PRIVACY POLICY

1. Purpose

This Privacy Policy is intended to inform users of the Le Scenario AI platform about how their personal data are collected, used, and protected.

It applies to any person accessing the website or using the platform, whether as an end user or as a representative of a client institution.

2. Data Controller

The platform is developed and operated by compuute.io, a company registered in France, with its registered office at 200 rue de la Croix Nivert, 75015 Paris.

For any question relating to the protection of personal data or to exercise your rights, you may contact compuute.io through the website contact form available at https://lescenario.ai/contact.

Depending on the context of use, compuute.io may act either as data controller or as processor on behalf of a client institution. When the platform is used in an institutional setting, the client institution acts as data controller and compuute.io processes data solely on its behalf.

3. Data Location and Processing

Personal data are stored and processed exclusively within the European Union.

The platform is hosted on infrastructure meeting high standards of security and compliance. Processing related to artificial intelligence is carried out only in so-called Data Zone EU environments, provided in particular by Microsoft (Azure AI Foundry) and Google (Vertex AI), ensuring that data are not transferred outside the European Union in that context.

4. Data Collected

In the context of using the platform, different categories of data may be collected.

These include identification data such as first name, last name, and email address, account data required for authentication and access management, as well as technical data related to session management and security.

The platform also processes educational data arising from simulations, interactions between the user and the system, as well as evaluations generated in that context. Finally, usage data may be collected in order to better understand how the platform is used.

The platform is designed so as not to require the processing of sensitive personal data, in particular identifiable health data, except in specific cases governed by a client institution.

5. Purposes of Processing

Personal data are processed in order to ensure the proper functioning of the platform, in particular to manage user accounts, provide access to services, generate simulations and educational evaluations, and ensure system security.

They may also be used to improve service quality, analyze usage in an aggregated way, and comply with applicable legal and regulatory obligations.

6. Use of Artificial Intelligence

The platform relies on artificial intelligence technologies to generate simulations and produce educational analyses.

In this context, certain data may be transmitted to AI services operated exclusively within the European Union. Such processing is carried out in secure and compartmentalized environments.

Personal data are never used to train public artificial intelligence models without a specific contractual framework or explicit consent.

7. Reuse of Data for Improvement Purposes

As part of a continuous improvement approach, compuute.io may reuse certain data arising from use of the platform.

This reuse is strictly controlled: only data that have previously been anonymized or aggregated, no longer allowing a user to be directly or indirectly identified, may be used to enrich educational content or improve models.

When compuute.io acts as a processor, such processing is carried out in compliance with the contractual commitments agreed with the client institution.

8. Data Recipients

Personal data are accessible only to authorized persons who need them in the course of their duties.

These include compuute.io teams, client institutions in the context of their use of the platform, as well as technical service providers involved in hosting, security, or artificial intelligence services.

These service providers are subject to contractual obligations guaranteeing a level of data protection compliant with applicable regulations.

9. Retention Period

Personal data are retained only for the period necessary for the purposes for which they were collected.

Data relating to user accounts are retained for the duration of the contractual relationship. Educational data, including simulations, interactions, and evaluations, are retained for that same period and then deleted within a maximum of three months from the end of the contractual relationship, unless otherwise requested by the client institution or required by a specific legal obligation.

Technical data may be retained for a shorter period, in particular for security and maintenance purposes.

10. Cookies and Similar Technologies

The platform uses cookies and similar technologies to ensure its proper operation and to measure its audience.

The use of cookies, as well as the procedures for managing consent, are described in the Cookie Policy available separately.

11. Data Subject Rights

In accordance with applicable regulations, any person has rights over their personal data, including the right of access, rectification, erasure, restriction of processing, portability, and objection.

Where processing is based on consent, that consent may be withdrawn at any time.

12. Exercising Your Rights

Rights may be exercised by contacting compuute.io through the website contact form available at https://lescenario.ai/contact.

When compuute.io acts as a processor on behalf of an institution, the request may be redirected to that institution, which acts as data controller.

13. Security

compuute.io implements appropriate technical and organizational measures in order to ensure the security of personal data and prevent any unauthorized access, loss, alteration, or disclosure.

These measures include in particular access control, the securing of communications, and hosting in environments compliant with current security standards.

14. End of the Contractual Relationship

At the end of the contractual relationship, data are deleted within the time limits provided for, or returned to the client institution where applicable.

15. Updates

This Privacy Policy may be amended at any time to reflect legal, technical, or operational developments. The applicable version is the one published on the platform on the consultation date.

16. Supervisory Authority

In the event of any difficulty relating to the processing of your personal data, you may lodge a complaint with the competent supervisory authority, in particular the CNIL in France.