Asklia LogoBETA
Sign in

Asklia Privacy Policy

Last updated: October 9, 2025

1. Introduction / Purpose

This privacy policy aims to inform you transparently about the collection, use, retention, protection and possible transfer of personal data that you entrust to us when using the Asklia service (generation of clinical cases, MCQs, statistics, etc.). It complements the Terms of Service. By using Asklia, you accept the terms set out in this policy as well as the rights granted to you.

2. Definitions

  • Personal data: any information relating to an identified or identifiable natural person (e.g., name, email, identifier, IP address, etc.).
  • Processing: any operation or set of operations performed on data (collection, storage, deletion, consultation, etc.).
  • Data controller: the person (or entity) who decides the purposes and means of processing.
  • Processor: the person who processes data on behalf of the data controller according to their instructions.
  • User / Data subject: you, a student / user of the Asklia service.
  • Consent provider: the person who explicitly agrees that their data be processed according to this policy.

3. Identity of the data controller

  • Publisher / Controller: Nathan RENARD (self-employed)
  • Business address: 14 boulevard Maréchal Leclerc, 38000 Grenoble
  • Contact email: askliaapp@gmail.com
  • DPO / GDPR Contact (if applicable): askliaapp@gmail.com

4. Data collected & purposes

4.1 Types of data collected

Depending on the features used, we may collect:

  • Identification data: username, email address, password (hashed)
  • Data from your usage: prompts, generated cases, answers, usage statistics
  • Technical data: IP address, browser type, access logs, performance data
  • Payment data (via provider: Stripe): we do not store complete banking details
  • Metadata (usage time, application version, errors, etc.)
  • (Possibly) aggregated / anonymized data for internal analysis

4.2 Processing purposes

We use this data to:

  • Provide and operate the service (authentication, content generation, storage)
  • Improve the service (debugging, anonymous analytics, optimization)
  • Manage customer relations / support (respond to your requests)
  • Verify compliance with terms of use (security, abuse prevention)
  • Comply with legal obligations (accounting, security, disputes)
  • (With your explicit consent) for research / additional anonymous analyses

5. Legal basis for processing

  • Contract execution / service provision (art. 6.1.b GDPR)
  • Explicit consent for certain operations (e.g., anonymous analyses)
  • Legal obligation (e.g., retention of accounting documents)
  • Legitimate interest (e.g., security, fraud prevention), unless your rights prevail

6. Data recipients / Sharing

  • Asklia team (access restricted to necessary members)
  • Providers / processors: hosting (Vercel), payment services (Stripe), analytics tools, etc.
  • Legal authorities: in case of legal obligation
  • Aggregated / anonymized sharing: for internal studies, provided identification is not possible

Each processor is bound by a contract (Data Processing Agreement) with confidentiality, security and GDPR compliance obligations.

7. Data transfer outside EU / security

  • Data is hosted in the EU or in countries recognized as compatible by the European Commission
  • If transfer outside the EU is necessary, guarantees ("standard clauses", BCR, etc.) will be implemented
  • Security: encryption in transit and at rest, internal access control, backups, access management policy
  • Regular security audits

8. Retention period

  • Account / history data: throughout the usage period + up to 3 years after account deletion (except legal obligations)
  • Billing / payment data: according to legal obligations (e.g., 10 years for accounting documents)
  • Technical / analytical logs: reasonable duration (e.g., 1 to 3 years depending on relevance), then anonymization or deletion

9. Your rights as a data subject

You have the following rights:

  • Access: obtain a copy of your personal data
  • Rectification: correct inaccurate or incomplete data
  • Erasure: deletion of data within legal limits
  • Restriction of processing: request a limitation when you contest the accuracy or usage
  • Objection: refuse processing based on legitimate interest or marketing
  • Portability: obtain your data in a structured, readable and reusable format
  • Withdrawal of consent: for processing based on this consent
  • Complaint to a supervisory authority: CNIL in France (or equivalent authority)

To exercise these rights, contact us at askliaapp@gmail.com. We will respond within the legal deadline (max 1 month, possibly extended by 2 months for complex cases).

10. Cookies & trackers

  • We use cookies / trackers for session, functionality, performance, anonymous analytics
  • On your first connection, you give your consent (pop-up or banner)
  • You can withdraw this consent at any time via cookie settings
  • List of cookies and purposes (e.g., session cookie, analytics cookie) — to be detailed according to the tools you use

11. Modifications to the privacy policy

  • We may update this policy for legal, technical or operational reasons
  • Any significant modification will be notified (email or in-app notification) at least 30 days before implementation
  • In case of disagreement, you may stop using the Service

12. Contact & complaints

  • For any question or exercise of rights: askliaapp@gmail.com
  • Competent supervisory authority: CNIL (France)
  • In case of dispute, recourse to mediation or legal action according to the provisions of the Terms of Service