Epineone

Legal

Privacy Policy

Last updated May 20, 2026. This policy explains what personal data we collect, why, and what rights you have under GDPR and equivalent laws.

Controller

The data controller is Epineone, Inc., 76 Cours Maréchal-Joffre, 95170 Deuil-la-Barre, Île-de-France, France. Contact our data protection officer at privacy@epineone.com.

Data we process

  • Account data: name, work email, organisation, role.
  • Usage data: API calls, generation jobs, billing events, audit logs.
  • Customer Content: schemas, prompts and any seed data you choose to send to the platform.
  • Support data: messages and attachments you send to our support team.

We do not require, and we strongly discourage, sending real personal data (PHI/PII) into the platform. Our generators are designed to work from schemas, distributions, or de-identified samples.

Why we process it

  • To provide the Service under our contract with you (Art. 6(1)(b) GDPR).
  • To comply with legal obligations such as accounting and tax (Art. 6(1)(c)).
  • For our legitimate interest in operating, securing and improving the Service (Art. 6(1)(f)).

Retention

Account and billing data are retained for the life of the contract and up to 10 years afterwards as required by French commercial law. Customer Content is retained while your account is active and deleted within 30 days of termination unless you ask us to delete it sooner.

Sub-processors

We use a small set of vetted sub-processors for cloud infrastructure, payment processing and customer support. A current list is available on request to privacy@epineone.com. EU customer data is hosted in EU regions by default.

International transfers

Where we transfer personal data outside the EEA, we rely on Standard Contractual Clauses and additional technical measures (encryption at rest and in transit, key separation) consistent with EDPB guidance.

Your rights

You have the right to access, rectify, erase, restrict or object to the processing of your personal data, and to data portability. To exercise these rights, contact privacy@epineone.com. You may also lodge a complaint with the CNIL (the French data protection authority).

Security

We encrypt data in transit (TLS 1.2+) and at rest (AES-256), enforce least-privilege access, log administrative actions, and run an annual third-party security review. Suspected incidents: security@epineone.com.

Cookies

We use strictly necessary cookies to keep you logged in and to remember your preferences. We do not use third-party advertising cookies on this site.

Contact

Privacy questions: privacy@epineone.com · Epineone, Inc., 76 Cours Maréchal-Joffre, 95170 Deuil-la-Barre, Île-de-France, France · +33 1 83 51 24 20.