this Privacy Policy to adapt it to technical, organizational or regulatory developments. In the event of substantial modification, active users will be informed by email at least thirty (30) days before the entry into force of the new version.

12. Contact

For any question relating to this Privacy Policy or to the exercise of your rights:

contact@cockpyt.ai
Florian Zorgnotti – 4 route de Villefranche, 06340 La Trinité – SIRET 51860823700039