Privacy Policy - VIKL

Discover how VIKL protects your personal data and respects your privacy.

1. Introduction

VIKL is committed to protecting the privacy and personal data of its users, in accordance with the GDPR (EU 2016/679) and the French Data Protection Act.

Last updated: March 2026

2. Data controller

MINDGUARD PROJECT - SIRET: 988 560 009 00017 73 Avenue Foch, 92250 La Garenne-Colombes, France Email: privacy@vikl.ai

3. Data collected

3.1. Contact form

Data collected: Name, email (mandatory); company, company size, request type, number of managers, main challenge, message (optional).
Legal basis: Consent (form submitted voluntarily).
Retention: 3 years after the last contact.

3.2. Audience measurement — Microsoft Clarity

Data collected: Pages visited, navigation paths, clicks, scrolls, mouse movements, time spent, device type, browser, country/region, traffic source (referrer).
Tool: Microsoft Clarity (Microsoft Ireland Operations Limited).
Legal basis: Consent (cookie banner). The default state is "denied" until the user makes an explicit choice.
Retention: 30 days (Clarity session data).

3.3. Audience measurement — Azure Application Insights (client-side)

Data collected: Pages visited, URLs, load times, JavaScript errors, browser, operating system, country/region, pseudonymised session identifiers.
Tool: Azure Application Insights (Microsoft Ireland Operations Limited).
Legal basis: Consent (cookie banner). The client-side SDK is only loaded if you accept analytics cookies.
Retention: 90 days (default retention) to 12 months (depending on Log Analytics configuration).

3.4. Cookies

Cookies used: i18n_redirected (language preference), analytics cookies (Clarity, Application Insights) subject to consent.
Details: See our Cookie Policy.

3.5. User account (VIKL platform)

Identification: Last name, first name, email, password (encrypted).
Professional information: Company, job title.
Usage: Anonymised and encrypted history of actions, user preferences.
Billing (paid accounts): Managed by Stripe (PCI DSS certified).
Legal basis: Performance of contract (provision of service).
Retention: Duration of contract + 5 years (legal obligations).

3.6. Technical data (server-side)

Collected: IP address (full server-side before processing), HTTP requests, dependencies, exceptions, response times.
Tool: Azure Application Insights (Microsoft Ireland Operations Limited) — server SDK.
Legal basis: Legitimate interest (security, performance monitoring, anomaly detection).
Retention: 90 days (default retention) to 12 months (depending on Log Analytics configuration).

4. Purposes of processing

Purpose	Data used	Legal basis	Retention period
Responding to requests	Contact form data	Consent	3 years
VIKL service (AI)	User account data	Performance of contract	Duration of contract + 5 years
Audience measurement (Clarity)	Navigation paths, clicks, scrolls, heatmaps	Consent	30 days
Audience measurement (App Insights client)	Pages, errors, browser-side performance	Consent	90 days - 12 months
Technical monitoring (App Insights server)	HTTP requests, errors, server dependencies	Legitimate interest	90 days - 12 months
Billing	Billing data (identity, direct debit)	Legal obligation	10 years (General Tax Code)
Security	IP addresses, server logs, technical cookies	Legitimate interest	12 months

5. Recipients of data

VIKL staff: Support, technical team, management (restricted access).
Sub-processors:
- Microsoft Azure (Ireland): Data hosting (EU servers).
- Azure Application Insights / Log Analytics (Microsoft Ireland Operations Limited): Site telemetry, performance monitoring and audience analytics (EU servers).
- Microsoft Clarity (Microsoft Ireland Operations Limited): Behaviour analytics and audience measurement (EU servers).
- Azure Communication Services (Ireland): Sending transactional emails.
- Stripe (USA): Secure payments (EU-USA contractual guarantees).
Authorities: Upon judicial requisition only (police, courts, administrations).

All our sub-processors comply with the GDPR (standard contractual clauses).

6. Transfers outside the EU

Data is hosted within the EU (France/Ireland). Stripe (United States) only processes payment data, with appropriate safeguards (standard contractual clauses).

7. Data security

We implement strict technical and organisational measures:

Technical: SSL/TLS encryption (HTTPS), passwords stored using bcrypt, firewall, anti-DDoS protection, daily encrypted backups. 2FA authentication is available.
Organisational: Access restricted to staff (principle of least privilege), GDPR training for staff, periodic security audits.

You have the following rights:

Right of access (Art. 15): Obtain a copy of your data.
Right to rectification (Art. 16): Correct inaccurate data.
Right to erasure (Art. 17): Delete your data (subject to legal obligations).
Right to restriction (Art. 18): Temporarily freeze processing.
Right to portability (Art. 20): Receive your data in a usable format (CSV/JSON).
Right to object (Art. 21): Refuse processing based on legitimate interest.
Right to withdraw consent: Without retroactive effect.
Post-mortem instructions: Define what happens to your data after your death.

To exercise your rights, contact us:

Email: privacy@vikl.ai
Post: MINDGUARD PROJECT - DPO, 73 Avenue Foch, 92250 La Garenne-Colombes

We respond within 1 month (extendable to 3 months if necessary).

9. CNIL complaint

You can lodge a complaint with the CNIL: CNIL - 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07 Tel: +33 (0)1 53 73 22 22 | CNIL complaints

10. Retention periods

Category	Duration	Justification
Form data	3 years after last contact	Customer relations
Active account	Duration of contract	Performance of contract
Closed account	5 years after closure	Legal obligations
Billing	10 years	General Tax Code
Server logs	12 months	Security
Cookies	1 to 13 months depending on type	User comfort and security

Email: privacy@vikl.ai
Post: MINDGUARD PROJECT, 73 Avenue Foch, 92250 La Garenne-Colombes, France

Last updated: March 2026

VikL