Privacy Policy

Last updated: 11 May 2026

Aikairo (“Aikairo”, “we”, “us”) operates a B2B marketing-attribution platform that connects to HubSpot CRM. This policy explains what personal data we process, why, on what legal basis, how long we keep it, and what rights you have under the EU General Data Protection Regulation (“GDPR”) and the French Data Protection Act.

This page is a v1 plain-language summary. It is binding, but if you need a Data Processing Addendum (DPA) for your procurement team, contact us at guillaume@ceres.agency — we sign a standard EU SCC-based DPA on request.

1. Roles

Aikairo acts in two distinct roles depending on whose data is being handled:

• Data Controller — for the personal data of subscribers themselves (account email, billing details, support interactions). We decide the means and purposes of processing.
• Data Processor — for the personal data of your website visitors and CRM contacts that Aikairo collects and enriches on your behalf. You remain the Controller; we follow your instructions under a Data Processing Agreement.

2. What data we process

2.1 Account data (we are Controller)

• Email address used to sign in.
• Workspace name and team-member emails.
• Authentication metadata (login timestamps, IP, user agent) handled by Supabase Auth.
• Billing data (company, country, VAT number, payment method fingerprint) handled by Stripe; we never store full card numbers.
• Support correspondence (emails sent to guillaume@ceres.agency).

2.2 End-user data on your site (we are Processor)

• A first-party visitor ID (random UUID) stored in a cookie on your domain (_trail_vid, 1 year).
• Page views, custom events, form submissions captured by the tracker script you embed.
• Email addresses identified via your forms or via window.trail.identify(). Stored plaintext as a lookup key against your HubSpot contacts; also stored as a SHA-256 hash for analytics joins.
• UTM parameters, referrer URL, page URL, click identifiers (gclid, fbclid, li_fat_id, ttclid, msclkid, twclid, ScCid, obclid, _gl).
• Approximate geo (country / region) derived from the IP at edge, not stored.
• User-agent string for bot filtering. The raw IP is not persisted.

2.3 HubSpot CRM data (we are Processor)

• Contact properties (email, lifecycle stage, ICP fit signals you authorise) read through the HubSpot Contacts API.
• Deal properties (amount, stage, close date, owner) read through the HubSpot Deals API for closed-loop attribution.
• Engagements associated with a contact (emails, calls, meetings, notes) read through the HubSpot Engagements API.
• Form submissions and HubSpot lists you choose to push leads into.

3. Why we process it (purposes & legal bases)

• Providing the service (Art. 6 (1) (b) — contract): authentication, attribution computation, dashboard rendering, HubSpot sync.
• Billing & tax compliance (Art. 6 (1) (c) — legal obligation): invoicing, retention of VAT records for 10 years as required under French law.
• Security & abuse prevention (Art. 6 (1) (f) — legitimate interest): rate limiting, bot filtering, error monitoring via Sentry, audit logs.
• Product analytics on subscribers (Art. 6 (1) (f)): aggregated usage stats via Plausible (cookieless, no cross-site tracking).
• Marketing emails to subscribers (Art. 6 (1) (a) — consent): only the daily / weekly digests you have explicitly opted into; unsubscribe link in every email.

4. Where data lives

• Primary database: Supabase (Postgres), region eu-west-3 (Paris).
• Application hosting: Vercel, region fra1 (Frankfurt).
• Email delivery: Resend, transactional only.
• Payments: Stripe, EU entity.
• Error monitoring: Sentry (when configured) — stack traces only, PII scrubbed at the client.
• AI inference: Anthropic (Claude). API calls include aggregated workspace context (no individual visitor PII). See Anthropic’s zero-retention policy.

Aikairo does not transfer personal data outside the European Economic Area in normal operation. Sentry and Anthropic process data under EU Standard Contractual Clauses (SCCs); see their respective subprocessor lists.

5. How long we keep data

• Account data: for the lifetime of the account + 90 days after deletion (a grace window for accidental closure).
• Events & identities: rolling 24 months unless you configure a shorter retention in workspace settings.
• HubSpot tokens: until you disconnect the integration, encrypted at rest with AES-256-GCM.
• Billing & VAT records: 10 years (French Commercial Code, Art. L123-22).
• Audit logs: 12 months.

6. Security

• TLS 1.2+ everywhere; HSTS preload on aikairo.app.
• HubSpot OAuth access & refresh tokens encrypted at the application layer (AES-256-GCM, 12-byte IV per row, 16-byte auth tag) on top of Supabase’s storage-layer encryption.
• Row-Level Security on every Postgres table; service-role access only on documented ingestion + cron paths.
• Cron jobs authenticated via a shared CRON_SECRET; webhooks authenticated via HMAC-SHA256.
• Sub-processors listed in §4.

7. Your rights

Under the GDPR, you have the right to: access your data, rectify it, erase it, restrict or object to its processing, port it elsewhere, and complain to the CNIL (cnil.fr). Email guillaume@ceres.agency to exercise any of these — we respond within 30 days. Workspace owners can also self-serve a full JSON export via the dashboard (/api/export/workspace) and a permanent delete from Settings.

8. Children

Aikairo is a B2B product. We do not knowingly process the data of anyone under 16. If you believe we have, contact us and we will delete it.

9. Changes to this policy

Material changes are announced by email to workspace owners at least 30 days before they take effect, and via a banner in the dashboard. The historical version of this page is preserved in the public Git history at github.com/guillaumedlt/trail.

10. Contact

Data controller: Cérès Growth Marketing, SAS au capital de 100 €, RCS Paris 839 791 324, 128 rue La Boétie, 75008 Paris, France — trading as “Aikairo”. Privacy contact: guillaume@ceres.agency. Full company details on the Imprint page.