Introduction
At Cominty, we are committed to maintaining the confidentiality and security of the personal information entrusted to us. Protecting your privacy is a key priority, and we do so in accordance with applicable data protection laws.
This Privacy Policy explains who we are, how we collect, use, and disclose information that relates to you under applicable data protection laws ("Personal Data"), and how you may exercise your privacy rights. If you have any questions about our practices, please contact us using the details provided in the "How to contact us?" section.
About Us
Cominty SAS, 17 avenue Henry Monnier, 75009 Paris, France ("Cominty", "we", "our", or "us"), develops and provides a platform that enables the creation and use of LLM-based applications and AI agents. Our technology helps organizations work more efficiently by giving secure access to company knowledge and leveraging composable tools to retrieve and share internal information effectively.
1. About this Privacy Policy
This Privacy Policy applies when you access or use the Cominty platform — meaning our online software-as-a-service solution, including any related APIs provided by Cominty, together with all associated applications (the "Platform") — or when you participate in our user research activities, interact with our support teams, or otherwise engage with us in ways reasonably connected to the provision of our services.
The purpose of this Policy is to inform you about how we process Personal Data in compliance with Regulation (EU) 2016/679 of 27 April 2016 (the General Data Protection Regulation, "GDPR") and French Law No. 78-17 of 6 January 1978 relating to data processing, files, and freedoms (together, the "Applicable Regulation").
2. Who is responsible for processing your personal data?
Cominty's role depends on the context:
Data Processor
In most cases, Cominty processes data on behalf of its Customers. In these situations, the Customer determines the purposes and means of the processing, and its own privacy policy applies. If you are using the Platform through your employer or organization, please refer to their privacy policy for details.
Data Controller
In certain cases, Cominty acts as an independent Data Controller, for example when managing user accounts, billing, or ensuring the security and proper functioning of the Platform. In these cases, this Privacy Policy applies.
If you have questions about Cominty's data protection practices when we act as Data Controller, please contact us using the details in the "How to contact us?" section.
3. The Personal Data we collect
Cominty collects and processes your Personal Data when you use the Platform. This includes:
| Category | Source | Purpose |
|---|---|---|
| Identification and Contact First and last name, email, telephone | When you order and use our Platform, contact us, or interact with us; from third parties and publicly available sources | Delivering the Platform; marketing communications; lead qualification; organizing and managing access to events |
| Professional life Company name, areas of expertise, languages, professional experience, title, online calendar link | When you order and use our Platform, contact us; from third parties and publicly available sources | Marketing communications; lead qualification; organizing and managing access to events |
| Voluntarily provided data Personal data in requests or feedback you send us | When you order and use our Platform, contact us, or interact with us | Fulfilling your request and communicating in contract-related matters; marketing communications |
| Unique identifiers IP address, cookie IDs, device IDs | When you use our Platform (via cookies) | Internal development |
| Device and technical Domain server, device/OS/browser type, locale, session logging, heatmaps, screen resolution, ISP, referring/exit pages, visit timestamps | When you use our Platform (via cookies) | Internal development |
| Digital behavioral Page interactions (clicks, browsing, zooms), referring source, interaction statistics | When you use our Platform (via cookies) | Internal development |
| Agreement and Transaction Agreements, orders, purchases, payment status, invoices, and customer-service interactions | When you order and use our Platform | Managing payments, contracts, transactions, and meeting contractual requirements |
| Payment Card data, corporate bank account information of customers | When you order our Platform | Managing payments, contracts, transactions, and meeting contractual requirements |
Marketing Communications
When we contact you about Cominty's Platform, events, or business.
Internal Development
When Cominty improves and develops the Platform — including testing, research, reporting, benchmarking, machine learning, performance analyses, predictions and trend analysis — to support our business decision-making, analyze customer engagement, assess service quality, and consider customer feedback. For internal development, we process anonymized and aggregated data to the extent possible.
Cominty may also collect information about you that is publicly available.
4. How we use your Personal Data and the legal bases we rely on
When Cominty acts as Data Controller, we process Personal Data in compliance with applicable data protection laws and only where a valid legal basis under Article 6 GDPR applies. In particular, we may process Personal Data for the following purposes:
- To provide and operate the Platform to our Customers, and to perform our contractual obligations under the agreement with them
- To manage our customer relationships, including payments, contracts, transactions, and related administrative matters
- To communicate with Customers about updates, new features, demos, webinars, events, and other commercial information, in compliance with applicable marketing laws
- To improve and secure the Platform, including internal research, development, troubleshooting, and service optimization
What legal basis are we relying on?
We process your Personal Data based on:
- The performance of a contract with our Customers
- Compliance with legal obligations
- Our legitimate interests in operating, improving, and promoting our services, provided such interests are not overridden by your rights
- Your consent, where your consent is legally required
Where we rely on your consent, you may at any time withdraw your consent by contacting us.
