[{"data":1,"prerenderedAt":667},["ShallowReactive",2],{"legal-rgpd-en":3},{"id":4,"title":5,"body":6,"description":659,"extension":660,"meta":661,"navigation":662,"path":663,"seo":664,"stem":665,"__hash__":666},"legal_en/en/legal/rgpd.md","GDPR Compliance - VIKL",{"type":7,"value":8,"toc":632},"minimark",[9,14,18,30,36,39,43,48,70,74,81,83,87,91,181,185,205,209,216,218,222,225,327,338,340,344,347,397,401,419,426,428,432,435,527,530,532,536,543,546,548,552,556,562,566,569,581,585,594,596,600,621,623],[10,11,13],"h2",{"id":12},"our-commitment","Our commitment",[15,16,17],"p",{},"Protecting personal data is at the heart of VIKL's design. As an AI companion handling sensitive relational situations, we understand that trust is built on concrete guarantees, not promises.",[15,19,20,21,25,26,29],{},"VIKL complies with the ",[22,23,24],"strong",{},"General Data Protection Regulation"," (EU 2016/679, GDPR) and the French ",[22,27,28],{},"Data Protection Act"," (Loi Informatique et Libertés). This page outlines the measures we implement to protect your data.",[15,31,32,35],{},[22,33,34],{},"Last updated:"," April 2026",[37,38],"hr",{},[10,40,42],{"id":41},"_1-hosting-and-data-location","1. Hosting and data location",[44,45,47],"h3",{"id":46},"your-data-stays-in-europe","Your data stays in Europe",[49,50,51,58,64],"ul",{},[52,53,54,57],"li",{},[22,55,56],{},"Hosting",": Microsoft Azure, France Central and Western Europe regions.",[52,59,60,63],{},[22,61,62],{},"No transfers outside the EU",": your conversation and account data never leave the European Union.",[52,65,66,69],{},[22,67,68],{},"Sole exception",": Stripe (payments), based in the United States, with appropriate safeguards (EU standard contractual clauses).",[44,71,73],{"id":72},"ai-processing-in-europe","AI processing in Europe",[15,75,76,77,80],{},"Language model calls are made through ",[22,78,79],{},"Azure OpenAI Service",", hosted in Europe. Your conversations do not pass through servers located outside the EU.",[37,82],{},[10,84,86],{"id":85},"_2-data-security","2. Data security",[44,88,90],{"id":89},"technical-measures","Technical measures",[92,93,94,107],"table",{},[95,96,97],"thead",{},[98,99,100,104],"tr",{},[101,102,103],"th",{},"Measure",[101,105,106],{},"Detail",[108,109,110,121,131,141,151,161,171],"tbody",{},[98,111,112,118],{},[113,114,115],"td",{},[22,116,117],{},"Encryption in transit",[113,119,120],{},"TLS 1.2+ (HTTPS) on all communications",[98,122,123,128],{},[113,124,125],{},[22,126,127],{},"Encryption at rest",[113,129,130],{},"AES-256 for stored data",[98,132,133,138],{},[113,134,135],{},[22,136,137],{},"Passwords",[113,139,140],{},"bcrypt hashing — never stored in plain text",[98,142,143,148],{},[113,144,145],{},[22,146,147],{},"Authentication",[113,149,150],{},"2FA available for user accounts",[98,152,153,158],{},[113,154,155],{},[22,156,157],{},"Firewall and anti-DDoS",[113,159,160],{},"Azure network protection",[98,162,163,168],{},[113,164,165],{},[22,166,167],{},"Backups",[113,169,170],{},"Daily, encrypted",[98,172,173,178],{},[113,174,175],{},[22,176,177],{},"Data isolation",[113,179,180],{},"Logical separation per organization",[44,182,184],{"id":183},"organizational-measures","Organizational measures",[49,186,187,193,199],{},[52,188,189,192],{},[22,190,191],{},"Least privilege principle",": only strictly necessary personnel access systems.",[52,194,195,198],{},[22,196,197],{},"GDPR training"," for all staff.",[52,200,201,204],{},[22,202,203],{},"Periodic security audits",".",[44,206,208],{"id":207},"conversation-confidentiality","Conversation confidentiality",[15,210,211,212,215],{},"Exchanges with VIKL are protected so that ",[22,213,214],{},"neither your employer nor VIKL staff"," can access your conversation content in clear text. In an enterprise context, only aggregated, anonymized indicators are available on the dashboard.",[37,217],{},[10,219,221],{"id":220},"_3-legal-bases-and-purposes","3. Legal