Fleuret raises €3.5M pre-seed
← Back

Privacy Policy

Last updated: May 17, 2026

1. Data Controller

The data controller for personal data collected through https://fleuret.ai is:

FLEURET AI, a French SAS registered with the Paris Trade and Companies Register under number 999 515 604.

Registered office: 60 Rue François 1er, 75008 Paris, France

Email: yanis@fleuret.ai

2. Data Collected

We collect the following categories of data:

  • Identification data: email address, name (if provided), account information.
  • Usage data: pages visited, session duration, platform actions, IP address, browser type.
  • Technical data: cookies and trackers (see section 7).

We do not collect any sensitive data within the meaning of Article 9 of Regulation (EU) 2016/679 (GDPR).

3. Purposes and Legal Bases

PurposeLegal basis
Service delivery and managementContract performance (Art. 6.1.b GDPR)
Commercial communications (newsletter, product updates)Consent (Art. 6.1.a GDPR)
Service improvement and usage analyticsLegitimate interest (Art. 6.1.f GDPR)
Compliance with legal and regulatory obligationsLegal obligation (Art. 6.1.c GDPR)

4. Recipients

Your data may be shared with the following processors, strictly for the purposes described above:

  • Supabase Inc.: database hosting and authentication.
  • Vercel Inc.: website hosting and deployment.
  • Brevo (formerly Sendinblue): transactional and marketing email delivery.
  • Google LLC (Google Analytics 4): audience measurement and usage analytics. Hits route through the European endpoint (region1.google-analytics.com) with server-side IP anonymization.
  • Microsoft Corporation (Clarity): heatmaps and aggregated session recordings (mouse movement, clicks, scroll) used to understand user journeys and fix UX friction. Form fields and sensitive inputs are masked by default and never captured.

We never sell, rent, or share your personal data with third parties for advertising purposes.

5. Retention Period

Your personal data is retained for the time necessary to fulfill the purposes for which it was collected:

  • Account data: duration of the contractual relationship, then 3 years after last activity for prospecting purposes.
  • Billing data: 10 years in accordance with accounting obligations.
  • Usage data and logs: 12 months maximum.
  • Cookies: 13 months maximum in accordance with CNIL guidelines.
  • Google Analytics 4 data: 14 months (maximum retention period GA4 allows for event and user data).
  • Microsoft Clarity data: session recordings and heatmaps retained for 12 months maximum.

6. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15): obtain confirmation that your data is being processed and receive a copy.
  • Right to rectification (Art. 16): correct inaccurate or incomplete data.
  • Right to erasure (Art. 17): request the deletion of your data.
  • Right to data portability (Art. 20): receive your data in a structured, interoperable format.
  • Right to object (Art. 21): object to processing based on legitimate interest.
  • Right to restriction (Art. 18): request the suspension of processing.

To exercise these rights, contact us at yanis@fleuret.ai. We will respond within 30 days.

You also have the right to lodge a complaint with the French data protection authority (CNIL): www.cnil.fr.

7. Cookies and Trackers

The site uses two categories of cookies and trackers:

  • Strictly necessary cookies: language preferences, authentication, service functionality. These cookies do not require your consent.
  • Analytics cookies (consent-gated): Google Analytics 4 (_ga, _ga_GCT3NK4C34) and Microsoft Clarity (_clck, _clsk) for audience measurement, user journey analysis, and site improvement.

Until you accept the consent banner, Google Analytics 4 operates in Consent Mode v2 ("denied" by default): hits are anonymized and no persistent cookie is set. Microsoft Clarity does not set tracking cookies before acceptance.

When you click "Accept" in the banner, consent is upgraded to "granted" for both tools. When you click "Refuse", analytics cookies are not set.

You can also configure your browser to refuse cookies at any time. To withdraw a previously granted consent, clear the site's local storage (key fleuret_cookie_consent) or contact us by email.

The banner follows CNIL guidelines: Accept and Refuse options are presented with equal visual weight, and refusing is as simple as accepting.

8. International Transfers

Some of our processors (Vercel, Supabase, Google LLC for Google Analytics 4, Microsoft Corporation for Clarity) are established in the United States. These transfers are governed by:

  • The EU-U.S. Data Privacy Framework (European Commission adequacy decision of July 10, 2023). Both Google LLC and Microsoft Corporation are DPF-certified.
  • Standard Contractual Clauses (SCCs) adopted by the European Commission, where applicable.
  • For Google Analytics 4 specifically: hits route through the European endpoint (region1.google-analytics.com) and the IP address is anonymized server-side (anonymize_ip: true) before any onward transfer to Google servers in the United States.

We ensure that any transfer of data outside the European Economic Area benefits from appropriate safeguards in accordance with Chapter V of the GDPR.

9. Changes

We reserve the right to modify this privacy policy at any time. In the event of a material change, we will notify you by email or via a notice on the site. The last update date is indicated at the top of this page.

10. Contact

For any questions regarding the protection of your personal data, you can contact us:

Data Protection Officer (DPO): yanis@fleuret.ai

Supervisory authority: CNIL — www.cnil.fr

Privacy Settings

This site uses third-party website tracking technologies to provide and continually improve our services, and to display information according to users' interests. I agree and may revoke or change my consent at any time with effect for the future.

Privacy PolicyLegal NoticeMore Information