1. Data Controller
Name: Darewell
Address: 8 allée de la chapelle, 74940 Annecy Le Vieux, France
SIREN: 910.432.152
DPO: Fouad Zein – [email protected]
2. Data We Collect
| Category | Data Types | Purpose | Legal Basis |
|---|---|---|---|
| Account Data | Email, name, company name, hashed password | User account creation, authentication | Contract (Art. 6(1)(b)) |
| Behavioral Profiles | Default trust level, communication preferences | Team collaboration & trust-building | Legitimate Interest (Art. 6(1)(f)) |
| OKR Data | OKR titles, confidence levels, contributors | OKR tracking & team alignment | Legitimate Interest (Art. 6(1)(f)) |
| Payment Data | Transaction records, Stripe charge IDs | Payment processing & invoicing | Legal Obligation (Art. 6(1)(c)) |
| AI Features | Anonymized company sector, industry, size | OKR recommendations & insights | Legitimate Interest (Art. 6(1)(f)) |
3. How We Use Your Data
- Manage user accounts and teams.
- Track OKRs and collaboration metrics.
- Process payments (Stripe).
- Generate OKR recommendations using anonymized company data.
- AI-generated content (e.g., OKR suggestions) is clearly labeled as ‘AI-generated’.
4. Data Retention
| Data Type | Retention Period |
|---|---|
| Account Data | 2 years after account closure |
| Behavioral Profiles | 2 years after account closure |
| OKR Data | 2 years after account closure |
| Payment Data | 10 years (French fiscal law) |
5. Data Sharing & Transfers
| Recipient | Purpose | Location | Safeguards |
|---|---|---|---|
| Company Members | Access to shared data | Global (user locations) | Data stored in EU (Germany) + Role-based access controls |
| Stripe | Payment processing | US/EU | SCCs |
| OpenAI | AI features | US (via EU) | SCCs + Anonymization |
6. Your Rights
- Access your data.
- Correct inaccurate data.
- Delete your data (unless legally required to retain).
- Object to processing based on legitimate interests.
- Port your data (e.g., export OKRs).
To exercise your rights, email us at [email protected] We will respond within 30 days.
7. AI-Powered Features
- Data Used: Anonymized company sector, industry, size.
- Transparency: AI-generated content (e.g., OKR recommendations) is labeled ‘AI-generated’.
- Purpose: Enhance OKR management efficiency through automated suggestions.
8. Behavioral Profiles
- Visibility: All company members can view your communication preferences and trust levels.
- Control: Edit or delete your profile in Account Settings.
9. Security Measures
- Password Hashing: Securely stored using bcrypt.
- Data in Transit: Protected via TLS 1.2+.
- Access Controls: Administrators manage permissions, and all company members can access shared data.
10. CNIL Compliance (France)
- No Employee Monitoring: Behavioral data is not used for performance evaluations.
- Complaints: Lodge a complaint with CNIL
11. Updates
This policy is updated annually. Changes are notified via email or in-app alerts.
12. Contact Us
For questions, contact our DPO at [email protected]