Privacy Notice

Privacy Notice | LabRise Consulting

Privacy Notice

Last updated:

This Privacy Notice explains how LabRise Consulting ("we", "our", "us") collects, uses and shares your personal data when you visit our website and use our services.

1. Who we are

Data controller: LabRise Consulting.

Contact: privacy@labrise-consulting.com

If we appoint a Data Protection Officer (DPO), their details will be provided here.

2. Scope and legal framework

This notice applies when you visit our website, contact us, download resources, or otherwise interact with our services.

We process your data in accordance with the EU General Data Protection Regulation (GDPR) and applicable national data protection laws, as well as the ePrivacy Directive regarding cookies.

3. Data we collect

  • Identification and contact data (e.g., name, organization, email, phone) when you contact us or request a demo.
  • Professional data (role, sector, project requirements) that you provide.
  • Technical and usage data (IP address, cookie identifiers, browser type, pages visited, timestamps) collected with your consent.
  • Communications (message content, form responses).
  • Chat assistant submissions - when you explicitly click "Send to LabRise" on the chat widget's summary card, the name, email and project description you confirm in that card are forwarded to us by email. The conversation transcript itself is not retained on our servers.

3a. Chat assistant on the website

You are interacting with an automated AI assistant, not a human. This notice serves as the transparency disclosure required by Article 50 of the EU AI Act. The widget is intended to help you describe your project and decide whether to contact us. It is processed as follows:

  • LLM provider: conversations are streamed in real time to Mistral AI, a French company (your messages are processed within the EU), mistral.ai/terms, through a Cloudflare Worker we operate (cloudflare.com/privacypolicy). No transcript is written to a database on our side - the conversation lives only in your browser tab until you reload or close it.
  • Anti-abuse (Cloudflare Turnstile): when you send a message or submit a lead, a Cloudflare Turnstile challenge runs to confirm you are not a bot. Turnstile is a "CAPTCHA-replacement" service; per Cloudflare it does not use tracking cookies or browser fingerprinting for advertising purposes. Short-lived functional cookies on the challenges.cloudflare.com domain may be set during the challenge. We consider this strictly necessary for the security of the service you are requesting (ePrivacy Directive Art. 5(3) exemption), so no separate consent is asked.
  • Lawful basis (chat conversation): legitimate interest (Art. 6-1-f GDPR) - providing pre-sales information and answering visitor questions. You can stop at any time by closing the widget.
  • Lead capture (the summary card): only triggered after you explicitly click the "Send to LabRise" button on the editable card the assistant proposes. The details you confirm there are then sent by email to hello@labrise-consulting.com via Mailjet (a Sinch company, EU-hosted email-delivery sub-processor based in France). Lawful basis: your explicit consent (Art. 6-1-a GDPR) given by clicking the send button. You can withdraw consent for future submissions at any time by not using the chat widget.
  • Technical metadata: the lead email includes a truncated IP (anonymised to /24 for IPv4 and /48 for IPv6), the browser User-Agent, and the page you submitted from. These are used to debug abuse and for security only.
  • Right to erasure: to have an emailed lead deleted, contact privacy@labrise-consulting.com.
  • Prefer not to use AI? You can reach a human at any time via /contact or by emailing hello@labrise-consulting.com directly.

4. Purposes and legal bases

We use your data to:

  • Respond to your requests (contact, quotes, demos) - performance of a contract or pre-contractual steps (Art. 6-1-b GDPR).
  • Provide and improve our website, ensure availability and security - legitimate interest (Art. 6-1-f GDPR).
  • Audience measurement (Google Analytics) - consent (Art. 6-1-a GDPR).
  • Legal obligations (invoicing, compliance) - legal obligation (Art. 6-1-c GDPR).
  • B2B prospecting related to our services - legitimate interest, with a right to object at any time.

5. Cookies & Analytics Tools

We use cookies and similar technologies. Non-essential cookies (e.g., for Google Analytics) are set only with your consent. We also use Umami Analytics which operates without cookies. You can adjust your cookie preferences at any time using the "Manage cookies" link at the bottom of our site.

Umami Analytics (cookieless)

  • Purpose: basic audience measurement and content improvement in a privacy-friendly manner.
  • IP addresses: automatically anonymized and cannot be used to identify you.
  • Hosting: our Umami instance is hosted in Europe and collects only anonymized statistics without cookies or personal data.
  • Data collected: page views, country/region, browser type, operating system, and device type.
  • Consent: not required according to CNIL guidelines.
  • Legal basis: legitimate interest (Art. 6-1-f GDPR).

