Privacy Policy
Last updated: 15 May 2026
This Privacy Policy describes how H2V SAS, the publisher of EnClair, collects, processes and protects your personal data, in line with the EU General Data Protection Regulation ("GDPR") and the French Data Protection Act.
1. Data controller and Data Protection Officer
The data controller is H2V SAS, whose details are listed at the bottom of this page. For any question about your data or to discuss our Data Processing Agreement (DPA), contact our Data Protection Officer at dpo@enclair.ai.
Download our Data Processing Agreement (PDF)
2. Data we collect
- Account: email address, name (optional), team membership, role.
- Uploaded content: audio and video files submitted for summarization, kept only for the duration of processing.
- Generated summaries: documents produced by the selected AI models.
- Billing: order history, amounts, payment methods (handled by Stripe — see their privacy policy).
- Technical logs: IP address, user agent, action timestamps, kept for security and abuse prevention.
3. Purposes and legal bases
- Performance of contract (Art. 6.1.b GDPR): deliver the summarization service, manage the account, team and billing.
- Legal obligation (Art. 6.1.c GDPR): retain invoices for 10 years.
- Legitimate interest (Art. 6.1.f GDPR): security, fraud prevention, service improvement.
We do not use your content (files or summaries) to train any AI model, whether on our side or on the side of the model providers we work with.
Processing activities summary
| Purpose | Data | Legal basis | Retention |
|---|---|---|---|
| Account and team management | Email, name (optional), role, team membership | Contract performance (Art. 6.1.b) | Duration of account activity + 12 months |
| Summarization service delivery | Uploaded audio/video files | Contract performance (Art. 6.1.b) | 24 hours, then permanently deleted |
| Summary availability | AI-generated documents | Contract performance (Art. 6.1.b) | 24 hours, then permanently deleted |
| Billing and subscription management | Order history, amounts (payments via Stripe) | Contract performance (Art. 6.1.b) | Duration of relationship + legal period |
| Accounting obligation | Billing data, invoices | Legal obligation (Art. 6.1.c) | 10 years |
| Security and fraud prevention | IP address, user agent, action timestamps | Legitimate interest (Art. 6.1.f) | 12 months |
| Consent proof (withdrawal waiver) | Timestamp, IP, plan/pack ID, checkbox value | Legal obligation / Legitimate interest | 5 years after contract end |
Fields marked required at registration (email) are necessary to provide the service — the account cannot be created without them. Optional fields (name) have no impact on access to the service.
4. Retention periods
- Uploaded audio and video files: 24 hours, then deleted.
- Generated summaries: 24 hours, then deleted.
- Account and team data: while the account is active, plus 12 months after inactivity.
- Billing data: 10 years (accounting obligation).
- Technical logs: up to 12 months.
5. Hosting and transfers
Data is hosted in Europe by default, in line with GDPR, for all our customers. When AI models are operated by third-party providers (Anthropic, OpenAI, Mistral AI), requests are transmitted under those providers' terms, with no use of your content for training.
Some of our subprocessors (Anthropic, OpenAI, Cloudflare, Stripe) may process data from the United States. These transfers are framed by the Standard Contractual Clauses adopted by the European Commission (decision 2021/914) and, where applicable, by Data Privacy Framework (DPF) certification. You may request the detailed list and a copy of the safeguards at dpo@enclair.ai.
6. Subprocessors
We work with the following subprocessors: Cloudflare (hosting), Stripe (payments), Anthropic and OpenAI (AI models, United States), Mistral AI (AI models, France). Each is covered by a GDPR Article 28-compliant agreement.
7. Your rights
You may at any time exercise the following rights:
- right of access and to obtain a copy of your data;
- right to rectification;
- right to erasure ("right to be forgotten");
- right to restrict processing;
- right to object;
- right to data portability;
- right to issue post-mortem directives.
To exercise these rights, email support@enclair.ai. We respond within one month.
8. Security
Your data is encrypted in transit (TLS 1.3) and at rest (AES-256). Authentication is passwordless via a link sent to your email. Sign-in links are single-use and automatically expire after 15 minutes. Your files do not leave the authenticated session during processing.
In the event of a breach likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, and at the latest within 72 hours, pursuant to Article 34 GDPR.
9. Cookies
The marketing site enclair.ai does not place third-party analytics cookies. The EnClair application only uses cookies strictly necessary for authentication and the proper functioning of the service. Details (cookie names, retention periods, legal basis for consent exemption) are listed in our cookie policy.
10. Automated decisions
We do not make automated decisions producing legal effects concerning you within the meaning of Article 22 GDPR.
11. Minors
EnClair is not intended for minors under 15. Account creation by a minor under 15 requires the prior consent of their legal representative.
12. Complaints
If a response to your request is not satisfactory, you may file a complaint with the French Data Protection Authority (CNIL).
13. Changes
This Policy may be updated. Substantial changes are notified to active users at least fifteen (15) days before they take effect.
Publisher
- Legal name
- H2V
- Legal form
- Société par Actions Simplifiée (SAS)
- Share capital
- 10 000 €
- SIRET
- 889 802 237 00012
- VAT number
- FR91889802237
- Trade register
- RCS Versailles — 889 802 237
- Registered address
- 10 Allée des Boutons d’Or, 78180 Montigny-le-Bretonneux, France
- Publication director
- Henrique VIDAL, Chief Executive Officer
- Contact
- support@enclair.ai