GDPR Compliance - VIKL
Learn how VIKL protects your personal data and complies with the General Data Protection Regulation (GDPR).
Our commitment
Protecting personal data is at the heart of VIKL's design. As an AI companion handling sensitive relational situations, we understand that trust is built on concrete guarantees, not promises.
VIKL complies with the General Data Protection Regulation (EU 2016/679, GDPR) and the French Data Protection Act (Loi Informatique et Libertés). This page outlines the measures we implement to protect your data.
Last updated: April 2026
1. Hosting and data location
Your data stays in Europe
- Hosting: Microsoft Azure, France Central and Western Europe regions.
- No transfers outside the EU: your conversation and account data never leave the European Union.
- Sole exception: Stripe (payments), based in the United States, with appropriate safeguards (EU standard contractual clauses).
AI processing in Europe
Language model calls are made through Azure OpenAI Service, hosted in Europe. Your conversations do not pass through servers located outside the EU.
2. Data security
Technical measures
| Measure | Detail |
|---|---|
| Encryption in transit | TLS 1.2+ (HTTPS) on all communications |
| Encryption at rest | AES-256 for stored data |
| Passwords | bcrypt hashing — never stored in plain text |
| Authentication | 2FA available for user accounts |
| Firewall and anti-DDoS | Azure network protection |
| Backups | Daily, encrypted |
| Data isolation | Logical separation per organization |
Organizational measures
- Least privilege principle: only strictly necessary personnel access systems.
- GDPR training for all staff.
- Periodic security audits.
Conversation confidentiality
Exchanges with VIKL are protected so that neither your employer nor VIKL staff can access your conversation content in clear text. In an enterprise context, only aggregated, anonymized indicators are available on the dashboard.
3. Legal bases and purposes
VIKL collects and processes personal data on clear legal grounds:
| Purpose | Data | Legal basis | Retention |
|---|---|---|---|
| Providing the VIKL service | Account, conversations | Performance of contract | Contract duration + 5 years |
| Responding to inquiries | Contact form | Consent | 3 years after last contact |
| Audience measurement (Clarity, App Insights client) | Browsing, clicks, performance | Consent | 30 days - 12 months |
| Technical monitoring (App Insights server) | HTTP requests, errors, logs | Legitimate interest | 90 days - 12 months |
| Billing | Identity, payment | Legal obligation | 10 years |
| Security | IP, server logs | Legitimate interest | 12 months |
Cookies: the cookie banner defaults to "rejected". Analytics cookies (Clarity, Application Insights) are only activated after explicit consent. Details in our Cookie Policy.
4. Your rights
As a user, you have the following rights under the GDPR:
- Right of access (Art. 15) — obtain a copy of your personal data.
- Right to rectification (Art. 16) — correct inaccurate or incomplete data.
- Right to erasure (Art. 17) — request deletion of your data.
- Right to restriction (Art. 18) — temporarily freeze processing.
- Right to data portability (Art. 20) — receive your data in a structured format (CSV/JSON).
- Right to object (Art. 21) — refuse processing based on legitimate interest.
- Withdrawal of consent — at any time, without retroactive effect.
- Post-mortem directives — define the fate of your data after your death.
How to exercise your rights
- Email: privacy@vikl.ai
- Mail: MINDGUARD PROJECT — DPO, 73 Avenue Foch, 92250 La Garenne-Colombes, France
We respond within 1 month (extendable to 3 months for complex requests, in accordance with Article 12 of the GDPR).
5. Sub-processors and recipients
VIKL uses sub-processors that comply with the GDPR and are governed by standard contractual clauses:
| Sub-processor | Role | Location |
|---|---|---|
| Microsoft Azure | Hosting, infrastructure | EU (France / Ireland) |
| Azure OpenAI Service | Language models (AI) | EU |
| Azure Application Insights | Monitoring, telemetry | EU (Ireland) |
| Microsoft Clarity | Audience analytics | EU (Ireland) |
| Azure Communication Services | Transactional emails | EU (Ireland) |
| Stripe | Secure payments (PCI DSS) | USA (EU standard contractual clauses) |
No other third party has access to your data, except under judicial requisition.
6. Your data is not used to train AI
This is a fundamental commitment: conversations with VIKL are never used to train or fine-tune artificial intelligence models — neither by VIKL nor by our model providers. This guarantee is contractually established with Azure OpenAI Service.
Your data is used exclusively to provide you with the service. Full stop.
7. Governance and DPO
Data controller
MINDGUARD PROJECT SIRET: 988 560 009 00017 73 Avenue Foch, 92250 La Garenne-Colombes, France
Data protection contact
For any questions regarding the protection of your data:
- Email: privacy@vikl.ai
- Mail: MINDGUARD PROJECT — DPO, 73 Avenue Foch, 92250 La Garenne-Colombes, France
CNIL complaint
You may file a complaint with the CNIL (French data protection authority): CNIL — 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07 Phone: +33 (0)1 53 73 22 22 | CNIL complaints
Learn more
- Privacy Policy — full details on data processing
- Cookie Policy — information about cookies and trackers
- Responsible AI & AI Act — our compliance with the European AI regulation
This document is provided for informational purposes and does not constitute legal advice. For the complete legal text, please refer to our Privacy Policy. This document will be updated as the regulatory framework evolves.