5. How long do we keep your Personal Data?
We retain Personal Data only for as long as necessary to fulfill the purposes described in this Privacy Policy, and in accordance with applicable data protection law and our internal Data Retention Policy. Retention periods may vary depending on the context and are subject to applicable statutory requirements. In particular:
| Processing Purpose | Retention |
|---|---|
| Delivering the Platform, providing customer service and managing payments, contracts and transactions | Agreement duration with Customers, then archived 5 years |
| Fulfilling your request and communicating in contract-related matters | Agreement duration with Customers, then archived 5 years |
| Marketing Communications | 3 years from the last contact |
| Organizing, managing, and facilitating access to events | Duration of the event and 5 years archived after |
6. When and with whom do we share your Personal Data?
Within Cominty, access to Personal Data is restricted to authorized personnel on a need-to-know basis. We do not sell Personal Data to third parties.
We may share Personal Data with the following categories of recipients, always in compliance with applicable data protection laws and subject to appropriate safeguards:
Service providers and sub-processors
We may engage trusted third-party providers to support our business operations (e.g., hosting, infrastructure, analytics, customer support). These providers act on our behalf and under our instructions, and are bound by contractual and technical safeguards consistent with GDPR requirements. Foundational Model Providers (e.g., OpenAI, Anthropic, Mistral, Google) apply strict "Zero Data Retention" policies, meaning that Customer Content will not be used for training or retained beyond the duration of the processing.
Affiliates
We may share Personal Data with our current or future subsidiaries and affiliates for the purposes described in this Privacy Policy.
Corporate transactions
We may disclose Personal Data in connection with a merger, acquisition, restructuring, financing, or sale of assets, subject to appropriate confidentiality measures.
Legal obligations and authorities
We may disclose Personal Data where required to comply with applicable laws, regulations, legal processes, or governmental requests, or to establish, exercise, or defend our legal rights.
Third-party integrations chosen by Customers
When you connect third-party services (e.g., Google Drive, Microsoft SharePoint) to the Platform, Cominty accesses and processes the content you choose to synchronize solely to provide the requested functionality. You can adjust these settings at any time or request deletion of the synchronized data.
For Google integrations, Cominty's use of data received from Google APIs adheres to the Google API Services User Data Policy, including the "Limited Use" requirements.
7. How do we transfer your Personal Data globally?
As a principle, we seek to ensure that Personal Data remains within the European Economic Area (EEA). Where Personal Data needs to be accessed or processed outside the EEA — for example, by certain service providers — such transfers will only take place:
- to countries that have been recognized by the European Commission as providing an adequate level of protection, or
- under appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs), together with supplementary measures where required.
These safeguards ensure that your Personal Data continues to benefit from a level of protection essentially equivalent to that in the EEA.
8. How do we secure your Personal Data?
We use industry-standard physical, technical, and organizational security measures to protect Personal Data, taking into account the state of the art and applicable legal requirements. These measures include encryption, access controls, and secure hosting within the European Union. Access to Personal Data is limited to authorized personnel only.
We also undergo independent security audits (such as SOC 2). Further details on our security practices are available in our Trust Center at trust.cominty.ai.
9. Your privacy rights and how to exercise them
Subject to applicable data protection laws, you have privacy rights in respect of the Personal Data we process about you:
- request confirmation that we are processing your Personal Data
- request access to the Personal Data we process about you
- request that we delete, update or correct the Personal Data we hold about you
- request that we restrict the way in which we use your Personal Data
- request that we apply the right of data portability, where applicable
- object to our processing of your Personal Data
- withdraw the consent that you have given us to process your Personal Data where we process it on the basis of your consent
- lodge a complaint with the relevant data protection authority regarding our processing of your Personal Data
To exercise one or more of the rights mentioned above, please contact us as outlined in the "How to contact us?" section below.
10. Children's Privacy
Our Platform is not directed to children under the age of 16, and we do not knowingly collect Personal Data from them. If we become aware that we have inadvertently collected Personal Data from a child under 16, we will take reasonable steps to delete such data without undue delay.
If you believe that we may hold Personal Data relating to a child under 16, please contact us as described below.
11. Links to other websites or services
Our Website or Platform may contain links to third-party websites or services that are not operated or controlled by Cominty. We are not responsible for the content, security, or privacy practices of such third parties. If you choose to visit a third-party website or service, its own terms and privacy policy will apply. This Privacy Policy does not apply to any Personal Data you provide to third parties.
12. How to contact us?
Privacy Inquiries
You may contact us regarding this Privacy Policy or our processing of your Personal Data at privacy@cominty.ai.
Data Protection Officer
You can also contact our Data Protection Officer at dpo@cominty.ai.
13. Updates and Amendments to this Privacy Policy
The "Effective Date" at the top of this Privacy Policy indicates when it was last updated. We may amend this Privacy Policy from time to time. Any changes will become effective when the revised version is posted on our Website or Platform.
Material changes: If we make material changes that significantly affect your privacy rights, we will provide additional notice, for example by email or through the Platform.
Your continued use of the Platform after the posting of changes constitutes your acceptance of the revised Privacy Policy.