• About
  • News
  • Donate
    • Contact

    PRIVACY AND DATA PROTECTION POLICY

    Last updated: April 1st 2026

    Bayes Impact is committed to ensuring that technology serves the public interest. Protecting your privacy is therefore essential, and we do everything in our power to safeguard it. This privacy policy explains how we collect, use and protect your data when you use the AI agent design platform developed by the association Bayes Impact France (the "Bayes Platform").

    What role do we play in data collection?

    This Privacy and Data Protection Policy applies to personal data for which we define the purpose and means of processing. This Privacy and Data Protection Policy does not apply to the processing of personal data that you may use within the Bayes Platform or the AI agents built thereon, including where they are hosted on Bayes Impact's infrastructure. In such cases, we process personal data as a data processor or service provider on behalf of our Partners. The terms governing such personal data processing are set out in a data processing addendum and, where applicable, specific provisions in a Service Agreement, in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR"). We are not responsible for the personal data protection or data security practices of our Partners, which may differ from those described in this Privacy and Data Protection Policy.

    What data do we collect directly?

    The information collected for the creation of a Partner space and user accounts is recorded in a computerized file by the association Bayes Impact France, whose registered office is located at 146 rue de Rivoli, 75001 Paris. Contact email: dpo@bayesimpact.org ("we", "us"). We use the data you provide to create a user account for access to the Bayes Platform, as well as logging data:

    • First name,

    • Last name,

    • Email address,

    • Technical access logs for the various platform features.

    We also use data you send us directly via contact forms, unsolicited emails or applications, provided it is strictly necessary for handling your request.

    Why may your personal data be used?

    Regarding the data you provide to create a user account, we use and process your personal data in order to:

    • Ensure the effective provision of the Bayes Platform,

    • Maintain and strengthen the security of the Bayes Platform,

    • Verify compliance with the general terms of use and contractual obligations,

    • Fulfil our legal obligations under applicable laws, and cooperate with public and governmental authorities.

    The processing of your data is based on our legitimate interest — namely, ensuring the security of the Bayes Platform and its effective provision — as well as on compliance with our legal obligations. Where applicable, the processing of such data is also based on the performance of the contract binding the Partner to the Association for the provision of the Bayes Platform. Regarding data you send us directly via contact forms, unsolicited emails or applications, the legal basis for processing is our legitimate interest or any contract that may exist in due course, in respect of pre-contractual measures taken at your request. We retain such data only for as long as necessary to handle your request and for a period not exceeding two years following the last contact.

    We may transfer your personal data to the following parties, only to the extent that those parties need to know your personal data to carry out their duties:

    • Members of our team who require access to perform their duties.

    • Regulatory authorities, such as the Commission nationale de l'informatique et des libertés (CNIL).

    • Legal and professional services, including competent courts, mediators, accountants, auditors, lawyers and bailiffs.

    We may also share all or part of the personal data with our service providers, with whom a specific data protection agreement has been signed. Our primary provider is Google:

    • Purpose: cloud infrastructure.

    • Data location: France, Belgium, Netherlands.

    Our secondary providers are:

    Auth0:

    • Purpose: authentication, Identity Management, and Security.

    • Data location: Frankfurt (Germany).

    Data is retained only for the duration of the Service Agreement binding the Partner to the Association — for Partner-related data — or for the duration of a User space's existence — for User-related data — or for as long as required to fulfil legal obligations under applicable laws.

    International Transfers of Personal Data

    Your Personal Data may be processed outside your jurisdiction. We ensure that the recipient of your personal data provides an adequate level of protection and security, for example by entering into appropriate agreements and, where applicable, standard contractual clauses or another data transfer mechanism approved by the European Commission or other applicable regulators or legislation. Where required by applicable law, we undertake to share, transfer or store your personal data outside your jurisdiction only with your prior consent.

    Personal Data Rights

    You have rights in relation to your personal data. These rights may include the:

    • Right to withdraw consent. This allows you to withdraw, at any time, consent given to the processing of personal data where processing is based on that consent.

    • Right of access. This allows you to access the personal data we hold about you.

    • Right to rectification. This allows you to correct inaccurate personal data and, depending on the purpose of the processing, to ensure it is complete.

    • Right to restriction. This allows you to freeze the processing of personal data.

    • Right to erasure. This allows you to erase or delete personal data.

    • Right to object. This allows you to object at any time to processing, on grounds relating to your particular situation, where processing is based on legitimate interest or on the performance of a task in the public interest.

    • Right to data portability. This allows you to obtain and transfer personal data to another entity.

    • The right to provide instructions on how you wish your personal data to be handled after your death.

    • The right to lodge a complaint with the competent data protection authorities.

    Contact us

    To exercise your rights in relation to your Personal Data, or if you have any questions regarding our privacy practices, please contact our Data Protection Officer: dpo@bayesimpact.org, or write to us at:

    Bayes Impact France 146 rue de Rivoli 75001 Paris

    When contacting us, please indicate the country or state in which you reside.

    Updates

    This Privacy and Data Protection Policy may be amended to reflect changes to the Bayes Platform and applicable laws and regulations.