1 Introduction

DocGenius is a revolutionary SaaS platform designed to transform the way businesses in all sectors create professional documents. By leveraging advanced artificial intelligence, DocGenius makes document creation not only more accessible but also more efficient, allowing our users to focus on what truly matters for their business.

At DocGenius, we understand the crucial importance of protecting personal data. That's why we have committed to placing data security and privacy at the heart of our priorities. We are committed to maintaining complete transparency in the processing of personal data, thereby ensuring the privacy of each of our users. Our platform is rigorously designed to be in compliance with international standards and current regulations, including the GDPR (General Data Protection Regulation) in Europe, as well as relevant laws in the United States, reflecting our commitment to the European and American markets.

This privacy policy aims to inform you clearly and precisely about how your personal data is collected, used, shared and protected by DocGenius. It also highlights your rights as a user and the measures we implement to ensure the protection of your data. We invite you to read this document carefully to understand our privacy practices and how they contribute to making DocGenius a safe and reliable platform for all.

2 Data Collection

The Data Collection section details the methods and categories of data that DocGenius collects to provide and improve its services. It highlights our commitment to respecting the privacy of our users while ensuring a personalized and efficient user experience.

2.1 Personal Information

DocGenius places great importance on the protection of privacy and the security of personal information of its users. As part of its commitment to offering a personalized and efficient user experience, DocGenius collects specific personal data necessary for the provision of its services.

The personal information collected includes, but is not limited to, the name, email address, phone number, as well as business data related to the user. This information allows DocGenius to personalize the user experience, improve the quality of its services and facilitate billing processes. Additionally, service preferences and interactions with the platform are also collected to offer services more tailored to the specific needs of each user.

Consent of users is a priority for DocGenius. It is obtained transparently through a check box during registration or before submitting online forms. This approach ensures that users are fully informed and consenting to the collection and processing of their personal data.

DocGenius also offers its users the ability to manage or modify their preferences regarding the collection of personal information. Users can access the settings of their account at any time to adjust their preferences, including disabling the collection of certain data such as cookies, or modifying their marketing communication preferences.

The protection and minimization of data collected are at the heart of DocGenius's concerns. Personal information is protected by advanced security systems and regular employee training on the best practices of privacy and data security. DocGenius commits to collecting no additional data without a justified necessity, thereby ensuring respect for the privacy of its users while providing quality services.

2.2 Behavioral and Usage Data

As part of its commitment to offering an optimal user experience, DocGenius pays particular attention to the collection and analysis of behavioral and usage data. This data, essential for understanding and improving user interaction with the platform, includes:

• Navigation data: such as the most visited pages, time spent on the site, and navigation paths used. This information allows DocGenius to identify the most popular features and those requiring improvements.
• Actions on the site: including clicks on specific buttons, use of features, and responses to online surveys or forms. This data helps understand how users interact with the different elements of the platform.
• User preferences: in terms of interface and features, deduced by analyzing site usage and user feedback. This allows DocGenius to further personalize the user experience.
• Use of cookies and other trackers to personalize content and ads, provide social media features and analyze site traffic. User consent is obtained transparently, ensuring respect for their privacy.

The collection of this data is carried out via third-party services such as Google Analytics, always in strict compliance with the GDPR. DocGenius ensures that these third-party services are compliant with data protection standards, thereby guaranteeing the security and confidentiality of the information collected. User consent is obtained separately for each third-party service, reinforcing transparency and user control over their data.

The retention period for behavioral and usage data is limited to 1 year, after which it is deleted or anonymized. This period allows DocGenius to perform longitudinal analyses to continuously improve the platform, while respecting the principle of data minimization.