bases and purposes",[15,223,224],{},"VIKL collects and processes personal data on clear legal grounds:",[92,226,227,243],{},[95,228,229],{},[98,230,231,234,237,240],{},[101,232,233],{},"Purpose",[101,235,236],{},"Data",[101,238,239],{},"Legal basis",[101,241,242],{},"Retention",[108,244,245,259,273,286,300,314],{},[98,246,247,250,253,256],{},[113,248,249],{},"Providing the VIKL service",[113,251,252],{},"Account, conversations",[113,254,255],{},"Performance of contract",[113,257,258],{},"Contract duration + 5 years",[98,260,261,264,267,270],{},[113,262,263],{},"Responding to inquiries",[113,265,266],{},"Contact form",[113,268,269],{},"Consent",[113,271,272],{},"3 years after last contact",[98,274,275,278,281,283],{},[113,276,277],{},"Audience measurement (Clarity, App Insights client)",[113,279,280],{},"Browsing, clicks, performance",[113,282,269],{},[113,284,285],{},"30 days - 12 months",[98,287,288,291,294,297],{},[113,289,290],{},"Technical monitoring (App Insights server)",[113,292,293],{},"HTTP requests, errors, logs",[113,295,296],{},"Legitimate interest",[113,298,299],{},"90 days - 12 months",[98,301,302,305,308,311],{},[113,303,304],{},"Billing",[113,306,307],{},"Identity, payment",[113,309,310],{},"Legal obligation",[113,312,313],{},"10 years",[98,315,316,319,322,324],{},[113,317,318],{},"Security",[113,320,321],{},"IP, server logs",[113,323,296],{},[113,325,326],{},"12 months",[15,328,329,332,333,204],{},[22,330,331],{},"Cookies",": the cookie banner defaults to \"rejected\". Analytics cookies (Clarity, Application Insights) are only activated after explicit consent. Details in our ",[334,335,337],"a",{"href":336},"/en/cookies","Cookie Policy",[37,339],{},[10,341,343],{"id":342},"_4-your-rights","4. Your rights",[15,345,346],{},"As a user, you have the following rights under the GDPR:",[49,348,349,355,361,367,373,379,385,391],{},[52,350,351,354],{},[22,352,353],{},"Right of access"," (Art. 15) — obtain a copy of your personal data.",[52,356,357,360],{},[22,358,359],{},"Right to rectification"," (Art. 16) — correct inaccurate or incomplete data.",[52,362,363,366],{},[22,364,365],{},"Right to erasure"," (Art. 17) — request deletion of your data.",[52,368,369,372],{},[22,370,371],{},"Right to restriction"," (Art. 18) — temporarily freeze processing.",[52,374,375,378],{},[22,376,377],{},"Right to data portability"," (Art. 20) — receive your data in a structured format (CSV/JSON).",[52,380,381,384],{},[22,382,383],{},"Right to object"," (Art. 21) — refuse processing based on legitimate interest.",[52,386,387,390],{},[22,388,389],{},"Withdrawal of consent"," — at any time, without retroactive effect.",[52,392,393,396],{},[22,394,395],{},"Post-mortem directives"," — define the fate of your data after your death.",[44,398,400],{"id":399},"how-to-exercise-your-rights","How to exercise your rights",[49,402,403,413],{},[52,404,405,408,409],{},[22,406,407],{},"Email:"," ",[334,410,412],{"href":411},"mailto:privacy@vikl.ai","privacy@vikl.ai",[52,414,415,418],{},[22,416,417],{},"Mail:"," MINDGUARD PROJECT — DPO, 73 Avenue Foch, 92250 La Garenne-Colombes, France",[15,420,421,422,425],{},"We respond within ",[22,423,424],{},"1 month"," (extendable to 3 months for complex requests, in accordance with Article 12 of the GDPR).",[37,427],{},[10,429,431],{"id":430},"_5-sub-processors-and-recipients","5. Sub-processors and recipients",[15,433,434],{},"VIKL uses sub-processors that comply with the GDPR and are governed by standard contractual clauses:",[92,436,437,450],{},[95,438,439],{},[98,440,441,444,447],{},[101,442,443],{},"Sub-processor",[101,445,446],{},"Role",[101,448,449],{},"Location",[108,451,452,465,477,490,502,514],{},[98,453,454,459,462],{},[113,455,456],{},[22,457,458],{},"Microsoft Azure",[113,460,461],{},"Hosting, infrastructure",[113,463,464],{},"EU (France / Ireland)",[98,466,467,471,474],{},[113,468,469],{},[22,470,79],{},[113,472,473],{},"Language