English
English


Privacy Policy


Version of July 1, 2024




Our commitment to you


We place great importance on the integrity of your personal data, and we strive to handle it in the safest and most transparent way possible.

In order to live up to the trust you place in us by using our website and services, we have scrupulously committed to adhering to data protection regulations, in particular, the General Regulation on the Protection of Personal Data of April 27, 2016 (hereinafter GDPR).


Whether you are a prospect, a client, or a simple visitor, this privacy policy applies to you : it aims to explain how we handle your personal data in the context of your use of the site and/or the Formality application, and to inform you about the rights you hold accordingly.


The data we collect


1- What data do we collect?


Contact data: name, professional email address, phone number, etc.


Connection data: IP address, login credentials, logs, browser version, plug-ins, etc.


Browsing data: pages visited, links clicked, referrer URLs, etc.


2- When and how do we collect your data?





















The processing we do with your data


1- Why and how do we process your data?


Commercial prospecting and marketing communication

We use your data to share content (articles, white papers, newsletters, etc.) with you, to allow you to participate in our events (webinars, conferences, etc.), or to present our services to you (emailing, product demos, etc.).


Legal basis for processing: you have consented to the processing, either directly (e.g., contact form on our site) or through third parties you authorized to share your data with partners (including us).


Retention period: 3 years after our last communication or on the date of the deletion request, the nearest date being retained.


Ensuring the operation and continuity of our services

We use data provided by our clients (hereinafter referred to as “client data”) as part of the execution of our services (e.g., creation, configuration, and maintenance of client accounts), but also to inform and assist our users in using our services through our customer service.


Legitimate basis for processing: The processing is necessary for the execution of the subscription contract to which our clients have subscribed.


Retention period: Client data is deleted upon the effective termination of the subscription contract. Contractual data is retained for 5 years after the termination of the contract.

Improving our product and services

We use the collected data to understand and analyze user trends and preferences, to improve our services, and to develop new products, services, and features. If this purpose requires us to process our clients' data, such data will only be used in anonymized or aggregated form.


Legitimate basis for processing: You have consented to the processing of your data under the subscription contract you signed (Client) or by accepting our cookie policy (Visitor) and the processing responds to legitimate interests.


Retention period: This varies with use; some are retained for a few minutes, while others for 14 months.


2- Who is responsible for processing your data?


For client data

We do not determine the purpose of the processing or the means of its implementation, which remain the responsibility of the Client and the users of the Client account. Therefore, and in accordance with the GDPR, we do not act as Data Controller and do not have the associated responsibilities.

Thus, regarding Client data, we must be considered as processors and we only process this data on behalf of and according to the instructions of our clients.


For other data

For all data other than Client data, we act as Data Controller: we determine the purpose of the processing and the means of its implementation.


3- Who has access to your data?


Internal services

We take great care to limit access to your data to only those members of our team who need to be involved in processing your data and to anonymize it as much as possible.

Furthermore, we ensure that all our members adhere to our security and confidentiality charter and we strive to raise their awareness and train them regarding the security and confidentiality of your data.


Partners and subcontractors

To provide our services, we may rely on third-party service providers or partners (the “subcontractors”) to carry out activities involving access to and processing of some of your personal data.

When we do so, we ensure to work only with companies that safeguard and protect your personal data in compliance with applicable law, in the same manner that we commit to doing.


List of partners and subcontractors we work with

  • AWS (hosting)

  • Notion (data storage)

  • Google (Email, Drive, document storage)

  • Slack (Document and information communication)

  • Sentry (Debug + error management)

  • OpenAI

  • Mistral AI

  • Google Gemini

  • Google Maps API


These subcontractors and their services are detailed below:

📣 In accordance with the subscription contract signed by our clients, this page serves as notification to them. After the expiration of the time period indicated in said contract, the subcontractors listed above are considered authorized by our clients.