2.3 Technical Data

As part of its commitment to offering an optimal and secure user experience, DocGenius pays particular attention to the collection of technical data. This data, essential for ensuring compatibility and efficiency of the platform, includes:

• Operating system: Knowledge of the user's operating system allows DocGenius to optimize its services for different environments, ensuring a smooth and seamless user experience.
• Browser type and version: This information is crucial to ensure that DocGenius functions properly on different browsers and their versions, allowing for the identification and correction of any compatibility issues.
• Access logs: Logs, including date, time, and duration of sessions, are analyzed to understand platform usage and identify any technical issues. This data is essential for maintaining performance and security of DocGenius.
• Screen resolution and preferred languages: This information allows DocGenius to improve the display of its platform and make it as accessible as possible to an international audience, adapting the user interface to language preferences and display device specificities.

The collection of this technical data is carried out in strict respect of user privacy and in compliance with current regulations, notably the GDPR. DocGenius commits to using this data solely for the purpose of improving the quality of its services and ensuring a secure and personalized user experience.

The protection of this data is ensured by advanced security measures, including SSL/TLS encryption for data transmissions and intrusion detection systems to prevent any unauthorized access. DocGenius commits to retaining this technical data only for the strictly necessary period to achieve the objectives mentioned above, after which it is deleted or anonymized.

2.4 Data Collected via Third Parties

As part of its commitment to offering an enriched and personalized user experience, DocGenius collaborates with third parties to collect additional data. This collaboration allows for enriching the information available on users and optimizing the services offered. The specific sources of third-party data used by DocGenius include:

• Social networking platforms: Platforms such as Facebook or LinkedIn are used to retrieve demographic information and interests. This data allows DocGenius to further personalize its services and marketing communication, offering a more targeted and relevant experience for the user.
• Google Analytics: This web analytics tool is used to understand user behavior on the DocGenius site. The information collected helps optimize the user experience by identifying user journeys, the most visited pages, and the most used features.
• Business database providers: For business customers, DocGenius enriches its information through specialized databases. This allows for personalization of offers based on the business sector and size of the company, ensuring a more adapted and relevant value proposition.
• Survey and polling tools: The direct collection of feedback from users via surveys and polls significantly contributes to the continuous improvement of DocGenius's services. These tools allow for the collection of opinions and suggestions directly from users, enriching the knowledge base on customer needs and preferences.
• Targeted advertising services: To refine its marketing campaigns, DocGenius uses services specializing in targeted advertising. These services allow for the dissemination of more relevant marketing messages, based on users' online habits and interests.

DocGenius commits to respecting privacy and personal data protection in all its interactions with third parties. Explicit user consent is obtained before any data collection via these external sources, in compliance with current regulations, notably the GDPR. Users have the possibility to manage their preferences and withdraw their consent at any time, thereby ensuring total control over their personal data.

The security of data collected via third parties is a priority for DocGenius. Confidentiality agreements and appropriate security measures are put in place with each partner to ensure the protection of data against any unauthorized access or inappropriate use.

3 Use of Data

The Use of Data section details how DocGenius employs the information collected to enrich the user experience and improve the quality of its services. It is divided into several key aspects, ranging from the optimization of the user interface to the personalization of services, through statistical analyses and targeted marketing communication initiatives. Each subsection highlights our commitment to using data responsibly and innovatively, always with the aim of best meeting the needs of our users.

3.1 Improving User Experience

Improving user experience is at the heart of DocGenius's concerns. By using the data collected, our platform strives to provide a highly personalized and intuitive user experience. Behavioral and usage data is analyzed to understand the specific needs of our users, allowing DocGenius to adapt and optimize its interface and features accordingly.

• Intuitive user interface: Thanks to the analysis of user interactions with our platform, DocGenius dynamically adjusts its interface to meet individual preferences, making navigation and use of the platform as smooth as possible.
• Advanced integration features: The data collected allows DocGenius to understand which tools and platforms are most used by its clients. This helps us develop advanced integrations, simplifying business workflows by allowing DocGenius to easily connect to other essential systems.
• Artificial intelligence: The use of artificial intelligence is a pillar of the continuous improvement of the user experience on DocGenius. By analyzing thousands of professional documents, our AI provides improvement and adjustment suggestions, making document creation not only faster but also more accurate.
• Collaborative review: Data on how teams interact with documents allows us to optimize our collaborative review feature. This facilitates effective communication and real-time collaboration, essential in a dynamic professional environment.

