Privacy Policy
BENSAHLI KENZO-LAH ("CrediDesk", "we", "us" or "our") respects your privacy. This Privacy Policy describes what information we collect, how we use it and the choices available to you.
1. Information we collect
1.1 Information you provide
When you create an account, request a demo or contact us, we collect the contact details you supply — typically your name, business email, employer and role. When you engage as a subscriber, we also collect billing information provided directly by your finance team.
1.2 Information collected automatically
When you visit the Service, our servers automatically record standard technical information: IP address, browser type, operating system, referring URL, pages accessed and access times. This information is used for security, diagnostics and aggregated usage reporting only.
1.3 User-provided data
If you use our workspace and collaboration features, you may upload documents, notes or task information. That content is treated as confidential user data and is subject to the confidentiality obligations set out in your subscription agreement.
2. How we use information
- To operate, maintain, secure and improve the Service.
- To respond to inquiries, provide support and communicate service updates.
- To detect, prevent and investigate security incidents, fraud and misuse.
- To comply with legal obligations, court orders and regulatory requests.
We do not use user-provided data to train models that will be exposed to other users without explicit written authorization.
3. Legal bases (EEA / UK visitors)
Where the EU or UK General Data Protection Regulation applies, we process personal information on the following bases: (a) performance of a contract; (b) legitimate business interests (operating a secure business platform); (c) compliance with legal obligations; and (d) consent, where required.
4. Sharing
We do not sell personal information. We share information only with:
- Service providers that support our operations (hosting, monitoring, payment processing), under contractual confidentiality and data-protection obligations.
- Professional advisers (auditors, legal counsel) on a need-to-know basis.
- Authorities where required by valid legal process.
- Successors in the context of a corporate transaction (merger, acquisition or asset sale), subject to equivalent privacy commitments.
5. Security
We maintain administrative, technical and physical safeguards designed to protect the information we hold against unauthorized access, disclosure, alteration and destruction. These include encrypted transport (TLS 1.2+), encrypted-at-rest storage for sensitive data, role-based access controls, and periodic security reviews. No system is ever perfectly secure, however, and we cannot guarantee absolute security.
6. Data retention
We retain personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes and enforce our agreements. Automatically-collected technical logs are typically retained for up to 12 months. User-provided workspace data is retained for the term of your subscription and for a further 30 days, after which it is purged unless a longer retention period is agreed in writing.
7. Your rights
Depending on your jurisdiction, you may have the right to access, correct, delete or export personal information we hold about you, to object to or restrict certain processing, and to withdraw consent where processing is based on consent. To exercise these rights, contact us using the details below. We will respond within the timeframes required by applicable law.
8. International transfers
CrediDesk is headquartered in France and our infrastructure is primarily located in the European Union. If you access the Service from outside the EU, your information may be transferred to, stored and processed in the EU or other countries where our service providers operate. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.
9. Children
The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided information to us, please contact us so we can remove it.
10. Changes to this Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify affected users by email or through a notice on the Service. The "Last updated" date at the top of this page reflects the latest revision.
11. Contact
Privacy questions and requests should be directed to:
BENSAHLI KENZO-LAH — Attn: Privacy
17 Place Jean Mermoz
93440 Dugny
France