• About
  • News
  • Donate
    • Contact

    PRIVACY POLICY

    Last updated: 21 November 2025

    Bayes Impact is committed to developing technology that serves the public interest. Protecting your privacy is therefore essential, and we take all measures necessary to safeguard your personal data.

    This Privacy Policy explains how we collect, use, and secure your information when you use our generative AI systems powered by Bayes X (the “Service”).

    1. Our role in processing personal data

    This Privacy and Data Protection Policy applies to personal data for which we determine the purpose and means of processing.

    This Privacy and Data Protection Policy does not apply when we process personal data as a processor or service provider on behalf of our Clients.

    The terms of such personal data processing are in that case governed by dedicated provisions in the agreement for the provision of the Service, in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”).

    We are not responsible for the personal data protection or data security practices of our Clients, which may differ from those explained in this Privacy and Data Protection Policy.

    2. What data do we collect directly?

    Information required to create a client space and user accounts (within client organizations) is collected and stored by Bayes Impact France, 146 rue de Rivoli, 75001 Paris, France. Email: dpo@bayesimpact.org (“we”)

    We process the following data for user account creation and system log management:

    • First name

    • Last name

    • Email address

    • Technical logs related to access and use of platform features

    3. How and why do we use your personal data?

    We process your data for the following purposes:

    • To provide access to the Service

    • To maintain and strengthen the security of the Service

    • To verify compliance with our terms of use and contractual obligations

    • To comply with legal obligations and cooperate with public authorities

    The processing of your data is based on our legitimate interest, namely to ensure the security of the Service and ensure its effective provision, as well as on compliance with our legal obligations.

    We may transfer your personal data to the following parties, only to the extent that these parties need to know your personal data to carry out their mission:

    • Members of our team who need access to perform their duties

    • Regulatory authorities, such as the Commission nationale de l'informatique et des libertés (CNIL)

    • Legal and professional services, including competent courts, mediators, accountants, auditors, lawyers, and bailiffs

    We may also share all or part of the personal data with our providers, with whom a specific data protection agreement has been signed.

    Our main provider is Google:
    Purpose: cloud infrastructure.
    Data location: France.

    Our secondary providers are :

    Posthog:
    Purpose: traceability and statistics.
    Data location: Frankfurt (Germany).

    Mailgun:
    Purpose: email delivery.
    Data location: Europe.

    Personal data is retained only for the duration of the provision agreement that binds the Client to the Association for data relating to the Client, or for the duration of the existence of a User space for data relating to Users, or for the period required to comply with legal obligations under applicable laws.

    4. International transfer of personal data

    Your personal data may be processed outside your jurisdiction.

    We ensure that the recipient of your personal data provides an adequate level of protection and security. For example, by concluding appropriate agreements and, where applicable, standard contractual clauses or another mechanism for data transfer approved by the European Commission or other applicable regulators or legislation.

    Where the applicable law requires it, we undertake to share, transfer, or store your personal data outside your jurisdiction only with your prior consent.

    5. Rights relating to personal data

    You have rights concerning your personal data.

    These rights may include:

    • Right to withdraw consent: allows you to withdraw at any time the consent previously given for the processing of personal data when processing is based on consent

    • Right of access: allows you to access the personal data we hold

    • Right to rectification: allows you to correct inaccurate personal data and ensure it is complete depending on the purpose of processing

    • Right to restriction: allows you to freeze the processing of personal data

    • Right to erasure: allows you to delete or remove personal data

    • Right to object: allows you to object at any time to processing based on legitimate interest or the performance of a task carried out in the public interest, for reasons relating to your particular situation

    • Right to data portability: allows you to obtain and transfer personal data to another entity

    • Right to define instructions regarding the processing of your personal data after your death

    • Right to lodge a complaint with the competent data protection authorities

    Contact us

    To exercise your rights regarding your personal data, or if you have any questions about our privacy practices, please contact our Data Protection Officer:
    dpo@bayesimpact.org

    Or write to:

    Bayes Impact France
    146 rue de Rivoli
    75001 Paris

    When contacting us, please indicate the country or state in which you reside.

    6. Updates

    This Privacy and Data Protection Policy may be amended depending on the evolution of the Service and the laws and regulations in force.