In summary, DocGenius uses the data collected to continuously refine its offering, ensuring that each user benefits from a highly personalized and efficient experience. Our commitment to improving user experience is a testament to our dedication to providing a platform that not only meets expectations but exceeds them.

3.2 Personalized Services

DocGenius offers personalized services to its users, effectively leveraging collected data to create a tailored experience. This personalization manifests in several ways, all designed to maximize the utility and efficiency of our platform for each user.

• Personalized suggestions: Based on the history of design and content preferences for documents, DocGenius automatically adjusts the user interface and available options. This makes the experience more intuitive and aligned with the specific needs of each user. Template or feature suggestions are generated based on usage history and previous interactions with the platform, ensuring that recommendations are relevant and useful.
• Targeted communication: Users are regularly informed of new personalized services or suggestions that may interest them, based on their preferences and usage history. These communications are made by email, including direct links to new features or suggestions. DocGenius actively encourages user feedback via online forms, allowing for continuous improvement of the personalized experience.

3.3 Statistical Analyses

Statistical analyses help DocGenius offer a better user experience by constantly improving technical performance. These analyses also allow DocGenius to detect usage trends, which serve to adapt and evolve our services.

• Identification of usage trends: By analyzing behavioral and usage data, DocGenius can identify emerging trends among its users. This includes the most popular features, frequently used document templates, and interface preferences.
• Technical performance optimization: Statistical analyses help resolve technical issues. By monitoring platform performance and analyzing data related to server load, DocGenius can optimize its resources to ensure a smooth and responsive user experience. This includes adjusting server capacities based on activity peaks and proactively correcting bugs to minimize service interruptions.
• Continuous improvement: Information obtained through statistical analyses fuels a cycle of continuous improvement at DocGenius. By regularly evaluating the effectiveness of changes made and measuring their impact on the user experience, our platform ensures that each update contributes positively to user satisfaction.

3.4 Marketing Communication

DocGenius's marketing communication facilitates new customer acquisition, brand awareness growth, and existing customer retention. By using a combination of channels and strategies, DocGenius ensures effective communication of its values, updates, and innovations to its target audience.

• Emailing: DocGenius regularly sends newsletters and updates on new features directly to users. These emails are designed to be informative, relevant, and personalized.
• Social networks: DocGenius uses social networks such as Facebook, LinkedIn, and X to share news, usage tips, and interact with the community.
• Webinars and trade shows: Participation in webinars and trade shows offers DocGenius a unique opportunity to exchange directly with potential and existing customers.

4 Data Sharing

In this section, we address the modalities of data sharing collected by DocGenius. We detail with whom and under what circumstances this information may be shared, emphasizing our commitment to ensuring the security and confidentiality of your personal data.

4.1 With DocGenius Employees

DocGenius places great importance on the confidentiality and security of its users' personal data. In this perspective, access to personal data by DocGenius employees is strictly regulated and subject to rigorous access control procedures.

• Authorized employee categories: Only members of the Technical and Customer Support teams are authorized to access user personal data, and this only for maintenance and assistance purposes. Managers and the Data Protection Officer (DPO) have full access to the data, while other employees have access on a need-to-know basis.
• Access control procedures: To ensure data security, DocGenius has implemented multi-factor authentication for all employees with access to personal data. Access is managed by a role-based access management system, ensuring that each employee accesses only the data necessary for the performance of their tasks. Each access to data is recorded in an activity log, which is regularly audited to prevent any unauthorized access or inappropriate use of data.
• Employee training: DocGenius commits to regularly training its employees on the protection of personal data and compliance with the GDPR. An online training is provided annually to all employees with access to personal data, covering GDPR awareness and best practices in data security. This training is supplemented by skill validation tests to ensure understanding and application of data protection principles by all employees.