models (AI)",[113,475,476],{},"EU",[98,478,479,484,487],{},[113,480,481],{},[22,482,483],{},"Azure Application Insights",[113,485,486],{},"Monitoring, telemetry",[113,488,489],{},"EU (Ireland)",[98,491,492,497,500],{},[113,493,494],{},[22,495,496],{},"Microsoft Clarity",[113,498,499],{},"Audience analytics",[113,501,489],{},[98,503,504,509,512],{},[113,505,506],{},[22,507,508],{},"Azure Communication Services",[113,510,511],{},"Transactional emails",[113,513,489],{},[98,515,516,521,524],{},[113,517,518],{},[22,519,520],{},"Stripe",[113,522,523],{},"Secure payments (PCI DSS)",[113,525,526],{},"USA (EU standard contractual clauses)",[15,528,529],{},"No other third party has access to your data, except under judicial requisition.",[37,531],{},[10,533,535],{"id":534},"_6-your-data-is-not-used-to-train-ai","6. Your data is not used to train AI",[15,537,538,539,542],{},"This is a fundamental commitment: conversations with VIKL are ",[22,540,541],{},"never used to train or fine-tune artificial intelligence models"," — neither by VIKL nor by our model providers. This guarantee is contractually established with Azure OpenAI Service.",[15,544,545],{},"Your data is used exclusively to provide you with the service. Full stop.",[37,547],{},[10,549,551],{"id":550},"_7-governance-and-dpo","7. Governance and DPO",[44,553,555],{"id":554},"data-controller","Data controller",[15,557,558,561],{},[22,559,560],{},"MINDGUARD PROJECT","\nSIRET: 988 560 009 00017\n73 Avenue Foch, 92250 La Garenne-Colombes, France",[44,563,565],{"id":564},"data-protection-contact","Data protection contact",[15,567,568],{},"For any questions regarding the protection of your data:",[49,570,571,577],{},[52,572,573,408,575],{},[22,574,407],{},[334,576,412],{"href":411},[52,578,579,418],{},[22,580,417],{},[44,582,584],{"id":583},"cnil-complaint","CNIL complaint",[15,586,587,588],{},"You may file a complaint with the CNIL (French data protection authority):\nCNIL — 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07\nPhone: +33 (0)1 53 73 22 22 | ",[334,589,593],{"href":590,"rel":591},"https://www.cnil.fr/fr/plaintes",[592],"nofollow","CNIL complaints",[37,595],{},[10,597,599],{"id":598},"learn-more","Learn more",[49,601,602,609,614],{},[52,603,604,608],{},[334,605,607],{"href":606},"/en/privacy","Privacy Policy"," — full details on data processing",[52,610,611,613],{},[334,612,337],{"href":336}," — information about cookies and trackers",[52,615,616,620],{},[334,617,619],{"href":618},"/en/ai-act","Responsible AI & AI Act"," — our compliance with the European AI regulation",[37,622],{},[15,624,625],{},[626,627,628,629,631],"em",{},"This document is provided for informational purposes and does not constitute legal advice. For the complete legal text, please refer to our ",[334,630,607],{"href":606},". This document will be updated as the regulatory framework evolves.",{"title":633,"searchDepth":634,"depth":634,"links":635},"",2,[636,637,642,647,648,651,652,653,658],{"id":12,"depth":634,"text":13},{"id":41,"depth":634,"text":42,"children":638},[639,641],{"id":46,"depth":640,"text":47},3,{"id":72,"depth":640,"text":73},{"id":85,"depth":634,"text":86,"children":643},[644,645,646],{"id":89,"depth":640,"text":90},{"id":183,"depth":640,"text":184},{"id":207,"depth":640,"text":208},{"id":220,"depth":634,"text":221},{"id":342,"depth":634,"text":343,"children":649},[650],{"id":399,"depth":640,"text":400},{"id":430,"depth":634,"text":431},{"id":534,"depth":634,"text":535},{"id":550,"depth":634,"text":551,"children":654},[655,656,657],{"id":554,"depth":640,"text":555},{"id":564,"depth":640,"text":565},{"id":583,"depth":640,"text":584},{"id":598,"depth":634,"text":599},"Learn how VIKL protects your personal data and complies with the General Data Protection Regulation (GDPR).","md",{},true,"/en/legal/rgpd",{"title":5,"description":659},"en/legal/rgpd","mBGe_a3V2eZK83GRYAnJub-NrWx-qRYP9Ym0i9xBA-Y",1775931406272]