Privacy Policy
Last updated: 16 February 2026
1. Data Controller
HI AI Design
SIREN: 989 020 151 | SIRET: 989 020 151 00019
APE: 6201Z
Data Controller: Conor Paris
Email: [email protected]
Phone: +33 6 62 04 85 09
2. Data We Collect
a) Contact Information (when you reach out to us)
- Name, email, phone
- Professional details: CV or business information you share voluntarily
- Communication records: emails exchanged with our team
b) Flash Audit Form (consent required)
- Full name and email address
- Company name, size, and industry
- Audit responses and compliance score
- Consent status and timestamp
c) QR Code Scan Analytics (optional — explicit consent required)
- Document reference ID (e.g. DOC-001 — identifies the letter, not the person)
- Page URL (pathname only — no query parameters)
- Device type (user-agent string)
- Timestamp of scan
This data is only collected if you check the "analytics tracking" checkbox when starting the Flash Audit. If you decline, no analytics beacon is sent.
d) What We Do NOT Collect
- No cookies are set by our site
- No third-party advertising or remarketing pixels
- No browser fingerprinting
- No IP address logging (Google Apps Script does not expose client IPs)
- No cross-site tracking
3. How We Use Your Data
- To deliver your Flash Audit report by email
- To provide compliance readiness scores and recommendations
- To measure the effectiveness of outreach campaigns (QR scans → audit completions)
- To respond to inquiries and provide requested services
- To improve our website and AI solutions
- To comply with legal obligations
4. Legal Basis (GDPR)
| Data | Legal Basis (GDPR Art. 6) |
|---|---|
| Flash Audit form data | Consent — Art. 6(1)(a) |
| QR scan analytics | Consent — Art. 6(1)(a) |
| Document ref ID in sessionStorage | Legitimate interest — Art. 6(1)(f) (functional, not analytics) |
| Email delivery of audit report | Consent — Art. 6(1)(a) |
| Business inquiries & contracts | Contract performance — Art. 6(1)(b) / Legitimate interest — Art. 6(1)(f) |
5. Where Data Is Stored
- Google Sheets (Google Workspace) — stores audit submissions and QR scan logs
- Google Apps Script — processes form submissions and sends email reports
- Cloudflare Pages — hosts the website. No server-side data is stored
- localStorage / sessionStorage — used in your browser only to save audit progress. This data never leaves your device unless you submit the form
We do not sell or trade personal data to any third party.
6. Data Retention
- Flash Audit form data: 24 months from submission, then deleted
- QR scan analytics: 12 months, then deleted
- Business emails: retained as long as necessary for the business relationship, up to 2 years
7. Your Rights (GDPR Articles 15–22)
You have the right to:
- Access — request a copy of all data we hold about you
- Rectification — correct any inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Restriction — limit how we process your data
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interest
- Withdraw consent — at any time, without affecting prior lawfulness
To exercise any of these rights, email [email protected]. We will respond within 30 days.
8. Supervisory Authority
If you believe your data protection rights have been violated, you may lodge a complaint with the
CNIL (Commission Nationale de l'Informatique et des Libertés):
www.cnil.fr/en/complaints
9. Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated date. We will not materially reduce your rights without notifying you.
10. Contact Us
Email: [email protected]
Phone: +33 6 62 04 85 09
Address: HI AI Design, Paris, France