Privacy policy

Last updated : May 3, 2026

This privacy policy describes how CYBEREVA, publisher of www.corpusdoc.com and the Corpus Doc platform (app.corpusdoc.com), collects and processes the personal data of its users and visitors, in accordance with Regulation (EU) 2016/679 (GDPR) and the French "Informatique et Libertés" Act as amended.

1. Data controller

The data controller is CYBEREVA (see legal notice). For any question relating to the processing of your data, please contact: dpo@corpusdoc.com.

2. Data collected on the marketing site

The website www.corpusdoc.com only collects the data you voluntarily provide via the Kira chatbot (demo request form):

  • Full name (required)
  • Professional email (required)
  • Organization, sector, team size (optional)
  • Frameworks of interest and free-form message (optional)

The following are also automatically collected for security and abuse-prevention purposes:

  • IP address
  • User agent (browser User-Agent)
  • Submission date and time

3. Purposes and legal bases

PurposeLegal basisRetention
Respond to your demo request and qualify the prospect Pre-contractual measures at your request (Art. 6.1.b GDPR) 3 years from last contact
Prevent abuse and spam (rate-limit, IP logging) Legitimate interest (Art. 6.1.f GDPR) 12 months
Remember display preferences and cookie consent Legitimate interest / service operation 13 months (consent) / unlimited (theme, until user reset)

4. Recipients of the data

Your data is only accessible to authorized personnel within CYBEREVA for processing your request. It is never sold, rented, or exchanged with third parties for commercial purposes.

The following technical processors may have access to the data for the purposes described:

  • Vercel Inc. (marketing site hosting — USA, with contractual safeguards / DPA)
  • Supabase Inc. (database and edge functions — EU eu-west region)
  • Resend (email notifications to the Corpus Doc team — ePrivacy processor)

5. Transfers outside the EU

Some processors (Vercel, Resend) are established in the United States. Transfers are framed by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring a level of protection equivalent to that of the EU.

6. Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, modification, disclosure, or destruction:

  • TLS 1.3 encryption for all communications
  • Database encryption at rest
  • Strict access controls (Postgres RLS, principle of least privilege)
  • Access logging and regular audit

7. Your rights

Under the GDPR, you have the following rights:

  • Right of access to your personal data
  • Right to rectification of inaccurate or incomplete data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to object to processing
  • Right to data portability
  • Right to withdraw consent at any time
  • Right to provide directives regarding the fate of your data after death

To exercise these rights, contact us at dpo@corpusdoc.com. We will respond within one month. Proof of identity may be requested.

8. Complaint to the supervisory authority

If, after contacting us, you believe your rights are not respected, you can file a complaint with the French Data Protection Authority (CNIL) or your local supervisory authority:

  • CNIL — 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
  • www.cnil.fr/en

9. Policy updates

This policy may be updated to reflect legal changes or changes in our practices. The date of last update is shown at the top of this page.

See also: Legal notice · Cookie policy