Protection of your personal data


We are committed to taking all necessary precautions to preserve the security of your data and protect it against accidental or unlawful destruction, corruption, dissemination, or unauthorized access, as well as against any other form of unlawful processing or disclosure to unauthorized persons.


1- Where do we store your data?


Your data is encrypted during transport using the TLS v1.2 protocol and the AES-256 algorithm during storage.

They are stored in data centers based in the European Union: several replications are made in different data centers to ensure their durability and access in case of disaster.


2- What security measures have we put in place?


The security of your data is a priority for us. Therefore, we adopt technical and organizational security measures to ensure an appropriate level of security in relation to the risks associated with processing and the nature of this data, and in particular:

Access control to data


Access to our systems is protected by AWS rights management policies.

We have implemented audit logs to identify and archive any access to the systems, as well as any access and modification of data on these systems for the sake of traceability and transparency.

Securing authentication services


All connections and connection attempts are recorded to detect any potential fraudulent use of accounts.


Your rights concerning your data


1- What are your rights?


Right of access: you have the right to request information regarding the processing of your data (categories of data processed, purpose of processing, recipients of your data, retention period, etc).


Right to rectification: you have the right to request that we modify or update your personal data if you believe it is inaccurate or incomplete.


Right to object: you have the right to object to the processing of your data for a given purpose if your situation justifies it.

In this case, unless we can demonstrate a legitimate and compelling interest in processing, we will stop processing your data for the stated purpose.


Right of deletion (right to be forgotten): you have the right to request that we permanently delete your data when you believe we no longer have any reason to process it.


Right to portability: you have the option to request that we send you your data or transfer it to another service provider.


Right to limit processing: you have the right to request that we temporarily stop the processing of all or part of your data pending a response to another rights exercise request.


Right to refuse automated individual decision-making: we may need to make decisions solely based on automated processing (for example, to send you content tailored to your profile).

You have the right to refuse such an approach if it has a legal effect on you or significantly affects you.


2- How to exercise your rights?


Your rights exercise request

To exercise your right, please send us your request directly:


By email: privacy@formality.co


By mail: 6 Rue du Bois Sauvage, 91000, Évry-Courcouronnes, France


In accordance with applicable regulations, we may ask you to prove your identity before processing your request.


Processing your request

Following receipt of your request, we will ensure to respond to you within one month (which may be extended by one month if the processing of your request involves significant complexity).


Your remedies

If our processing of your request does not satisfy you, you have the right to file a complaint with the competent authority or seek remedy in the competent courts.


Modification of our policy

We may modify our privacy policy from time to time to ensure transparency of all operations related to the processing of your data in real-time.

In this case, we will publish the modified version on our site. Therefore, we recommend that you regularly review our policy.


Privacy Policy



Version of July 1, 2024





Our Commitment to You


We place great importance on the integrity of your personal data, and we strive to handle it in the most secure and transparent manner possible.

To live up to the trust you place in us by using our website and services, we have diligently committed to comply with data protection regulations, and in particular, the General Data Protection Regulation (GDPR) enacted on April 27, 2016.


Whether you are a prospect, a client, or a simple visitor, this privacy policy concerns you : it aims to describe how we process your personal data in the context of your use of the website and/or the Formality application, and to inform you about the rights you hold as a result.


The data we collect


1- What data do we collect?


Contact data: name, professional email address, phone number, etc.


Connection data: IP address, login credentials, logs, browser version, plug-ins, etc.


Browsing data: pages visited, links clicked, referral URL, etc.


2- When and how do we collect your data?











The processing we do of your data


1- Why and how do we process your data?


Commercial prospecting and marketing communication

We use your data to share content (articles, white papers, newsletters, etc.) with you, allow you to participate in our events (webinars, conferences, etc.), or present our services (email marketing, product demo, etc.).


Legal basis for processing: you have consented to the processing, either directly (e.g., contact form on our website) or through third parties you have authorized to transmit your data to partners (of which we are a part).


