Privacy Policy

Last updated: March 2, 2026

1. Data Controller

Dagem Pary, Sole Proprietor (Entrepreneur Individuel — EI) SIRET: 941 249 310 00017 Address: 27 Rue de Genève, 74100 Annemasse, France Email: contact@kalypsohq.com

2. Purpose

This privacy policy describes how personal data is collected, processed, and protected in connection with the use of the kalypsohq.com website and the Kalypso platform.

It is established in compliance with Regulation (EU) 2016/679 of April 27, 2016 (GDPR) and French Law No. 78-17 of January 6, 1978 (Data Protection Act), as amended.

3. Data Collected

3.1 Via the Website (kalypsohq.com)

When browsing the website or contacting us, we may collect:

* First name and last name

* Professional email address

* Company name

* Job title / role

* Message content (contact form)

Legal basis: Legitimate interest (responding to inquiries) and performance of pre-contractual measures (Article 6.1.b and 6.1.f GDPR).

3.2 Via the Kalypso Platform (clients)

When using the platform, clients upload their own project files (schedules, correspondence, reports). These files may contain personal data (names mentioned in emails, site reports, etc.).

Key clarification: Kalypso acts as a data processor within the meaning of Article 28 GDPR for the processing of such data. The client remains the data controller for all personal data contained in their project files.

Project data is:

* Processed exclusively on the client's dedicated infrastructure (single-tenant architecture)

* Hosted in Switzerland on isolated servers

* Never transferred to third-party servers

* Never used for AI model training

* Never shared with other clients or third parties

4. Processing Purposes

Purpose Legal Basis Data Concerned

Responding to contact requests Legitimate interest (Art. 6.1.f) Name, email, message

Managing the business relationship Contractual performance (Art. 6.1.b) Name, email, company

Providing the Kalypso service Contractual performance (Art. 6.1.b) Client account data

Processing project files Contractual performance (processing per Art. 28) Files uploaded by client

5. Data Recipients

Personal data collected through the website is not shared with any third party, except:

* Vercel Inc. (website hosting) United States Standard Contractual Clauses (SCCs) in accordance with Article 46 GDPR

* Infrastructure provider in Switzerland (client data hosting) Country recognized as providing an adequate level of protection by the European Commission (adequacy decision of January 15, 2024)

No data is sold, rented, or transmitted for commercial purposes to third parties.

6. Transfers Outside the EU

The website is hosted by Vercel Inc. in the United States. This transfer is governed by the Standard Contractual Clauses adopted by the European Commission (Implementing Decision 2021/914).

Client data on the Kalypso platform is hosted in Switzerland, a country benefiting from an adequacy decision of the European Commission. No transfer of client data outside the Switzerland/EU area takes place.

7. Data Retention

Data Type Retention Period

Contact data (form)3 years from last contact

Client contractual data Duration of contract + 5 years (statutory limitation)

Project data (platform) Duration of contract deleted upon termination in accordance with the client contract

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

* Single-tenant architecture (one isolated server per client)

* Encryption of data in transit (TLS 1.3) and at rest

* Local file processing — no exfiltration to third-party services

* AI models executed locally on the client's dedicated infrastructure

* No telemetry, no external API calls from the platform

* Restricted data access through secure authentication

9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

* Right of access (Article 15) obtain confirmation of processing and a copy of your data

* Right to rectification (Article 16) correct inaccurate or incomplete data

* Right to erasure (Article 17) equest deletion of your data

* Right to restriction of processing (Article 18) temporarily restrict processing

* Right to data portability (Article 20) receive your data in a structured format

* Right to object (Article 21) object to processing based on legitimate interest

To exercise these rights, send your request to: contact@kalypsohq.com

We commit to responding within one month of receiving your request, in accordance with Article 12.3 GDPR.

In the event of a disagreement, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL):

* Website: https://www.cnil.fr

* Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France

10. Cookies

This website uses only strictly necessary cookies for its operation. No analytics, advertising, or tracking cookies are used. In accordance with CNIL guidelines (Deliberation No. 2020-091), these cookies do not require your consent.

11. Data Breach Notification

In the event of a personal data breach, the Publisher commits to:

* Notifying the CNIL within 72 hours of becoming aware of the breach, in accordance with Article 33 GDPR

* Informing affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms, in accordance with Article 34 GDPR

* Notifying affected clients by email as soon as the incident is identified

12. Changes

This privacy policy may be updated to reflect legal developments or changes in our practices. The date of the last update is shown at the top of this document. In the event of a material change, active clients will be notified by email.

13. Contact

For any questions regarding the protection of your personal data:

Dagem Pary Email: contact@kalypsohq.com