PRIVACY

Privacy Policy

How the 366 platform, operated by SCRIPTOR-ARTIS SAS, collects, processes, and protects personal data.

Last updated: February 2026

1. Controller Identity

This Privacy Policy is issued by:

SCRIPTOR-ARTIS SAS

Registered office: 15 faubourg Saint Louis, 09270 Mazères, France

Email: hello@suite366.ai

Data Protection Contact: dpo@suite366.ai

Scriptor Artis operates this platform.

2. Scope

This policy describes personal data processing:

  • when accessing the website;
  • when creating and managing a professional account;
  • when using 366 in SaaS mode;
  • during commercial or support interactions.

Data processed within the platform on behalf of customers is governed by a separate Data Processing Agreement (DPA).

SCRIPTOR-ARTIS SAS acts as data controller for the processing described in this Privacy Policy (website, account management, billing, and commercial/support communications). For customer content processed within the 366 platform on behalf of Organisations, SCRIPTOR-ARTIS SAS acts as data processor, as governed by the DPA.

3. Categories of Data

3.1 Account Data

  • Name
  • Professional email
  • Company
  • Role
  • Billing information

Purpose:

  • contract management
  • billing
  • support
  • security

Legal basis:

  • contract performance
  • legitimate interest

3.2 Technical and Usage Data

  • IP address
  • Login logs
  • Access timestamps
  • Usage metadata (Tokens, Agents, Modules)

Purpose:

  • service security
  • abuse prevention
  • license compliance
  • technical optimization

These processes do not aim to analyze customer content except where required for support, security, or legal obligations.

4. Processor Role

When customers upload data (documents, prompts, knowledge bases), Scriptor Artis acts as a data processor.

The customer remains the controller.

Processing terms are defined in the DPA.

5. AI Model Providers & Subprocessors

366 may engage third-party AI model providers for inference execution, including:

  • Scaleway (infrastructure and/or inference)
  • OpenAI
  • Anthropic
  • Google
  • Mistral AI
  • Meta
  • other providers enabled within the platform

These providers act as subprocessors, strictly for performing inference requests initiated by customers.

They are contractually bound in accordance with Article 28 GDPR.

Where an Organisation configures its own external AI model provider using its own API credentials, such provider acts under the Organisation's responsibility and contractual framework. In that case, SCRIPTOR-ARTIS SAS does not determine the purposes or means of the processing carried out directly between the Organisation and the external provider.

6. International Transfers

Certain providers may be located outside the EU.

Appropriate safeguards (e.g., Standard Contractual Clauses) are implemented where required.

7. Retention

Personal data is retained:

  • for the duration of the contractual relationship;
  • as required by legal obligations;
  • for proportionate security and logging purposes.

Customer data is returned or deleted in accordance with the DPA.

8. Security

Scriptor Artis implements appropriate technical and organizational measures:

  • access control
  • encrypted communications
  • infrastructure segmentation
  • security monitoring

9. Data Subject Rights

Under GDPR:

  • right of access
  • rectification
  • erasure
  • restriction
  • objection
  • portability

Contact: dpo@suite366.ai

Complaints may be filed with a supervisory authority.

10. Cookies

See Cookie Policy.

Privacy Policy — 366