Privacy Policy

At Criterium, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

Criterium is the data controller responsible for processing your personal data. You can contact us at:

2. Data We Collect

We collect the following types of personal data:

• -Account Data: Name, email address, organization name, and password (encrypted) when you create an account.
• -Usage Data: Information about how you use our platform, including chatbot interactions, page views, and feature usage.
• -Content Data: Documents and files you upload to train your chatbots (PDFs, text files, etc.).
• -Conversation Data: Messages exchanged between learners and chatbots, including questions asked and responses provided.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• -Contract Performance: Processing necessary to provide our services as agreed in our terms of service.
• -Legitimate Interests: Processing for our legitimate business interests, such as improving our services and ensuring security.
• -Consent: Where you have given explicit consent for specific processing activities.

4. How We Use Your Data

We use your personal data for the following purposes:

• -Providing and maintaining our AI chatbot platform
• -Processing payments and managing your subscription
• -Improving our services and developing new features
• -Communicating with you about your account and our services
• -Complying with legal obligations and protecting our rights

5. Data Sharing

We may share your data with the following categories of recipients:

• -Service Providers: Cloud hosting (EU-based servers), analytics, and customer support tools.
• -AI Providers: OpenAI, Anthropic, or Google for processing chatbot conversations. These providers act as data processors under strict contractual obligations.
• -Payment Processors: Stripe for secure payment processing.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Account data is retained while your account is active and for up to 3 years after account closure for legal compliance. Conversation data can be deleted at any time through your dashboard. Content files are deleted within 30 days of removal from your chatbot.

7. Your Rights

Under GDPR, you have the following rights regarding your personal data:

• -Right of Access: Request a copy of your personal data.
• -Right to Rectification: Request correction of inaccurate data.
• -Right to Erasure: Request deletion of your data ("right to be forgotten").
• -Right to Restriction: Request limitation of data processing.
• -Right to Data Portability: Request transfer of your data to another service.
• -Right to Object: Object to processing based on legitimate interests.

To exercise any of these rights, please contact us at contact@criterium.app. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS) and at rest, secure cloud infrastructure hosted in the European Union, regular security audits and updates, access controls and authentication measures, and complete tenant isolation to ensure your data is separated from other organizations.

9. International Data Transfers

Our primary infrastructure is hosted within the European Union. When data is transferred outside the EU (e.g., to AI providers), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and data processing agreements with all third-party processors.

10. Cookies

We use essential cookies necessary for the platform to function, including authentication cookies to keep you logged in and language preference cookies. We do not use tracking or advertising cookies. You can manage cookie preferences through your browser settings.

11. Children's Privacy

Our services are designed for use by training organizations and learning professionals. While learners of various ages may interact with chatbots, account registration is limited to adults (18+). Training organizations are responsible for obtaining appropriate consents when deploying chatbots for minor learners.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our platform. The updated policy will be effective from the date stated at the top of this page.

13. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL) at www.cnil.fr.

14. Contact Us

For any questions about this Privacy Policy or our data practices, please contact us: