Privacy Policy

INTRODUCTION

This Privacy Policy describes how Cephalgo SAS ('we,' 'us,' or 'our'), a limited liability company with share capital of 45 168 euros, registered in the Strasbourg Trade and Companies Register under number 904447323, with its registered office at 8 rue des Veaux, 67000 Strasbourg, France, processes your personal information when you use Listen, our emotional well-being app with intelligent chat assistance (hereinafter referred to as the 'App' or the 'Service').

We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act.

This Privacy Policy is an integral part of the Application's Terms and Conditions of Use. Capitalized terms have the meanings given to them in the Terms and Conditions of Use.

KEY POINTS

  • Listen is an emotional well-being tool that uses artificial intelligence
  • Your data is processed and stored exclusively in Europe
  • Your conversations are end-to-end encrypted
  • You retain full control over your data
  • Your data is never sold to third parties
  • You can request the deletion of your data at any time
  • Your data may be transferred in business transactions (mergers, acquisitions, or sale of assets) with continued privacy protections

2. CATEGORIES OF INFORMATION COLLECTED

2.1 Personal Information

Basic identification data:

  • Email address (required to create an account)
  • First name (optional)
  • Age or date of birth (optional, to tailor the service)
  • Gender (optional, to tailor the service)

Account data:

  • Login credentials (encrypted)
  • Subscription type
  • Payment history
  • User preferences and settings

Audio and voice data:

  • Voice recordings from conversations with our chatbot
  • Audio input during voice-enabled sessions
  • Voice patterns and characteristics (for service improvement, not for biometric identification)
  • Microphone access permissions and settings
  • We do not collect the following information without your explicit consent:
  • Full contact details (postal address, telephone number)
  • Identity documents
  • Detailed medical or health information

2.2 Conversation Data

  • Full conversation transcripts from exchanges with our chatbot
  • Complete conversation records that may contain references to third parties mentioned in conversations
  • Note: Third parties mentioned in conversations have not provided consent for data processing. Users are responsible for privacy considerations when discussing others.
  • Support style preferences
  • Selected wellness exercises
  • Progress data and emotional indicators
  • Usage patterns (frequency, duration, times of day)

2.3 Technical Data

  • Device information (device type, operating system, version)
  • Connection data (IP address, approximate location based on IP)
  • Technical identifiers (cookies, application identifiers)
  • Language settings
  • Anonymized usage statisticsPerformance data and technical errors
  • Audio device information (microphone specifications, audio quality settings)Voice session metadata (duration, frequency, technical performance)
  • Audio processing logs and error reports

2.4 Feedback and Survey Data

  • Feedback content and suggestions about the App
  • Email addresses voluntarily provided for feedback follow-up (optional)
  • User satisfaction ratings and survey responses
  • Feature requests and improvement suggestions

3. USE OF AI TECHNOLOGIES

3.1 Our AI Technology

  • Our application uses artificial intelligence to:
  • Provide personalized conversational support
  • Generate Cognitive-behavioural-therapy-based and psychotherapy-based exercises tailored to your specific needs
  • Analyze conversations to identify emotional trends and patterns
  • Gradually improve the quality of service
  • Offer support tailored to your preferences

Voice and Audio Processing Our application may collect and process audio data to:

  • Enable voice-based conversations with our chatbot
  • Provide audio-responsive emotional support
  • Analyze speech patterns for emotional well-being insights (anonymized)
  • Improve voice recognition and response accuracy
  • Facilitate hands-free interaction with the service

3.2 Technology Security

Our technological infrastructure is:

  • Based and hosted exclusively in the European Union
  • Subject to strict data processing agreements in accordance with the GDPR
  • Selected for its high standards of security and confidentiality
  • Regularly audited to ensure the protection of your data
  • Updated to incorporate best practices in cybersecurity

3.3 Data Processing by AI

  • Complete audio recordings from voice conversations are stored temporarily for service functionality
  • Voice data is processed in real-time for conversation generation
  • Audio recordings may be retained for quality improvement and service optimization
  • Voice characteristics are analyzed anonymously for service enhancement
  • Audio data is never used for biometric identification purposes
  • Your conversations are systematically anonymized before any analytical processing
  • User feedback and ratings are collected to refine our system performance, but conversation data is not used for model retraining
  • You can request human intervention for any automated decision
  • You can challenge any automated suggestion
  • You retain control over whether your feedback data is used for system improvement and effectiveness demonstration

