PRIVACY POLICY

AI COMMANDOS, which operates the ai-commandos.com platform, attaches great importance to the protection and confidentiality of your personal data, which represent for us a guarantee of seriousness and trust.

As such, our Personal Data Privacy Policy accurately reflects our commitment to enforcing within AI COMMANDOS the applicable rules regarding personal data protection and, more specifically, those of the General Data Protection Regulation ("GDPR").

Our Privacy Policy aims in particular to inform you about how we process your personal data and the reasons why we process them in the context of the services we provide you.

Our Privacy Policy is addressed to you, regardless of your place of residence, as long as you are at least 15 years old and you are a user of our ai-commandos.com platform.

If you do not have the legal age detailed above, you are not authorized to use our services without the prior and explicit consent of one of your parents or your guardian, which must be sent to us by email at rgpd@ai-commandos.com.

If you believe that we hold personal data concerning your children without having consented to it, we invite you to contact us at the dedicated address detailed above.

When you grant permissions for Google API services, we may access and use the following permissions. For full details on each scope, please refer to Google's official OAuth 2.0 Scopes documentation.

We essentially process your personal data for the following reasons:

• To use and benefit from our artificial intelligence virtual assistant service, specially designed to support you in your entrepreneurial missions (help in obtaining financing, legal consultation, marketing expertise, call management or email drafting), based on our general terms of use.
• To manage the user account (e.g., account creation, access to the service, and account deletion) based on our general terms of use.
• To manage the administrator account (e.g., account creation, access to the service, and account deletion) based on our general terms of use.
• To verify the accuracy of the information provided during your registration based on our legal obligation. The validation of your account is performed manually by our teams.
• To communicate with our support service via our chat/chatbot or our contact form based on our general terms of use.
• To pay online based on our general terms and conditions of sale.
• To benefit from our FAQ based on our general terms of use.
• To receive our technical emails (e.g., password changes, etc.) essential to the proper functioning of our service based on our general terms of use.
• To be able to upload and import documents onto our platforms based on our general terms of use.
• Via the use of a generative artificial intelligence feature, to assist you in certain tasks (help in obtaining financing, legal consultation, marketing expertise, call management or email drafting, recruitment aid, etc.) based on our general terms of use.
• To daily guarantee and reinforce the security and quality of our services (e.g., statistics, data security, etc.) based on the legal obligations incumbent upon us, our general terms of use, and our legitimate interest in ensuring the proper functioning of our services.

Your data is collected directly from you as soon as you are a user of our ai-commandos.com platform and we commit to only processing your data for the reasons described above.

We have summarized below the categories of personal data as well as their respective retention periods:

• For individuals, personal identification data (e.g., last name, first name) and contact details (e.g., email address) kept for the duration of the service provision plus the legal prescription periods which are generally 5 years.
• For professionals, professional identification data (e.g., last name, first name, position, company, department, etc.) and contact details (e.g., professional email and phone, etc.) kept for the duration of the service provision plus the legal prescription periods which are generally 5 years.
• For individuals, economic and financial data (e.g., bank account number, verification code, etc.) kept for the time necessary for the transaction and the management of billing and payment plus the legal prescription periods which are generally 5 to 10 years.
• For professionals, when there is a confusion between the name of your structure and your personal name (e.g., self-employed, very small enterprise, etc.), economic and financial data (e.g., bank account number, verification code, etc.) kept for the time necessary for the transaction and the management of billing and payment plus the legal prescription periods which are generally 5 to 10 years.
• Email address to receive our technical messages kept until your account is deleted.
• Content of the exchanges entered by the user (text, questions, requests, documents) during the use of artificial intelligence kept for the entire duration of the service.
• Connection data (e.g., logs, IP address, etc.) kept for a period of 1 year.
• Financial and asset situation kept until your account is deleted then for a prescription period of 5 years.

