Last Updated: May 20, 2025
This Privacy
Policy (“Policy”) explains how Thinking Platforms
collects, uses, shares and protects Personal Data when you visit the
Thinking Platforms website, use our AI, automation and intelligent systems
platform or interact with any related services (the “Services”).
“Personal
Data” means any information relating to an identified or identifiable
natural person as defined in Article 4 of the EU General Data Protection
Regulation (“GDPR”).
By accessing or using the Services, you
acknowledge that you have read and understood this Policy.
1.
Personal Data We Collect
We collect only the data necessary to
deliver and improve our Services:
Identifiers and contact details such as name, business e-mail, telephone number and job title, provided
when you request a demo or contact us.
Billing information—billing contact, address and encrypted payment tokens—collected by our
PCI-DSS-compliant payment processor.
Communications such as e-mails, chat transcripts and support tickets exchanged with our
teams.
We observe the GDPR principles of data minimisation and purpose limitation at all times.
2.
How We Use Personal Data and Our Legal Grounds
We use Personal Data
for the following purposes:
To provide and improve the Services,
maintain user accounts and deliver automation workflows (performance of a
contract).
To secure the platform, detect malicious activity and
enforce our Terms (legitimate interests).
To meet regulatory
obligations under applicable EU/French law (legal obligation).
To
carry out product analytics and research that help us understand usage and
improve our capabilities (legitimate interests).
To send marketing
communications—product updates or event invitations—only where you have
given consent (consent, revocable at any time).
3. Sharing of
Personal Data
We disclose Personal Data only in the following
circumstances:
Internal hosting: All
Personal Data is stored and processed exclusively on infrastructure
operated and controlled by Thinking Platforms within France/EU. Data is not hosted on or transferred to external or overseas cloud providers.
Business transfers: if Thinking Platforms
is involved in a merger, acquisition or asset sale, Personal Data may
transfer to the successor entity with appropriate safeguards.
Legal or regulatory requirements: we may disclose information to comply with French or EU law, or to
respond to lawful requests from public authorities.
4.
International Transfers
We do not transfer Personal Data outside the European Economic Area. All data remains under the direct control of Thinking Platforms within
the EU.
5. Cookies and Similar Technologies
Cookies help
our site function and collect browsing data.
Under the ePrivacy Directive and CNIL guidance, non-essential cookies are
set only after you give informed consent.
You can refuse or withdraw
consent at any time via the cookie banner or browser settings. Essential
cookies for security and authentication remain active.
6.
Security Measures
Thinking Platforms implements technical and
organisational measures consistent with GDPR and ISO 27001 best practices,
including:
Encryption in transit and at rest
Multi-factor
authentication
Least-privilege access controls
Regular
vulnerability scans and penetration testing
7. Data
Retention
Personal Data is retained only as long as necessary to
fulfil the purposes listed above, after which it is securely deleted or
anonymised, in accordance with GDPR Article 5(1)(e) and CNIL
recommendations.
8. Your Rights
You may at any time
request to:
Access the Personal Data we hold about you
Rectify
inaccurate or incomplete data
Erase data (subject to legal
exceptions)
Restrict or object to specific processing activities
Receive
your data in a portable format
Withdraw consent for marketing
communications
To exercise these rights, contact us at contact@thinkingplatforms.com.
You also have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL).
9. Notice for California Residents
If you are a
resident of California, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant
you additional rights of access, deletion and non-discrimination. Thinking
Platforms does not sell Personal Data or share it for cross-context
behavioural advertising.
10. Changes to This Policy
We may
update this Policy in response to legal, technical or business
developments. The revised Policy will be posted on this page and, where
required, notified to you by e-mail.
11. Contact and Data
Protection Officer
Thinking Platforms
Data Protection Officer: contact@thinkingplatforms.com
12. Contact Us
If you have questions or concerns, please
contact us:
contact@thinkingplatforms.com
