Privacy Policy

Security and Trust Information

Purpose

The purpose of this privacy policy is to let you know how we handle your personal data. Our goal is to provide clear and concise information about the way we process your information. We adhere to the 1978 "Informatique et Libertés" law and the European regulation of April 27, 2016 (the "GDPR") when collecting and managing your data.

Data Controller

Capsule SAS
Address: 9 rue des colonnes - 75002 PARIS
Topo.io

Data Collection

Personal data is information that can directly or indirectly identify an individual. We collect the following categories of personal data:

Operational Data

Identification data (surname, first name, professional email address and professional address, etc.)
Data relating to your orders
Internet data and cookies (information on how you use the Website)
Data related to recordings from calls with our customer care service (content of calls, dates of calls)
Any information you willingly communicate

Product Data

Economic and financial data (bank account number, verification code, etc.)
Login data (logs, IP address)
Email data (logs, content)

Data Recipients

The following parties may have access to your personal data:

Our team (staff, trainees, employees)
Our subcontractors (Communication tools - email or telephone, hosting service providers, marketing automation service providers, emailing service providers, audience measurement service providers, outbound marketing and digital marketing service providers)
Third party services related to our software features: Google (Workspace API)

Google User Data Policy

Google Users' data will not be used to develop, improve, or train generalized AI and/or ML models
Google Users' data will be shared with third-parties when necessary (Nylas, Supabase)

Data Processing Purposes

To provide services available on our Website
To perform operations related to contracts, invoices and customer relationship management
To create a database of customers and prospects
To send newsletters, requests and direct marketing mailings
To improve our services
To answer information requests and other inquiries, to schedule demonstrations
To comply with legal and regulatory obligations
To elaborate analytics to measure our audience
To process data subjects' rights requests
To perform operations related to our software features

Data Retention Periods

Service-related personal data: Up to 3 years after account closure
Marketing-related personal data: 3 years from collection or last active contact
Evidentiary purposes: Statutory limitation period (generally 5 years)
Identity verification data: Deleted after verification
Marketing objection records: 3 years
GDPR rights requests: 3 years from request date

Security Measures

We implement comprehensive technical and organizational measures to protect your data. For detailed security guidelines, visit: https://trust.topo.io/

International Data Transfers

We primarily maintain data within the European Union. Any international transfers comply with GDPR requirements through:

Transfers to countries with EU adequacy decisions
Standard Contractual Clauses
Binding Corporate Rules
Other appropriate Chapter V GDPR safeguards

Your Rights

Under GDPR and French Data Protection Laws, you have the following rights:

Right to be informed
Right of access
Right to rectification
Right to restriction of processing
Right to erasure
Right to file complaints with supervisory authorities
Right to define post-mortem data instructions
Right to withdraw consent
Right to data portability
Right to object

Exercising Your Rights

Submit requests via:

Support chat (website or app)
Email: security@topo.io
Requests processed within 30 days
May require ID verification

Supervisory Authority

You may file complaints with your local supervisory authority. In France, this is the CNIL.

Modifications

This policy may be updated to reflect regulatory, jurisprudential, editorial, or technical changes. Check regularly for updates.

Last modified: April 3, 2024