Upon expiry of the applicable retention periods, the deletion of your personal data is irreversible and we will no longer be able to communicate it to you after this period. At most, we will only be able to retain anonymous data for statistical purposes.

Please also note that in the event of a dispute, we are obliged to keep all your data for the entire duration of the processing of the case even after the expiration of their retention periods described above.

Applicable data protection regulations grant you specific rights that you can exercise at any time, free of charge, to control the use we make of your data.

• Right of access and copy of your personal data as long as this request does not contradict trade secrets, confidentiality, or the secrecy of correspondence.
• Right to rectification of personal data that may be erroneous, obsolete, or incomplete.
• Right to request the erasure ('right to be forgotten') of your personal data that is not essential to the proper functioning of our services.
• Right to restriction of your personal data which allows freezing the use of your data in the event of a dispute over the legitimacy of the processing.
• Right to data portability which allows you to retrieve a portion of your personal data in order to easily store or transmit it from one information system to another.
• Right to provide directives regarding the fate of your data in the event of death, either by yourself, a trusted third party, or a beneficiary.

For a request to be taken into account, it is imperative that it be made directly by you to the address rgpd@ai-commandos.com. Any request not made in this manner cannot be processed.

Requests cannot come from anyone other than yourself. We may therefore ask you to provide proof of identity in case of doubt about the identity of the applicant.

We will respond to your request as soon as possible, with a maximum period of three months from its receipt should the request be technically complex or if we receive many requests at the same time.

Please note that we can always refuse to respond to any excessive or unfounded request, especially regarding its repetitive nature.

Your personal data is processed by our teams and our technical providers for the sole purpose of operating our service.

We specify that we check all our technical providers before hiring them to ensure they strictly adhere to the applicable personal data protection rules.

FURTHERMORE, WE GUARANTEE THAT WE NEVER TRANSFER OR SELL YOUR DATA TO THIRD PARTIES OR BUSINESS PARTNERS.

The personal data processed by our ai-commandos.com platform are exclusively hosted on servers located within the European Union.

Furthermore, we do everything possible to only use technical tools whose servers are also located within the European Union. Should this not be the case, we scrupulously ensure they implement the appropriate guarantees required to ensure the confidentiality and protection of your personal data.

We implement the following technical and organizational measures to daily guarantee the security of your personal data and, in particular, to combat any risk of destruction, loss, alteration, or disclosure.

AICommandos.App respects the confidentiality of your data accessible via Google Workspace APIs. We wish to assure you that all user data obtained through these APIs is used solely to provide and improve the specific features of AICommandos.App, in accordance with the intended use for you. Specifically, we do not use any user data obtained through Google Workspace APIs to develop, improve, or train generalized Artificial Intelligence (AI) and/or Machine Learning (ML) models. Our goal is to provide a useful and secure experience within the context of AICommandos.App, without exploiting your Workspace data for broader AI/ML development purposes.

WE GUARANTEE THAT WE DO NOT USE ANY ADVERTISING OR STATISTICAL COOKIES IN THE OPERATION OF OUR PLATFORMS.

We only use technical cookies strictly necessary for the proper functioning of our platforms which we recommend you do not delete and which do not require a cookie banner.

If you nevertheless wish to oppose their use, you can use your browser settings by following the general instructions for major browsers (Chrome, Edge, Safari, Firefox, Opera, etc.).

To best guarantee the protection and integrity of your data, we have officially appointed an independent Data Protection Officer ("DPO") with our supervisory authority.

You can contact our DPO at any time and free of charge at rgpd@ai-commandos.com to obtain more information or details on how we process your data.

You can contact the French Data Protection Authority (CNIL) at any time at the following coordinates: CNIL Complaints Department, 3 Place de Fontenoy, TSA 80751, 75 334 Paris Cedex 07 or by phone at +33 (0)1 53 73 22 22.

We may modify our Privacy Policy at any time to adapt to new legal requirements as well as to new processing operations we might implement in the future.