Retention period: 3 years after our last communication or the date of the deletion request, the closest date being retained


Ensuring the operation and continuity of our services

We use the data provided by our clients (hereinafter referred to as "client data") in the context of providing our services (for example: creation, configuration, and maintenance of client accounts), as well as to inform and assist our users in using our services through our customer service.


Legitimate basis for processing: The processing is necessary for the performance of the subscription contract that our clients have entered into.


Retention period: Client data is deleted from the effective termination of the subscription contract. Contractual data, on the other hand, is retained for 5 years after the termination of the contract.

Improving our product and services

We use the data collected to understand and analyze usage trends and preferences of our users, to improve our services, and to develop new products, services, and features. If this purpose requires us to process our clients' data, this data will only be used in an anonymized or aggregated form.


Legitimate basis for processing: You have consented to the processing of your data in the context of the subscription contract you signed (Client) or by accepting our cookie policy (Visitor) and the processing addresses legitimate interests.


Retention period: This varies depending on usage; some of them are retained for a few minutes, while others are retained for 14 months.


2- Who is responsible for processing your data?


For Client data

We neither determine the purpose of the processing nor the means of its implementation, which remain the responsibility of the Client and users of the Client account. Therefore, in accordance with the GDPR, we do not act as Data Controllers and do not have the associated responsibilities.

Thus, regarding Client data, we must be considered as processors and we only process this data on behalf of and under the instructions of our clients.


For other data

For all data other than Client data, we act as Data Controllers: we determine the purpose of the processing and the means of its implementation.


3- Who has access to your data?


Internal services

We take the utmost care to limit access to your data to only those members of our team who need to intervene in the processing of your data and to anonymize them as much as possible.

Moreover, we ensure that all our members adhere to our security and confidentiality charter, and we strive to raise their awareness and educate them about the security and confidentiality of your data.


Partners and subcontractors

To provide our services, we may rely on third-party service providers or partners (the "subcontractors") to carry out activities involving access to and processing of certain of your personal data.

When we do so, we ensure to work only with companies that safeguard and protect your personal data in accordance with applicable law, in the same manner that we are committed to do.


List of partners and subcontractors we collaborate with

  • AWS (hosting)

  • Notion (data storage)

  • Google (Email, Drive, document storage)

  • Slack (Document and information communication)

  • Sentry (Debugging + error management)

  • OpenAI

  • Mistral AI

  • Google Gemini

  • Google Maps API


These subcontractors and their services are detailed below:

📣 In accordance with the subscription contract signed by our clients, this page serves as notification to them. After the expiration of the time indicated in the said contract, the subcontractors listed above are considered authorized by our clients.


Protection of your personal data


We are committed to taking all necessary precautions to preserve the security of your data and protect it against any accidental or unlawful destruction, corruption, dissemination, or unauthorized access, as well as against any other form of unlawful processing or disclosure to unauthorized persons.


1- Where do we store your data?


Your data is encrypted during transportation using the TLS v1.2 protocol and the AES-256 algorithm during storage.

They are stored in data centers located in the European Union: several replications are made in different data centers to ensure their durability and accessibility in case of disaster.


2- What security measures have we implemented?


The security of your data is a priority for us. Therefore, we adopt technical and organizational security measures aimed at ensuring a level of security appropriate to the risks associated with processing and the nature of this data, including:

the control of data access


Access to our systems is protected by AWS rights management policies.

We have implemented audit logs to identify and archive any access to systems, like any access and modification of data on these systems in a concern for traceability and transparency.

securing authentication services


All connections and login attempts are saved to detect potential fraudulent use of accounts.


Your rights concerning your data


1- What are your rights?


Right of access: you have the right to request information regarding the processing of your data (categories of data processed, purpose of processing, recipients of your data, retention period, etc.).


Right of rectification: you have the right to request that we modify or update your personal data if you believe it to be inaccurate or incomplete.


Right to object: you have the right to object to the processing of your data for a given purpose, if your situation justifies it.

In that case, unless we can demonstrate a legitimate and compelling interest in processing, we will stop processing your data for that purpose.


