Politique de confidentialité

1. Introduction

Lumina Systèmes ("we", "our", "us") is committed to protecting the privacy of users of its website https://www.maitre-ao.fr and its service Maître AO ("the Service").

This privacy policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act.

2. Data controller

Data controller : Lumina Systèmes
Address : Marne-la-Vallée, France
Email : contact@maitre-ao.fr

🇫🇷 Hébergement des données

Toutes les données personnelles et documents sont hébergés exclusivement en France chez Scalingo SAS (Strasbourg, France), sur des infrastructures certifiées ISO 27001. Aucune donnée ne quitte le territoire français, y compris les sauvegardes.

Scalingo SAS — 15 rue de Hallebarde, 67000 Strasbourg, France — Hébergeur certifié HDS et conforme RGPD.

3. Data collected

3.1 Data you provide us

  • Account data : last name, first name, email address, password (hashed)
  • Company profile data : company name, SIRET number, address, industry sector, workforce, certifications, references (information you voluntarily enter)
  • DCE documents : tender consultation documents you upload for analysis

3.2 Automatically collected data

  • Connection data : IP address, browser type, operating system
  • Usage data : pages visited, features used, timestamps
  • Cookies : session identifiers and preferences (see section 7)

4. Purposes of processing

We use your personal data for:

  • Service provision : analyzing your DCE, generating technical proposals and administrative documents
  • Account management : authentication, personalization, customer support
  • Billing : subscription and payment management (via Stripe)
  • Service improvement : usage statistics, bug detection
  • Communication : service notifications, important updates (never marketing without consent)
  • Legal obligations : retention of billing data

5. Legal basis for processing

  • Contract performance : to provide the Service you subscribed to
  • Consent : for marketing communications (if applicable)
  • Legitimate interest : to improve our services and ensure security
  • Legal obligation : for retention of billing data

6. Data sharing

We never sell your personal data. Your data may be shared with:

  • Anthropic (Claude API) : for analyzing your DCE documents. Documents are transmitted securely and are not retained by Anthropic beyond processing.
  • Stripe : for secure payment processing. Stripe is PCI-DSS certified.
  • Hosting provider : for technical hosting of the Service.
  • Authorities : if required by law or court order.

7. Cookies

We use the following cookies:

  • Essential cookies : necessary for website operation (session, authentication)
  • Preference cookies : remembering your choices (dark/light theme)

We do not use advertising cookies or third-party trackers. You can manage your cookie preferences through your browser settings.

8. Data retention

  • Account data : retained for the duration of your subscription + 3 years after cancellation
  • DCE documents : automatically deleted 30 days after analysis (unless retention is requested)
  • Billing data : 10 years (legal accounting obligation)
  • Connection logs : 12 months

9. Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption of data in transit (HTTPS/TLS)
  • Password encryption (bcrypt hashing)
  • Restricted access to personal data
  • Regular and secure backups
  • Monitoring and intrusion detection

10. Your rights

In accordance with the GDPR, you have the following rights:

  • Right of access : obtain a copy of your personal data
  • Right of rectification : correct your inaccurate data
  • Right to erasure : request deletion of your data
  • Right to portability : receive your data in a structured format
  • Right to object : object to the processing of your data
  • Right to restriction : restrict processing in certain cases

To exercise these rights, contact us at: contact@maitre-ao.fr

You may also file a complaint with the CNIL (French National Commission on Informatics and Liberty): www.cnil.fr

11. International transfers

Some data may be transferred to countries outside the European Union (notably to the United States for Anthropic and Stripe). These transfers are governed by appropriate safeguards (European Commission standard contractual clauses, Privacy Shield certification or equivalent).

12. Modifications

We may modify this privacy policy at any time. In case of substantial modification, we will inform you by email or via a notification on the Service.

13. Contact

For any questions regarding this policy or your personal data:
Email : contact@maitre-ao.fr
Address : Marne-la-Vallée, France