Version: 2.0 — Update date: February 11, 2025.

Polaria Technologies Privacy Policy

1. Introduction

Polaria Technologies is a company offering a SaaS platform to configure and deploy AI chatbots in RAG (Retrieval-Augmented Generation). The purpose of this privacy policy is to explain what personal data is collected in connection with the use of our services, how it is used and protected, and what your rights are in this regard.

Polaria is strongly committed to protecting the privacy of its users' personal data. We process data in accordance with the General Data Protection Regulation (GDPR) and applicable privacy laws. Our commitment is reflected in the implementation of appropriate security measures and in the transparency of our data processing practices.

2. Data collected

Polaria Technologies limits the collection of personal data to what is strictly necessary. Depending on the case, the data collected comes from two main sources:

From the back office: When you use the Polaria back office (administration interface), we collect some personal information about you. These include your first name, last name, email address, as well as connection logs (for example, connection dates and times, possibly the IP address used). This data is provided when creating your administrator account and during your subsequent connections in order to manage your access to the platform.

From the chatbot: By default, no personal data is collected via the chatbots deployed with our platform. End-user interactions with the chatbot are not recorded or associated with a personal identity by Polaria, unless otherwise explicitly enabled by the customer. In other words, the chatbot can be used without Polaria collecting personal information about end users.

3. Purpose of collection

The collection of personal data by Polaria pursues specific and legitimate purposes:

Back office data: Information collected through the back office is used exclusively to ensure the proper functioning of the product and service. Concretely, this makes it possible to manage your user accounts, to authenticate your connections, to provide you with access to chatbot configuration functionalities, and to ensure customer support or the communication of important information related to the service. This data can also help us improve the platform and ensure its security (for example, by monitoring connection logs for suspicious activity).

Chatbot data: By default, the chatbot does not collect personal data, no use of personal data is made in this context. The chatbot provides its answers based on the data configured by the customer (knowledge bases, documents, etc.) without the need to process personal information about the end user. Thus, there is no processing purpose relating to personal data for interactions with the chatbot, unless a customer voluntarily decided to collect certain information via it (in such a case, this customer would be responsible for defining the purpose and informing its users).

4. Data sharing

Polaria Technologies does not share any personal data with third parties. Your data is not sold, rented, or transmitted to entities outside of Polaria, whether for commercial or other purposes. All the data we collect remains confidential and is used only for the purposes described above.

In exceptional cases, we may be required to disclose certain data if required to do so by law or in response to a legal request from the competent authorities. Apart from this possible legal requirement, no personal data is communicated to third parties without your explicit consent.

5. Data storage and security

The security of your data is a priority for Polaria. We implement robust technical and organizational measures to ensure the integrity and confidentiality of your personal information.

Data Security: All personal data collected is protected according to industry best practices. We use data encryption during transfers (SSL/TLS protocols) and, where applicable, data encryption at rest on our servers or databases. Access to personal information is strictly controlled — only authorized Polaria personnel (or the customer, in the case of dedicated servers) who need it to operate the service can access it, in accordance with confidentiality commitments. We have also implemented protection mechanisms against intrusions and malicious software (firewalls, intrusion detection systems, etc.), and regularly update our systems to prevent vulnerabilities.

Storage and hosting: Data is stored on secure infrastructures. Depending on the needs of our customers, storage can be adapted. Some customers opt to host their Polaria instance on private dedicated servers, which means that their data is isolated on their own infrastructure (for example, a private cloud or a reserved on-premise server). In all cases, whether the data is hosted on a shared Polaria cloud or on a dedicated server, we make sure to apply the same level of security and confidentiality requirements. If the data is hosted by a trusted cloud infrastructure provider, Polaria ensures that this provider offers adequate data protection guarantees and that no illegal data transfer outside the European Union takes place without the required protections.

6. User rights

In accordance with the GDPR and applicable laws, users with an account on the Polaria back office benefit from all the rights to their personal data. This includes in particular:

Right of access: you can obtain confirmation that personal data concerning you is processed by Polaria, and receive an intelligible copy;
Right to rectification: you can request the correction of inaccurate or incomplete information concerning you so that it is up to date;
Right to erasure (right to be forgotten): you can request the deletion of your personal data, especially if they are no longer necessary for the purposes for which they were collected or processed;
Right to limitation of processing: in certain cases provided for by law, you can request the temporary suspension of the use of your data (for example time to verify their accuracy or the validity of an objection);
Right to object: you have the right to object, for reasons relating to your particular situation, at any time, to the processing of your personal data based on the legitimate interest of Polaria. If necessary, we will stop this processing unless there is a compelling reason to continue it. (Note: Since back office data is mainly processed on a contractual basis, this right may not apply outside of processing for marketing communication purposes that we do not carry out without explicit consent);
Right to portability: you can request to receive the personal data you have provided to Polaria in a structured, commonly used and machine-readable format, or to have them transferred to another data controller when technically possible.

