Skip to content
LeadsFlowAI
BPrivacy

Last updated · 2026-05-31

Personal data protection policy

LeadsFlowAI processes your personal data with restraint, in compliance with the General Data Protection Regulation (GDPR) and the principles of minimization and sovereignty that guide the practice.

01

Data controller

LeadsFlowAI, Société par actions simplifiée (SAS), Chemin de la Bastide Rouge, Le Béal 2000 B1, 06150 Cannes, France. RCS Cannes 980 532 931. Controller contact: contact@leadsflowai.com.
02

Data protection

For any question related to the processing of your personal data, you can contact us: privacy@leadsflowai.com.
03

Scope and specific notices

This policy applies to the leadsflowai.com website and its presentation subdomains, which contain no form and run no artificial intelligence processing during mere browsing. Certain services accessible from a dedicated subdomain or domain - notably the Reveal conversational experiences - have their own information about data and, where applicable, their own consent collection, presented directly on the service concerned before any processing. In case of difference, the notice displayed on that service prevails for that journey. The data controller remains LeadsFlowAI, except when the service is operated on behalf of a client: that client is then the data controller and LeadsFlowAI acts as a processor, within the meaning of article 28 of the GDPR.
04

Collected data and purposes

The site is a storefront: it collects no data via form, and only strictly necessary technical metadata (IP address, logs) transits during browsing. When you contact us, the data collected depends on the channel you choose: • Email: the information you provide in your message, processed via our professional mailbox. • Appointment booking: name, email and time slot, via a scheduling tool, transmitted solely to organize the exchange. • Conversational experience (where applicable): the information exchanged in that journey, governed by its own notice. Purposes: respond to your request, qualify the need, prepare and hold the exchange, then manage the professional relationship. No banking data is processed directly on this site; any payments transit through compliant providers (Stripe, GoCardless or equivalent) ensuring their security.
05

Sensitive data

Our contact channels are not intended to collect sensitive data (within the meaning of article 9 of the GDPR). Please do not transmit such data, nor confidential information not necessary to your request.
06

Legal basis

Processing is based on: • pre-contractual measures (response to a request, quote, diagnostic); • performance of the service contract, where applicable; • the legitimate interest of the practice to maintain the professional relationship and site security; • your consent, where required (communications, non-strictly-necessary trackers).
07

Retention period

• Prospect data: 3 years from last contact. • Client data: throughout the contract duration, then 5 years after termination (legal and accounting obligations). • Technical logs: limited to security and operational needs.
08

Use of artificial intelligence and human decision-making

LeadsFlowAI designs and operates artificial intelligence systems; this is the core of the practice. The contact details and context you transmit to us may, subsequently, be analyzed using artificial intelligence tools, in order to qualify your request and prepare our exchange. These analyses serve as decision support: they do not result in any decision producing legal effects or significantly affecting you without human intervention. You may at any time request human intervention, express your point of view or contest an analysis, by writing to our data protection contact address. Where processing involves an AI model, European or self-hosted models are preferred; the use of a provider outside the European Union is limited to strict necessity, applied to minimized data and framed (see "Transfers outside the European Union"). The detail applicable to a conversational experience is specified in the notice of that journey.
09

Recipients and providers

Your data is never sold. It may be shared, strictly as necessary, with the cabinet team, any subcontractors engaged on your project (under written confidentiality undertakings), and authorized authorities upon legal request. The operation of the site relies on technical providers: hosting, content delivery (CDN) and DNS management, as well as an appointment scheduling tool. The origin host is Hetzner Online GmbH (Germany and Finland, European Union); the site's delivery relies on providers established in the European Union. The nominative and up-to-date list of our subprocessors is kept available and communicated, within the framework of the data processing agreement (article 28 of the GDPR), to clients and to the supervisory authority.
10

Transfers outside the European Union

Hosting and the main processing activities are located within the European Union. Where a provider is established outside the EU (for example a scheduling tool or, in certain journeys, an AI model), the transfer is limited to strict necessity, applies to minimized data, and is framed by the European Commission standard contractual clauses and, where applicable, a transfer impact assessment.
11

Our approach to sovereignty

LeadsFlowAI deliberately distinguishes its public storefront from its data processing: • The public website collects no client data via form; only technical metadata (IP address) transits through it. • The products, technologies and client data that we develop and host run on European infrastructure, seeking to exclude any subprocessor subject to a non-European jurisdiction from the data path. • The use of non-EU AI APIs or models, where no equivalent European alternative exists, is limited to strict necessity, framed contractually and applied to minimized or anonymized data. This doctrine guides our technical choices and is subject to continuous improvement.
12

Your rights

Under GDPR, you have the rights of access, rectification, erasure, portability, restriction and objection, as well as the right to define directives concerning your data after death. To exercise these rights, contact us at the data protection address indicated above. A response will be provided within one month (extendable to three months if complexity requires). You also have the right to lodge a complaint with the relevant data protection authority (in France: CNIL - www.cnil.fr).
13

Cookies and audience measurement

No audience measurement tool is active by default as of the last update. The only documented storage is strictly necessary local storage for consent preferences, when the user configures them. Any later activation of a measurement tool or cookie-based tool will trigger an update to the dedicated cookie policy and, where required, a consent banner compliant with the CNIL recommendation. The technical detail of deposited trackers is available in the dedicated cookie policy.
14

Security

Reasonable technical and organizational measures are implemented to protect data: encryption in transit (HTTPS), access control, logging, backups, awareness training. No system being inviolable, LeadsFlowAI commits to notifying any data breach within the timeframes set by GDPR.
15

Changes to this policy

This policy may be updated to reflect the evolution of our services or of the regulation. The date of last update appears at the top of the page; changes take effect upon publication.

Contact

For any question regarding this document, please write to contact@leadsflowai.com.