Google Analytics (GA4)

  • Purpose: measure audience and improve our content.
  • Legal basis: consent. No Analytics cookies are set without your agreement.
  • Data transfers: Google Analytics may transfer data to the United States. Google Ireland Limited implements appropriate safeguards including Standard Contractual Clauses (SCCs) for data transfers outside the EU/EEA.
  • Controls: you can withdraw consent via the "Manage cookies" link in the footer.
  • Provider: Google Ireland Limited. Policy: policies.google.com/privacy. Opt-out add-on: tools.google.com/dlpage/gaoptout.
  • Essential (required for site operation) - legal basis: legitimate interest.
  • Analytics (Google Analytics only) - legal basis: consent.
  • Cookieless (Umami Analytics) - legal basis: legitimate interest, no consent required.
Cookie duration vs. data retention:
  • Analytics cookies (_ga, _ga_[ID]) remain in your browser for up to 2 years
  • Analytics data collected by Google Analytics is retained on their servers for 14 months
  • Your consent preferences are stored for 6 months, after which we'll ask for your consent again
Manage your preferences
Open preferences center

You can always adjust your cookie preferences using the "Manage cookies" link at the bottom of our site.

6. Data sharing

We may share personal data with:

  • Service providers (hosting, maintenance, analytics tools, email delivery via Mailjet, and the LLM provider behind the chat widget - see section 3a) acting on our instructions and bound by confidentiality and security obligations.
  • Authorities where required by law.
  • Advisors (legal, accounting) if necessary to protect our rights.

We do not sell your personal data.

7. Transfers outside the EU/EEA

Some of our processors are established in or transfer data to countries outside the EU/EEA. The main third-country transfers are:

  • Cloudflare, Inc. (United States) - Workers (and, if enabled, Turnstile) used by the chat widget. Cloudflare is EU-US Data Privacy Framework (DPF) certified.
  • Google Ireland Limited / Google LLC (United States) - if you accept analytics cookies, Google Analytics may transfer data to the United States under the EU-US Data Privacy Framework and Standard Contractual Clauses.

For each transfer we rely on at least one of the following safeguards under Articles 44-49 of the GDPR:

  • The EU-US Data Privacy Framework (Commission adequacy decision of 10 July 2023) for DPF-certified US recipients,
  • Standard Contractual Clauses (SCCs) approved by the European Commission,
  • Supplementary technical and organisational measures (encryption in transit, IP truncation, minimisation),
  • Regular reassessment of the level of protection in the third country.

8. Data retention

  • Prospects and inquiries: up to 3 years after last contact.
  • Clients and contract performance: for the duration of the contract, then archived as legally required.
  • Google Analytics data: event data retained for 14 months on Google's servers when consent is given.
  • Browser cookies: Analytics cookies remain stored in your browser for up to 2 years.
  • Consent preferences: Your cookie consent choice is stored for 6 months, after which we'll request consent again.
  • Chat conversations: not stored on our servers. Held only in your browser tab until you reload or close it.
  • Chat lead emails (after you click "Send to LabRise"): kept in our inbox under the same rule as other prospect contacts - up to 3 years after the last interaction.

9. Security

We apply reasonable technical and organizational measures (access controls, encryption in transit, logging, minimization) to protect your data. No system is completely secure, so we encourage you to notify us of any suspected unauthorized access.

10. Your rights (GDPR)

You have the following rights under the GDPR:

  • Right of access, rectification, erasure, restriction, and objection.
  • Right to data portability.
  • Right to withdraw consent at any time (e.g., for analytics cookies).
  • Right to lodge a complaint with a supervisory authority in any EU member state where you live, work, or where the alleged infringement occurred. In France: CNIL - cnil.fr/en/contact-cnil.

Exercising your rights

Contact us at privacy@labrise-consulting.com and include information to verify your identity. We will respond within one month (extendable depending on complexity).

11. Contact us

For any questions regarding this notice or data protection: privacy@labrise-consulting.com.

12. Changes to this notice

We may amend this notice to reflect legal or technical changes. The update date will appear at the top. In case of material changes, we may display a notice on the website or request your cookie consent again.

Manage cookies