DILAIG
/Privacy Policy

Privacy Policy

Last updated: March 2026

01

Introduction

This Privacy Policy describes how DILAIG collects, uses, retains and protects the personal data of users of the DILAIG platform, in accordance with EU Regulation 2016/679 (GDPR) and the French Data Protection Act of 6 January 1978 as amended.

02

Data controller

The data controller for personal data collected via the platform is:

Company: DILAIG

Representative: Baptiste MARIE

Address: 58 rue de Monceau, 75008 Paris, France

DPO contact: hello@dilaig.com

03

Data collected

DILAIG collects the following categories of data depending on interactions with the platform:

Identification dataPerformance of contract
First name, last name, professional email address, organisation name
Connection dataLegitimate interest
IP address, connection logs, session cookies
Billing dataLegal obligation
Billing details, payment history (via Stancer)
Business dataPerformance of contract
Information on audited AI systems, questionnaire results, generated documents
Usage dataConsent
Pages visited, features used, session duration

DILAIG does not collect any special category data within the meaning of Article 9 of the GDPR.

04

Purposes and legal bases

Personal data is processed for the following purposes:

Account management and authentication

Art. 6.1.b — Contract

Provision of platform services

Art. 6.1.b — Contract

Billing and accounting

Art. 6.1.c — Legal obligation

Security and fraud prevention

Art. 6.1.f — Legitimate interest

Anonymous audience measurement (Umami)

Art. 6.1.f — Legitimate interest (CNIL exempt. 2020-091)

Marketing communications

Art. 6.1.a — Consent

05

Retention periods

Data is retained for the period strictly necessary for the purposes for which it was collected:

Account dataDuration of subscription + 30 days
Billing data10 years (accounting obligation)
Business data (audits)Duration of subscription + 30 days
Connection logs12 months
Analytics tracker (Umami)No persistence (server-side session — no cookie stored)
Marketing data3 years after last contact
06

Data recipients

DILAIG does not sell or rent your personal data to third parties. Data may be shared with the following categories of recipients:

StancerPayment providerFrance (EU)
Mistral AIAI document generationFrance (EU)
SupabaseDatabase and authenticationSwitzerland
InfomaniakCloud infrastructureSwitzerland
07

DILAIG as data processor

ℹ Dual role

For the business data that Clients enter in the context of their AI Act audits, DILAIG acts as a data processor within the meaning of Article 28 of the GDPR.

A Data Processing Agreement (DPA) is available on request at hello@dilaig.com. It is automatically annexed to the contract for Starter and Pro plans.

08

Cookies and trackers

The platform uses the following categories of cookies:

Essential cookiesAlways active

Authentication, session security, basic preferences

Audience measurement (Umami)CNIL exempt

Umami Analytics, self-hosted at analytics.dilaig.com. No persistent cookie — server-side session. Exempt from consent under CNIL deliberation no. 2020-091.

Functional cookiesConsent required

Remembering user preferences (language, theme)

09

Your rights

Under the GDPR, you may exercise your rights at any time by contacting hello@dilaig.com:

Art. 15

Right of access

Obtain a copy of your data

Art. 16

Right to rectification

Correct inaccurate data

Art. 17

Right to erasure

Request deletion of your data

Art. 18

Right to restriction

Restrict certain processing activities

Art. 20

Right to portability

Receive your data in a structured format

Art. 21

Right to object

Object to certain processing activities

10

Data security

DILAIG implements appropriate technical and organisational measures to protect your data against unauthorised access, loss, alteration or disclosure.

Encryption

TLS 1.3 / AES-256

Authentication

MFA available

Backups

Daily

Hosting

Switzerland (EU adequacy)

11

Policy updates

DILAIG reserves the right to modify this Privacy Policy at any time. Any material modification will be notified to Users by email at least 30 days before it takes effect.

DILAIG — Privacy Policy v1.0March 2026