3.4 Use of Artificial Intelligence API Services

Listen uses artificial intelligence API services provided by third parties to power certain features of the application. In this regard:

  • Full conversation data may pass through these AI API providers solely for real-time conversation generation
  • Audio data may be processed through our AI API providers for real-time voice conversation generation
  • Voice recordings are transmitted securely and encrypted during processing
  • Our AI API providers have confirmed they do not use voice data for training without explicit consent
  • Audio processing is limited to the minimum necessary for service functionality
  • We have strict contractual agreements in place with these providers to ensure the protection of your data
  • Communications with these providers are secure and encrypted
  • Data passing through these services is kept to the minimum necessary
  • We do not allow your conversation transcripts to be used for training AI models by API providers or for our internal model training
  • We conduct regular audits to verify compliance with these commitments

Your complete conversation transcripts are stored for service functionality. Your conversation data is never used to retrain AI models. We only use anonymized user feedback (such as performance ratings) to improve our service effectiveness, and you can control this in your settings. When we use third-party API services, we ensure that they comply with the principles of the GDPR and maintain appropriate security standards. We only work with providers who are contractually committed not to use customer data for training their models without explicit consent.

4. LEGAL BASIS FOR PROCESSING

4.1 In what situations and with which types of parties do we share personal information?

We may share your personal information under the following circumstances:

Service Providers: With trusted third-party service providers who assist with the operation of Listen, such as:

  • Cloud hosting and data storage platforms (AWS EU)
  • AI and chatbot service providers
  • Audio processing and voice recognition services
  • Analytics and performance monitoring platform
  • Authentication and security services
  • Payment processing services (Stripe EU)

These providers are obligated to protect your information and use it only for the purposes we specify.

Legal Compliance: If required by law or to protect our rights, we may disclose your information in response to:

  • A subpoena, court order, or other legal processes
  • Requests from competent authorities
  • Compliance with tax and accounting obligations
  • Consumer protection regulations
  • Prevention of fraud or illegal activities

Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, subject to the applicable privacy policy.

Audio Data Specific Sharing:

  • Voice recordings may be shared with AI service providers for real-time processing
  • Audio data is shared only with EU-based service providers with GDPR compliance
  • Voice processing services are contractually bound not to use audio data for their own purposes
  • Audio data sharing is limited to the minimum necessary for service functionality

4.2 Performance of the Contract

The processing of your data is necessary for the performance of the contract between you and Cephalgo, in particular for:

  • Providing the Listen service
  • Managing your account and subscription
  • Ensuring the chat interface provides responsive and contextually relevant feedback

4.3 Consent

You choose how your information is used and what functionalities Listen provides you. We will only do the following with your explicit consent:

  • Using your conversation data for service improvement purposes
  • Send you marketing communications
  • Process certain categories of sensitive personal data
  • Share reports with third parties you have designated

You will be asked to explicitly opt-in to each of these uses during your first interaction with the app, and you can change your preferences at any time in your settings.

4.4 Legitimate interests

We may process certain data based on our legitimate interests, in particular to:

  • Ensure the security of our application
  • Prevent fraud
  • Improve and develop our services
  • Analyze the use of our services in an anonymized manner
  • Collect and process user feedback to improve our services

4.5 Legal obligation

We may process your data to comply with our legal obligations, including:

  • Responding to requests from competent authorities
  • Complying with tax and accounting obligations
  • Complying with consumer protection regulations

5. THIRD-PARTY SERVICES AND DATA PROCESSING

5.1 Categories of Subprocessors

We only share your data with:

  • Cloud services (AWS based in EU)
  • Analytics and technical service tools (based in the EU)
  • Authentication services (based in the EU)
  • Secure payment services

List of main processors:

  • AWS(EU): data hosting
  • Stripe (EU): payment processing

5.2 Protection Guarantees

All our subprocessors:

  • Are based in the EU
  • Are bound by data processing agreements that comply with the GDPR
  • Comply with strict security standards
  • Are regularly audited
  • Apply appropriate technical and organizational measures