Right to erasure (right to be forgotten): you have the right to request that we permanently delete your data when you believe we have no reason to process it anymore.


Right to portability: you have the possibility to ask us to provide you with your data or to transfer it to another service provider.


Right to limitation of processing: you have the right to ask us to temporarily stop processing all or part of your data while awaiting a response to another request for exercising rights.


Right to refuse an automated individual decision: we may be required to make decisions based solely on automated processing (for example, to send you content tailored to your profile).

You have the right to refuse such an approach if it has a legal effect or significantly affects you.


2- How to exercise your rights?


Your request to exercise a right

To exercise your right, please send us your request directly:


By email: privacy@formality.co


By post: 6 Rue du Bois Sauvage, 91000, Évry-Courcouronnes, France


In accordance with the applicable regulations, we may ask you to prove your identity before processing your request.


Processing your request

Upon receiving your request, we will ensure to respond within one month (which may be extended by one month if processing your request proves to be very complex).


Your recourse

If our processing of your request does not satisfy you, you have the right to file a complaint with the competent authority or seek remedy through the competent courts.


Modification of our policy

We may need to modify our privacy policy from time to time to ensure the transparency of all operations related to the processing of your data in real time.

In this case, we will publish the modified version on our website. Therefore, we recommend regularly consulting our policy.


Privacy Policy



Version of July 1, 2024




Our commitment to you


We place great importance on the integrity of your personal data, and we strive to process it in the most secure and transparent way possible.

To live up to the trust you place in us by using our website and services, we have scrupulously committed to respecting the regulations related to data protection, in particular, the General Data Protection Regulation of April 27, 2016 (hereinafter GDPR).


Whether you are a prospect, a client, or a simple visitor, this privacy policy concerns you : it aims to describe how we process your personal data in the context of your use of the site and/or the Formality application, and to inform you of the rights you hold as a result.


The data we collect


1- What data do we collect?


Contact data: name, professional email address, phone number, etc.


Login data: IP address, login credentials, logs, browser version, plugins, etc.


Browsing data: pages visited, links clicked, referral URLs, etc.


2- When and how do we collect your data?
















The processing we do of your data


1- Why and how do we process your data?


Commercial prospecting and marketing communication

We use your data in order to be able to share with you content (articles, white papers, newsletters, etc.), allow you to participate in our events (webinars, conferences, etc.) or present our services to you (emailing, product demo, etc.).


Legal basis for processing: you consented to the processing, either directly (e.g., contact form on our site), or through third parties you authorized to transmit your data to partners (of which we are a part).


Retention period: 3 years after our last communication or at the date of the deletion request, the nearest date being retained


Ensure the functioning and continuity of our services

We use the data transmitted by our clients (hereinafter referred to as "client data") in the context of our service execution (example: creation, configuration, and maintenance of client accounts), but also in order to inform and assist our users in using our services through our customer service.


Legitimate basis for processing: The processing is necessary for the execution of the subscription contract our clients have entered into.


Retention period: Client data is deleted from the effective termination of the subscription contract. Contractual data is kept for 5 years after the termination of the contract.

Improve our product and services

We use the data collected to understand and analyze usage trends and preferences of our users, to improve our services, and to develop new products, services, and functionalities. If this purpose requires us to process the data of our clients, these data will only be used in anonymized or aggregated form.


Legitimate basis for processing: You consented to the processing of your data in the context of the subscription contract you signed (Client) or by accepting our cookie policy (Visitor) and the processing meets legitimate interests.


Retention period: This varies according to usage; some of them are kept for a few minutes, while others are kept for 14 months.


2- Who is responsible for processing your data?


For Client data

We neither determine the purpose of processing nor the means of its implementation, which remain the responsibility of the Client and the users of the Client account. Therefore, and in accordance with the GDPR, we do not act as a Data Controller and do not have the associated responsibilities.

Thus, regarding Client data, we must be considered as processors and we only process this data on behalf of and on the instructions of our clients.


