Summary
Face Up is committed to protecting your privacy through a "Privacy by Design" architecture. Your data is hosted exclusively in Europe, encrypted according to industry standards and is never used to train our AI models. Our platform only collects what is strictly necessary for your pedagogical simulations and guarantees automatic deletion of session data.
1. Qualifications and Responsibilities
- GDPR Roles: For corporate clients, Face Up acts as a Data Processor, with the Client being the Data Controller. For direct visitors to our website, DELINKED acts as the Data Controller.
- AI Act Qualifications: In accordance with European regulations, Face Up acts as an AI System Provider, while the Client user is qualified as a Deployer.
2. Data Collected: The Minimization Principle
We apply a strict data minimization policy. The only information required is:
- Identification: Name, first name and professional email address.
- Simulation data: Text transcriptions and audiovisual streams generated during exercises.
- Progress data: Scores, connection times and pedagogical indicators.
3. Processing Purposes
Your data is processed for the following exclusive purposes:
- Provision of immersive training services and secure access to the platform.
- Pedagogical analysis and generation of personalized AI feedback.
- Progress tracking and issuance of training certificates. No data is used for commercial or advertising purposes.
4. AI Confidentiality (No-Training Policy)
Face Up guarantees complete isolation between your data and model training.
- No training: Your conversational content, voice and transcriptions are never used to train, fine-tune or improve our AI models or those of our third-party partners.
- Anonymization: Requests sent to AI engines are anonymous, preventing any reconciliation with your identity.
5. Hosting and Data Flow Security
- European location: All your data, including backups, is hosted within the European Union.
- Encryption: Data is systematically encrypted at rest (AES-256) and in transit (TLS 1.2+).
- Sovereignty: Although we use state-of-the-art cloud infrastructure, we apply strict logical partitioning to guarantee the isolation of your data.
6. Retention and Deletion Policy
To balance pedagogical needs with privacy, we apply the following retention periods:
- Audiovisual Recordings: If the feature is enabled, videos and audio are retained for analysis and automatically deleted within 7 days, unless otherwise specifically instructed by your organization.
- Transcriptions: Ephemeral texts required for immediate analysis are deleted as soon as processing is complete (maximum technical duration of 10 minutes by default).
- Account data: Retained for the duration of your contract, then deleted or returned upon its termination.
7. Human Supervision and Ethics
Our AI systems are classified as minimal risk and always operate under human supervision. Results generated by AI are purely indicative and cannot serve as the sole basis for a decision producing legal effects or impacting your career (recruitment, promotion, sanction).
8. Your Rights
In accordance with the GDPR, you have rights of access, rectification, erasure, objection and data portability. For any request, you can contact our Data Protection Officer (DPO) at: contact@face-up.fr.
