← Back to Home

Privacy Policy

Last updated: January 28, 2025

1. Data Controller

The data controller responsible for your personal data is:

Focus Labs
229 Rue Saint-Honoré
75001 Paris, France
Email: privacy@personaplex.io

For GDPR-related inquiries, you may contact our data protection team at the email address above.

2. Data We Collect

2.1 Audio Streams

When you use our API, audio data is streamed to our servers for real-time processing. Audio streams are processed in real-time and are not permanently stored. Audio data is immediately discarded after generating the AI response.

2.2 Session Metadata

We collect technical metadata including:

  • Session IDs
  • Timestamps
  • Duration of sessions
  • API endpoint accessed
  • IP addresses (anonymized after 30 days)

2.3 Account Information

When you create an account, we collect:

  • Email address
  • API keys (hashed for security)
  • Billing information (processed by our payment provider)

2.4 Analytics (Optional)

Our website may use Google Analytics to understand how visitors interact with our site. This is only enabled if you consent to analytics cookies. You can opt out at any time through your browser settings.

3. How We Use Your Data

We process your data for:

  • Service Delivery: Processing audio streams and generating AI responses
  • Account Management: Authentication, billing, and customer support
  • Service Improvement: Analyzing usage patterns to improve performance (using anonymized data only)
  • Security: Detecting and preventing fraud or abuse
  • Legal Compliance: Meeting our legal obligations

4. Legal Basis for Processing

Under GDPR, we process your data based on:

  • Contract Performance: Processing necessary to provide our services to you
  • Legitimate Interest: Service improvement, security, and fraud prevention
  • Consent: For optional analytics and marketing communications
  • Legal Obligation: When required by law

5. Third-Party Processors

We work with the following third-party service providers:

Modal.com

Cloud infrastructure provider for hosting and processing. Data may be processed in the United States under Standard Contractual Clauses.

NVIDIA Model Weights

We use open-source AI model weights from NVIDIA for inference. No data is shared with NVIDIA; processing occurs on our infrastructure.

Google Analytics (Optional)

Website analytics, enabled only with consent. Data processed in accordance with Google's privacy practices.

6. Data Retention

  • Audio Data: Processed in real-time; not permanently stored
  • Session Logs: Retained for 30 days for debugging and security purposes, then deleted
  • Account Data: Retained while your account is active and for 2 years after closure for legal purposes
  • Billing Records: Retained for 10 years as required by French tax law

7. Your Rights (GDPR)

As a data subject, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interest
  • Restriction: Request limited processing in certain circumstances
  • Withdraw Consent: Withdraw consent at any time for consent-based processing

To exercise these rights, contact us at privacy@personaplex.io. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. In France, this is the CNIL (Commission Nationale de l'Informatique et des Libertés).

8. International Transfers

Your data may be processed outside the European Economic Area (EEA), particularly in the United States through our cloud infrastructure provider. Such transfers are protected by Standard Contractual Clauses approved by the European Commission, ensuring an adequate level of data protection.

9. Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in Transit: All data transmitted via TLS/WSS (WebSocket Secure)
  • Encryption at Rest: Stored data encrypted using industry-standard algorithms
  • Access Controls: Strict role-based access to systems and data
  • Regular Audits: Periodic security assessments and penetration testing

10. Cookies

Our website uses:

  • Essential Cookies: Required for website functionality (no consent needed)
  • Analytics Cookies: Google Analytics, enabled only with your consent

You can manage cookie preferences through your browser settings.

11. Children's Privacy

PersonaPlex is not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or service notification. The "Last updated" date at the top indicates when the policy was last revised.

13. Contact Us

For privacy-related questions or to exercise your rights:

Focus Labs - Privacy Team
229 Rue Saint-Honoré
75001 Paris, France
Email: privacy@personaplex.io
Terms of Service·Home