For other data

For all data, other than Client data, we act as Data Controller: we determine the purpose of processing and the means of its implementation.


3- Who has access to your data?


Internal services

We take great care to limit access to your data to only those members of our team who need to intervene in the processing of your data and to anonymize it as much as possible.

Moreover, we ensure that all our members adhere to our security and confidentiality charter and we strive to raise their awareness and train them regarding the security and confidentiality of your data.


Partners and subcontractors

In order to provide our services, we may rely on third-party service providers or partners (the "subcontractors") to carry out activities involving access and processing of some of your personal data.

When we do this, we ensure to work only with companies that safeguard and protect your personal data in accordance with applicable law, in the same way we commit to.


List of partners and subcontractors with whom we collaborate

  • AWS (hosting)

  • Notion (data storage)

  • Google (Email, Drive, document storage)

  • Slack (Document and information communication)

  • Sentry (Debug + error management)

  • OpenAI

  • Mistral AI

  • Google Gemini

  • Google Maps API


These subcontractors and their services are detailed below:

📣 According to the subscription contract signed by our clients, this page serves as notification to them. After the expiration of the period indicated in said contract, the subcontractors listed above are considered authorized by our clients.


Protection of your personal data


We are committed to taking all necessary precautions to preserve the security of your data and protect it against any accidental or unlawful destruction, corruption, dissemination or unauthorized access, as well as against any other form of unlawful processing or disclosure to unauthorized persons.


1- Where do we store your data?


Your data is encrypted during transport using the TLS v1.2 protocol and the AES-256 algorithm during storage.

They are stored in data centers based in the European Union: several replications are made in different data centers to ensure their durability and access in case of disaster.


2- What security measures have we put in place?


The security of your data is a priority for us. Therefore, we adopt technical and organizational security measures to ensure an appropriate security level for the risks related to processing and the nature of these data, in particular:

access control to data


Access to our systems is protected by AWS rights management policies.

We have implemented audit logs to identify and archive any access to the systems, as well as any access and modification of data on these systems in a concern for traceability and transparency.

securing authentication services


All connection attempts are recorded to detect any fraudulent use of accounts.


Your rights regarding your data


1- What are your rights?


Right of access: you have the right to ask us for information regarding the processing of your data (categories of data processed, purpose of processing, recipients of your data, retention period, etc).


Right of rectification: you have the right to ask us to modify or update your personal data if you believe they are inaccurate or incomplete.


Right of objection: you have the right to object to the processing of your data for a specific purpose, if your situation justifies it.

In this case, unless we can justify a legitimate and compelling interest for the processing, we will cease processing your data for the purpose in question.


Right of erasure (right to be forgotten): you have the right to request that we permanently delete your data when you believe we have no reason to process them anymore.


Right of portability: you have the option to request that we send you your data or transfer them to another service provider.


Right to limit processing: you have the right to ask us to stop temporarily the processing of all or part of your data while waiting for a response to another request to exercise rights.


Right to refuse automated individual decision-making: we may need to make decisions solely based on automated processing (for example, to send you adapted content based on your profile).

You have the right to refuse such an approach if it has legal effects on you or significantly affects you.


2- How to exercise your rights?


Your request to exercise a right

To exercise your right, please send us your request directly:


By email : privacy@formality.co


By mail : 6 Rue du Bois Sauvage, 91000, Évry-Courcouronnes, France


In accordance with applicable regulations, we may ask you to prove your identity before proceeding with your request.


Processing your request

Upon receipt of your request, we will ensure to respond to you within one month (which may be extended by one month if the processing of your request is particularly complex).


Your remedies

If our processing of your request does not satisfy you, you have the right to file a complaint with the competent authority or seek remedy through the competent courts.


Modification of our policy

We may need to modify our privacy policy from time to time to ensure transparency of all operations processing your data in real time.

In this case, we will publish the modified version on our site. Therefore, we recommend that you regularly check our policy.



© 2024 Formality SAS

Legal Notices

Privacy Policy