Aller au contenu principal
PayForLead.ai

Legal

Privacy Policy

GDPR-aligned, B2B SaaS - version 8.0 GA

PayForLead.ai SAS is committed to protecting personal data and complying with Regulation (EU) 2016/679 (the “GDPR”), the French Loi Informatique et Libertes, and Regulation (EU) 2024/1689 (the “EU AI Act”). This Policy explains how we process personal data as a controller; processing performed on behalf of clients through the platform is governed by the Data Processing Addendum available at dpo@payforlead.ai.

1. Data controller

PayForLead.ai SAS, registered office and SIRET in our Legal Mentions. DPO contact: dpo@payforlead.ai.

2. Categories of data collected

  • Account data - name, professional email, role, employer, profile picture (optional), language, time zone.
  • Authentication - hashed passwords, MFA enrolment, sessions, login history.
  • Billing - company legal name, billing address, VAT, payment method tokens (Stripe), invoices.
  • Usage telemetry - feature usage, performance, PII-redacted error logs.
  • Content - lead lists, conversation transcripts, voice recordings, agent training material (processor role).
  • Voice biometric - voice prints from cloning, with explicit Article 9 consent (special category).
  • Integrations - OAuth tokens (Slack, Gmail, Calendar, M365, HubSpot, Salesforce, Pipedrive, LinkedIn, WhatsApp Business, Zapier).

3. Legal basis

Performance of contract (Art. 6.1.b) for Service delivery and billing; legitimate interest (Art. 6.1.f) for security, abuse detection, and improvement; legal obligation (Art. 6.1.c) for accounting and audit; consent (Art. 6.1.a) for newsletters and AI training opt-in; explicit consent (Art. 9.2.a) for voice cloning.

4. Purposes

Provide and operate the Service, bill, support, improve the platform, train AI models (opt-in only, anonymised after 365 days), ensure security, comply with legal obligations, communicate.

5. EU AI Act Article 50 disclosure

Voice and chat agents disclose at the start of every interaction that the user is interacting with an AI on behalf of our client. Outbound text generated by AI Studio is subject to a human-review step (the client holds editorial responsibility) and benefits from the Art. 50.2 second sub-paragraph carve-out. Voice cloning requires documented explicit consent under GDPR Article 9.

6. Sub-processors

Vercel (US) - hosting; AWS (EU + US) - storage; Anthropic (US) - LLM; OpenAI (US) - LLM fallback; ElevenLabs (US) - voice cloning; Deepgram (US) - speech-to-text; Twilio (US/EU) - telephony; Clerk (US) - auth; Stripe (US/IE) - payment; Plausible (EU) - analytics. Full list with DPA references at docs/legal/templates/rgpd-compliance/subprocessor-list.md. We notify additions or replacements 30 days in advance.

7. International transfers

Standard Contractual Clauses (Commission decision 2021/914) plus the EU–US Data Privacy Framework (Commission decision 2023/1795) for US sub-processors. Supplementary measures: TLS 1.3, AES-256 at rest, EU-region default where available, pseudonymisation.

8. Retention

Account data while active + 90 days. Voice recordings 30 days (extendable to 365 days). Voice prints up to 24 months or until revocation. Transcripts 13 months (extendable). AI-training opt-in data anonymised after 365 days. Backups 90 days rolling.

9. Your rights

Access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and not to be subject to a decision based solely on automated processing. Contact dpo@payforlead.ai or use the in-product DSR workflow. We respond within 1 calendar month, extendable by 2 months for complex requests.

10. Lodging a complaint

You may lodge a complaint with the CNIL (cnil.fr) or any other competent supervisory authority.

11. Cookies

Strict-by-default cookie strategy described in our Cookie Policy. Strictly necessary cookies always on; functional and analytics cookies opt-in via the granular consent banner; no advertising cookies.

12. Children

B2B platform - not directed to natural persons under the age of 16. We do not knowingly collect personal data from minors.

13. Updates

We notify amendments by email and in-app at least 30 days before effect, except where shorter notice is required by law.

The full canonical text is available at docs/legal/templates/privacy-policy.md. This summary is a starting-point template that requires review by qualified French/EU legal counsel before customer-facing reliance.

Copyright 2026 PayForLead.ai SAS. All rights reserved. Mentions legales · dpo@payforlead.ai

This is a starting-point legal template. The binding canonical text lives at docs/legal/templates/. External counsel review required before customer-facing reliance.