Privacy policy
How Azuro AI processes the personal data of AIOS users.
Version 1.8, updated June 14, 2026
This document is an English translation provided for convenience. In the event of any discrepancy, the French version prevails.
Preamble and purpose
This policy describes how Azuro AI processes the personal data of users of the AIOS (trial period, customers, partners), in its capacity as data controller, in order to provide and manage the service.
It does not cover the content that the user uploads to and creates within the AIOS (their business data): that content is governed by the Data & Security Annex, under which Azuro acts as processor and the user as data controller.
1. Data controller
The data controller is Azuro AI, a French simplified joint-stock company (SAS), whose registered office is located at 21 rue Jeanne Hachette, 83000 Toulon, registered with the RCS (French trade and companies register) of Toulon under number 989 932 330.
For any question regarding this policy or the exercise of your rights: Philémon Gavoty, Chief Executive Officer, philemon.gavoty@azuro-ai.com.
2. Data concerned
Azuro processes the following categories of data relating to the user:
- Account and identity: username, email address, and the information required to access the service.
- Billing: identity, address, VAT number where applicable, and payment data, processed through the payment provider.
- Technical and usage data: connection logs and operational data required for the service.
- Exchanges with support.
- Referral: where the user takes part in the referral program, the data required to manage commissions.
This policy does not cover the content uploaded and created by the user within the AIOS (see Preamble and the Data & Security Annex).
3. Purposes and legal bases
| Purpose | Legal basis |
|---|---|
| Providing and managing the service (account creation and management, access) | Performance of the contract |
| Billing and accounting | Performance of the contract and legal obligation |
| Support and assistance | Performance of the contract / legitimate interest |
| Security, proper operation and prevention of abuse | Legitimate interest |
| Management of the referral program | Performance of the contract / legitimate interest |
4. Recipients and processors
To provide the service, Azuro uses the following processors, which process the user's data on its behalf:
- Stripe: payment and billing.
- Hostinger: hosting of the dedicated server on which the account data resides.
- GitHub: off-site backup.
The artificial intelligence functions of the AIOS rely on the user's own subscription with the artificial intelligence model provider (Anthropic). Data transmitted in that context is governed by the Data & Security Annex and by the direct relationship between the user and that provider. Azuro does not use the user's content to train any artificial intelligence model.
5. Transfers outside the European Union
Some recipients may process data outside the European Union: Stripe (payment), GitHub (backup), and the artificial intelligence model provider (under the user's subscription). These transfers are governed by appropriate safeguards within the meaning of the GDPR: standard contractual clauses adopted by the European Commission and, where the recipient is certified under it, the EU-US Data Privacy Framework. A copy of these safeguards may be obtained on request from the contact indicated in Article 1.
6. Retention periods
- Account and service data: retained for the duration of the relationship, then deleted at its end (consistent with the return and subsequent deletion provided for in the Data & Security Annex).
- Billing data: retained in accordance with legal accounting and tax obligations.
- Logs: retained for a maximum of 180 days (six months), then automatically purged.
7. Cookies and local storage
The AIOS uses only strictly necessary and functional cookies and local storage:
- Session cookie: enables authentication and keeps the session alive.
- Temporary cookies: used only when connecting to a third-party service (for example Google), for the duration of the operation.
- Local storage (in the browser): display preferences, interface state, local cache of recent messages, application installation identifier, and memorization of microphone authorization.
The AIOS uses no advertising cookies and no third-party tracking. No prior consent is required for these strictly necessary and functional cookies and storage.
8. Rights of data subjects
In accordance with the applicable regulations, the user has the rights of access, rectification, erasure, objection, restriction and portability, as well as the right to set directives regarding the fate of their data after their death.
These rights may be exercised through the contact indicated in Article 1. The user also has the right to lodge a complaint with the CNIL (Commission nationale de l'informatique et des libertés, the French data protection authority).
9. Security
Azuro implements appropriate technical and organizational measures to protect the data. These measures include, in particular, encryption of communications in transit, reinforced protection of access to the application (hashed password, optional two-factor authentication, limitation of login attempts, secure session cookie), restricted access to secrets, and isolation of each user on a dedicated server. They are described in the Data & Security Annex.
10. Amendment and contact
This policy may be updated. The applicable version is the one in force on the date the service is accessed, identified by its version number and date.
For any question, the user may contact the person indicated in Article 1.