PRIVACY

Privacy Policy

How 366 collects, processes, and protects personal data in connection with the 366 platform and services.

Last updated: February 2026

1. Controller Identity

This Privacy Policy is issued by:

SCRIPTOR-ARTIS SAS

Registered office: 15 faubourg Saint Louis, 09270 Mazères, France

Email: hello@suite366.ai

Data Protection Contact: dpo@devana.ai

366 operates this platform.

2. Scope

This policy describes personal data processing:

  • when accessing the website;
  • when creating and managing a professional account;
  • when using 366 in SaaS mode;
  • during commercial or support interactions.

Data processed within the platform on behalf of customers is governed by a separate Data Processing Agreement (DPA).

3. Categories of Data

3.1 Account Data

  • Name
  • Professional email
  • Company
  • Role
  • Billing information

Purpose:

  • contract management
  • billing
  • support
  • security

Legal basis:

  • contract performance
  • legitimate interest

3.2 Technical and Usage Data

  • IP address
  • Login logs
  • Access timestamps
  • Usage metadata (Tokens, Agents, Modules)

Purpose:

  • service security
  • abuse prevention
  • license compliance
  • technical optimization

These processes do not aim to analyze customer content except where required for support, security, or legal obligations.

4. Processor Role

When customers upload data (documents, prompts, knowledge bases), 366 acts as a data processor.

The customer remains the controller.

Processing terms are defined in the DPA.

5. AI Model Providers & Subprocessors

366 may engage third-party AI model providers for inference execution, including:

  • Scaleway (infrastructure and/or inference)
  • OpenAI
  • Anthropic
  • Google
  • Mistral AI
  • Meta
  • other providers enabled within the platform

These providers act as subprocessors, strictly for performing inference requests initiated by customers.

They are contractually bound in accordance with Article 28 GDPR.

6. International Transfers

Certain providers may be located outside the EU.

Appropriate safeguards (e.g., Standard Contractual Clauses) are implemented where required.

7. Retention

Personal data is retained:

  • for the duration of the contractual relationship;
  • as required by legal obligations;
  • for proportionate security and logging purposes.

Customer data is returned or deleted in accordance with the DPA.

8. Security

366 implements appropriate technical and organizational measures:

  • access control
  • encrypted communications
  • infrastructure segmentation
  • security monitoring

9. Data Subject Rights

Under GDPR:

  • right of access
  • rectification
  • erasure
  • restriction
  • objection
  • portability

Contact: dpo@devana.ai

Complaints may be filed with a supervisory authority.

10. Cookies

See Cookie Policy.