These measures demonstrate DocGenius's commitment to maintaining the confidentiality and security of its users' personal data, in compliance with the highest standards of data protection.

4.2 With Subcontractors and Service Providers

DocGenius works closely with subcontractors and service providers to improve and secure the user experience on its platform. The selection of these partners is guided by rigorous criteria, ensuring strict compliance with the GDPR and a high level of information security.

• Types of shared data: Technical and behavioral data are shared with our partners for the specific purpose of improving platform performance and functionality. This data is essential for optimizing the user experience and ensuring the fluidity of the services offered.
• Selection criteria: Our subcontractors and service providers are chosen for their ability to meet our high requirements in terms of data protection. Their experience in secure data processing, their compliance with the GDPR, and their commitment to a high level of information security are determining criteria in our selection process.
• Specific security procedures: To ensure the protection of shared data, DocGenius requires the signing of a Data Processing Agreement (DPA) with each subcontractor and service provider. This agreement includes strict data protection clauses and requires the conduct of security audits to ensure continued compliance with security standards.

These measures demonstrate DocGenius's commitment to maintaining the confidentiality and security of its users' personal data, in collaboration with its partners. We ensure that each subcontractor and service provider shares our vision of data protection and commits to respecting the same high standards that we impose on our own internal processes.

4.3 With Regulatory Authorities

DocGenius maintains a proactive cooperative relationship with regulatory authorities to ensure total compliance with GDPR standards and U.S. regulations. This collaboration manifests in several specific scenarios:

• In response to legal or judicial requests: When DocGenius receives court orders, warrants, or any other specific legal request, the platform proceeds to share the necessary personal data in strict compliance with legal procedures. This sharing is done with the utmost care to ensure the protection of users' rights.
• As part of regulatory audits: DocGenius actively participates in regulatory audits to demonstrate its compliance with GDPR standards and U.S. regulations. These audits may involve sharing certain data with authorities to prove the effectiveness of security and data protection measures in place.
• Proactive initiative of DocGenius: The platform may also take the initiative to report to regulatory authorities any suspicious activities or personal data breaches. This approach is part of DocGenius's commitment to transparency and data security, aiming to strengthen user trust and contribute to a safer digital environment.

DocGenius ensures that any data sharing with regulatory authorities is carried out in compliance with applicable laws and regulations, implementing strict procedures to protect users' personal information.

5 User Rights

In this essential section, we address the fundamental rights enjoyed by our users regarding the management of their personal data. We highlight how DocGenius enables each user to exercise their right to access, modify, delete their account, as well as exporting their data, thereby ensuring total control over their personal information.

5.1 Access and Modification

DocGenius recognizes the importance of allowing users to control their personal data. That's why we offer the possibility to access and modify the personal information we hold about them.

To request access or modification of your personal data, users can use a specific online form available in their personal space on the DocGenius platform. Alternatively, requests can be sent directly by email to our Data Protection Officer (DPO) at the following address: dpo@docgenius.app.

Once the request is submitted, DocGenius commits to processing and finalizing each request within 30 days from receipt.

5.2 Account Deletion

DocGenius places great importance on the right of its users to manage their personal data. This includes the ability to delete their account on the platform. Here are the steps and consequences associated with account deletion:

To delete your account, please follow these steps:

1. Access account settings on the DocGenius platform.
2. Select the option "Delete my account".
3. You will receive a confirmation email for this action.

Consequences of deletion:

• The deletion of your account is temporary for a period of 30 days, during which you can reactivate your account by contacting our support.
• After this period, the deletion becomes irreversible, and all your personal data will be immediately deleted from our systems.

Exceptions to immediate data deletion:

• Transaction and billing information is retained for 5 years for tax compliance purposes.
• Activity logs and security data are retained for 1 year to assist in case of a security or legal compliance audit.

For any questions or concerns, do not hesitate to contact our Data Protection Officer (DPO) at dpo@docgenius.app.