5.3 Data Collected by Third-Party Services

Third-party services may collect:

  • Technical usage data
  • Device information
  • Performance data
  • Connection logs
  • Payment information (for payment services only)

5.4 International Data Transfers

We prefer partners and subcontractors established in the European Union. In the rare cases where data transfer outside the EU is necessary, we ensure that:

  • Appropriate safeguards are in place (standard contractual clauses, adequacy decision)
  • The rights of the individuals concerned are preserved
  • Additional technical measures protect your data
  • You are informed of these transfers

6. COOKIES AND SIMILAR TECHNOLOGIES

6.1 Types of Cookies Used

We use different types of cookies and similar technologies:

  • Essential cookies: necessary for the application to function
  • Performance cookies: to analyze the performance and use of the application
  • Functionality cookies: to personalize your experience
  • Targeting cookies: to offer you relevant content (only with your consent)

6.2 Cookie management

You can manage your cookie preferences:

  • Via the cookie preferences panel accessible in the application
  • Through your browser or mobile device settings
  • By contacting us directly

Some essential cookies cannot be disabled as they are necessary for the application to function.

7. DATA SECURITY

7.1 Technical Measures

  • End-to-end encryption of voice recordings and audio data
  • Secure audio transmission protocols
  • Voice data isolation and secure storage
  • Audio processing access controls
  • Secure servers in Europe
  • Strict access controls
  • Continuous automated security monitoring systems
  • Advanced security protocols (HTTPS, TLS)
  • Intrusion detection systems
  • Regular security updates

7.2 Organizational Measures

  • Regular staff training
  • Security audits
  • Incident management procedures
  • Regular updates
  • Limited access to data by staff
  • Strict internal privacy policies
  • Rigorous verification process

7.3 Data Protection

  • Systematic anonymization
  • Data minimization
  • Secure deletion protocols
  • Encrypted backups
  • Data partitioning (chat data and user identifiable information are stored separately)
  • Least privilege principle for access
  • Periodic security checks

8. DATA RETENTION

8.1 Retention Periods

Active User Accounts: We retain your personal data for as long as your account remains active and you wish to use our services, based on the following principles

Conversation Data:

  • Complete conversation transcripts: Retained for as long as you maintain an active account and choose not to delete them
  • User-configurable deletion: You can delete conversation history at any time through the application interface
  • Automatic review: We may prompt you annually to review and confirm retention of older conversations (older than 2 years)

Audio and Voice Data:

  • Voice recordings: Retained for as long as you maintain an active account and choose not to delete them
  • User-configurable audio deletion: You can delete voice recordings at any time through the application interface
  • Temporary audio processing: Real-time voice processing data deleted within 24 hours after session ends
  • Audio session metadata: Maximum 12 months for active accounts

Account and Profile Data:

  • Basic account information: Retained for the duration of your active account
  • User preferences and settings: Retained as long as your account is active
  • Payment history: Retained for active accounts plus 10 years as per legal obligation

Technical and Usage Data:

  • Recent technical data: Maximum 12 months for active accounts
  • Anonymized usage statistics: Unlimited duration as it no longer allows identification
  • Error logs and performance data: Maximum 6 months

Inactive Accounts:

  • Accounts inactive for 6 months: We will contact you to confirm continued retention
  • No response after additional 30 days: Data deletion process begins

Deleted Accounts:

  • Immediate deletion: Available upon user request
  • Standard deletion: Maximum 30 days after account deletion
  • Legal retention: Billing data retained for 10 years as required by law

8.2 Archiving and deletion

User Controls:

  • Granular deletion: Delete specific conversations, date ranges, or all conversation history
  • Export before deletion: Download your data before deletion
  • Retention preferences: Set automatic deletion schedules for conversations
  • Account deletion: Request immediate full account and data deletion

Our Obligations:

  • Annual retention review: We assess the necessity of data retention annually
  • User notification: We notify you of any retention policy changes
  • Secure deletion: All deleted data is securely and permanently removed
  • Retention logs: We maintain records of data deletion for compliance

8.3 Retention Justification

Legal Basis for Extended Retention:

  • Contract performance: Data retention necessary for ongoing service provision
  • Legitimate interests: Long-term emotional wellbeing tracking requires historical data
  • User consent: You explicitly control retention through your account settings

Regular Review Process:

  • Annual assessment of data necessity and proportionality
  • User notification of retention reviews
  • Adjustment of retention periods based on usage patterns and regulatory guidance

9. YOUR GDPR RIGHTS

You have the right to:

  • Access your data
  • Correct it
  • Delete it
  • Transfer it (receive your data in a structured format)
  • Withdraw your consent
  • Object to processing
  • Restrict processing
  • Not be subject to a decision based solely on automated processing

Specific rights regarding audio data:

  • Access your voice recordings and audio data
  • Delete specific voice sessions or all audio data
  • Restrict audio processing for specific purposes
  • Object to voice data processing for service improvement
  • Receive copies of your audio data in a portable format

10. EXERCISING YOUR RIGHTS

10.1 How to exercise your rights

To exercise your rights:

  • Email: dpo@cephalgo.com
  • Post: Cephalgo SAS, 8 rue des Veaux, 67000 Strasbourg, France
  • Via the app: in your account settings

10.2 Processing process

  • Confirmation within 48 hours
  • Processing within 30 days (may be extended by 60 days in the event of a complex request)
  • Identity verification required
  • Free assistance
  • Detailed response provided
  • Possibility of appeal to the CNIL in case of dissatisfaction

11. CHANGES TO THE POLICY

We will inform you of any changes by:

  • Email
  • Notification in the application
  • Message on our website
  • Changes take effect 30 days after notification.
  • Reasons for changes may include:
  • Legal or regulatory developments
  • Changes in our data processing practices
  • Introduction of new features
  • Changes to our technical infrastructure
  • Recommendations from data protection authorities

12. PROTECTION OF MINORS

12.1 Minimum age

Listen is not intended for persons under the age of 18.

12.2 Protective Measures

If we learn that a user is under the age of 18, we will:

  • Immediately delete their account
  • Erase all personal data collected
  • Take measures to prevent re-registration

13. AUDIO DATA AND MICROPHONE ACCESS

13.1 Microphone permissions

Listen may request access to your device's microphone to enable voice-based features. You can:

  • Grant or deny microphone access at any time through device settings
  • Use the service without voice features if microphone access is denied
  • Modify audio permissions without affecting other service functionality

13.2 Voice data processing

  • Voice recordings are processed to enable conversational AI features
  • Audio data is encrypted during transmission and storage
  • Voice characteristics may be analyzed for service improvement (anonymized)
  • We do not use voice data for biometric identification or authentication
  • Audio processing occurs primarily on secure servers within the European Union

13.3 Audio data rights and controls

  • Delete individual voice recordings or all audio data
  • Export your voice data before deletion
  • Set automatic deletion schedules for audio content
  • Opt out of voice data use for service improvement
  • Request human review of any automated audio processing decisions

13.4 Third-party audio processing

When using voice features, audio data may be processed by:

  • AI service providers (with GDPR-compliant agreements)
  • Cloud hosting services (EU-based)
  • Audio processing services (with strict data protection requirements)

All third-party audio processing is governed by the same privacy protections as other personal data.

14. CONTACT

14.1 Contact

  • Email: dpo@cephalgo.com (for questions relating to data protection)
  • General email: contact@cephalgo.com
  • Phone: 07 88 40 85 06
  • Address: 8 rue des Veaux, 67000 Strasbourg, France

14.2 Data Protection Officer

Our Data Protection Officer (DPO) can be contacted at dpo@cephalgo.com

14.3 Supervisory Authority

Commission Nationale de l'Informatique et des Libertés (CNIL)

  • Website: www.cnil.fr
  • Telephone: 01 53 73 22 22
  • Address: 3 Place de Fontenoy, 75007 Paris, France
IMPORTANT Listen is a wellness and support tool. It is not a medical device and does not replace a healthcare professional. In case of emergency, call 15, 3114, or 112.
About ListenPlansFAQContact UsBlog
Data protection in accordance with GDPR
In any critical situation, please contact the local emergency services on 15, 112, or 3114 as in France.
Privacy PolicyTerms and Conditions