To exercise any of these rights, simply contact us (see the Contact section below). We may ask you to verify your identity in order to secure access to your personal information during such requests. We are committed to responding to any valid request within the legal deadlines (in general 1 month maximum, extendable by two months if necessary depending on the complexity of the request).

It should be noted that the end users of chatbots deployed via Polaria do not, by default, have any personal data collected by Polaria. However, if a chatbot was configured by a customer to collect personal data (for example, request a contact email as part of a conversation), the end user should exercise their rights directly with the customer operating the chatbot, the latter being then responsible for processing this data.

7. Legal basis for processing

Polaria processes personal data only when an appropriate legal basis within the meaning of the GDPR applies:

Back office: The collection and processing of data from the back office are necessary for the execution of the contract between the user and Polaria for the use of the platform (Article 6 (1) (b) of the RGPD). By creating an account and using our service, you are in fact concluding an agreement with Polaria, and the processing of your identification data (name, email, etc.) is essential to provide you with access to functionalities, ensure the maintenance of your account, and more generally to fulfill our contractual obligations (such as allowing you to manage your chatbots). Incidentally, some related processing may be based on the legitimate interest of Polaria (Article 6 (1) (f) of the RGPD), for example to guarantee the security of the platform or to improve the service, but in all cases these treatments do not infringe on your fundamental rights and freedoms.

Chatbot: By default, no personal data is collected via the chatbot, which means that there is no processing of personal data that requires a specific legal basis for this functionality. If no personal data is processed, the requirement for a legal basis does not apply. In the event that a Polaria customer sets up the chatbot to process personal data of end users (for example, to provide a personalized service requiring to know their name or contact), it would be their responsibility to ensure that this is based on a valid legal basis (for example, the consent of the end user or the performance of a service requested by the end user) and to mention this in their own privacy policy. However, the standard operation of Polaria does not involve such treatment.

8. Shelf life

Polaria ensures that personal data is not kept longer than necessary for the purposes pursued. Retention periods are defined as follows:

Back office data: Your personal data related to the back office (account information, connection logs, etc.) is kept for the duration of use of our services and as long as your account is active with Polaria. In other words, we keep this information for as long as you use the platform and have not deleted your account. In the event of deletion of your account or prolonged inactivity, your data will either be deleted or archived securely (if longer retention is required for legal obligations or dispute resolution). For example, if you decide to close your account, we may keep some data during the legal limitation period or accounting requirements, but it will be deactivated from the active system and accessible only in a restricted manner. Beyond these deadlines, the data will be permanently deleted or made anonymous.

Chatbot data: By default, as noted, Polaria does not store personal data from chatbot conversations. In this case, the question of the shelf life does not arise, as no data is stored after the interaction. However, our platform offers the possibility for each customer (the company that deploys a chatbot via Polaria) to possibly configure the conservation of certain conversation data if this is necessary for their use. The retention period of chatbot data is therefore configurable by each customer according to their own needs and constraints. For example, a customer might decide to keep chat logs for a few days to improve their service or process requests, or to keep nothing at all. Polaria scrupulously applies the parameters defined by the customer: if a customer chooses limited storage (e.g. automatic deletion after X days), the data will be automatically deleted in accordance with this choice. In the absence of specific instructions from the customer, no personal chatbot data is retained beyond the chat session.

9. Contact

If you have questions about this privacy policy, or if you want to exercise your rights over your personal data, you can contact our Data Protection Officer (DPO).

DPO contact: dpo (at) polaria (dot) ai

The Polaria DPO is the person in charge of ensuring the company's data protection compliance. It will respond to your requests for information or the exercise of rights as soon as possible.

We invite our users to contact us with any requests or concerns about their personal data. We take the protection of your data seriously and will do what is necessary to provide a satisfactory solution. If, however, you feel that we have not answered your concerns correctly, you also have the right to file a complaint with the competent supervisory authority, such as the CNIL (Commission Nationale de l'Informatique et des Libertés) in France.