5.3 Data Export

DocGenius respects the right of users to the portability of their data. This means that you have the option to export your personal data that we hold, in a structured, commonly used and machine-readable format.

To export your data, please follow these steps:

1. Log in to your account on the DocGenius platform.
2. Access the settings of your account.
3. Select the option "Export my data".
4. A file in JSON format containing your personal data will be generated.
5. You will receive an email within 48 hours following your request, containing a link to download the file.

6 Data Security

Data security is a top priority for DocGenius. This section details the rigorous measures we implement to protect personal information against any unauthorized access or inappropriate use, thereby ensuring the confidentiality, integrity, and availability of our users' data.

6.1 Information Systems Security

Information systems security at DocGenius is a top priority, ensuring the protection and confidentiality of our users' personal data. To achieve this goal, several specific measures are implemented:

• Rigorous access management: Access to information systems is strictly controlled. We implement multi-factor authentication for all important access, limiting data access to only those employees who need this information to perform their tasks.
• Regular penetration testing and code security reviews: To proactively identify and correct vulnerabilities, we conduct penetration tests and code security reviews on a regular basis.

These measures are supplemented by continuous monitoring and regular security audits conducted by specialized providers, ensuring that our information systems remain secure against emerging threats. In case of a security incident impacting personal data, DocGenius reacts quickly to assess the scope of the incident and informs affected users within 48 hours by email, providing them with advice on how to secure their accounts.

6.2 Employee Training

Employee training is essential in our data security strategy. Each member of our team participates in an annual training program aimed at strengthening the protection and confidentiality of our users' personal data. The main topics covered during this training include:

• General GDPR awareness: A comprehensive introduction to the General Data Protection Regulation, explaining its importance, fundamental principles, and application in our daily operations.
• User rights: A detailed review of the rights granted to users by the GDPR, such as the right to access, rectify, erase, and portability of data, as well as how these rights can be exercised.
• Employee responsibilities: Clear guidelines on individual employee responsibilities to ensure compliance with applicable regulations, including procedures to follow in case of a data access request by a user or a data breach.

6.3 Security Audits

Security audits are an essential pillar of our data protection strategy at DocGenius. These audits are conducted on an annual basis, ensuring a comprehensive evaluation of our systems and practices in terms of security.

• Frequency and methodology: Audits are conducted annually, encompassing penetration testing and code security reviews. This methodical approach allows for the proactive identification of potential vulnerabilities and ensures that our systems are up-to-date with best security practices.
• Specialized partners: To carry out these audits, DocGenius calls upon an external cybersecurity company recognized for its expertise. This collaboration ensures an objective and in-depth assessment of our infrastructure and applications.
• Corrective actions: Following the results of the audits, an immediate implementation of security fixes is carried out for any identified vulnerability. Additionally, a planning of regular code reviews is established for areas deemed at risk, further reinforcing our commitment to the security of our users' data.

These security audits are a key element of our commitment to maintaining user trust and ensuring the protection of their personal data against emerging threats. DocGenius commits to following the recommendations resulting from these audits and to continue improving its security practices to meet the highest standards.

7 Privacy Policy Modifications

DocGenius is committed to keeping its privacy policy up-to-date to reflect changes in our data processing practices, as well as changes in applicable laws and regulations. For this reason, we reserve the right to modify this policy at any time.

When modifications are made to this policy, DocGenius sends an email to all registered users 30 days before the changes take effect. This email will provide a summary of the major changes and a link to the full text of the updated policy on our website.

Users have several options when they receive notification of changes:

• Accept the changes: Users can choose to accept the changes by continuing to use the platform after the changes take effect.
• Contact the DPO for clarification: If questions or concerns arise, users are encouraged to contact our Data Protection Officer (DPO) at the address dpo@docgenius.app for clarification.
• Refuse the changes: If users refuse to accept the new conditions, they can close their account.

J'ai traduit le texte Markdown que vous m'avez fourni en anglais, en prenant soin de maintenir la structure et la mise en forme d'origine. Le résultat est entre les balises ```markdown et