1 Identity of the data controller
The data controller responsible for processing your personal data is:
- Company name: Akora PRO
- Legal form: Simplified Joint-Stock Company (SAS)
- SIRET: 94920320200013
- Registered office: Nantes, France
- Email address: info@akora.pro
For any question regarding the processing of your personal data, you may contact us at the address above. We are committed to responding within 30 calendar days.
2 Data collected
In the course of using the Akorbit platform, we may collect the following categories of data:
- Identification data: first and last name, professional email address, organisation name, phone number (optional), role within the organisation.
- AI platform usage data: interaction logs with AI agents, conversation histories, created and executed workflows, outputs generated by large language models (LLMs).
- Technical data: IP address, session identifiers, browser type and version, operating system, screen resolution, time zone.
- Navigation data: pages visited, session duration, navigation paths, actions performed within the interface.
- Imported data: any document, file or dataset that you voluntarily upload to the platform as part of your professional workflows.
We do not collect sensitive data within the meaning of Article 9 of the GDPR (health, political opinions, religious beliefs, biometric data, etc.) unless express and documented consent has been obtained.
3 Purposes and legal bases
Each processing activity is based on an explicit legal basis in accordance with Article 6 of the GDPR:
- Art. 6.1.b — Performance of a contract: providing the Akorbit platform features (AI agents, workflows, analyses), managing your account, technical support and billing.
- Art. 6.1.f — Legitimate interest: fraud and abuse prevention, platform security, continuous service improvement, performance analysis and anomaly detection.
- Art. 6.1.a — Consent: placing non-essential analytical cookies, sending optional commercial communications, participation in beta-testing programmes.
- Art. 6.1.c — Legal obligation: retention of invoices and accounting records, response to legally grounded judicial or administrative requisitions.
4 Data retention
Your data is retained for the following periods, after which it is deleted or irreversibly anonymised:
- Active account data: for the entire duration of the contract, then 30 days after termination to allow potential reactivation or data export.
- Security logs: maximum 12 months (in line with CNIL recommendations for access and audit logs).
- Billing data and accounting records: 10 years from the transaction date (legal obligation – French Commercial Code).
- Data processed by AI agents: deleted at the end of each session or workflow, unless you explicitly save them in your workspace.
- Cookies and navigation data: maximum 13 months from deposit.
5 Hosting and international transfers
All data processed by Akorbit is hosted within the European Union, on infrastructure located in France and/or other EU member states, benefiting from the most protective legal framework.
- No transfers outside the EU by default: no data is transferred to third countries without appropriate safeguards (European Commission Standard Contractual Clauses, adequacy decision, or explicit consent).
- Sub-processors: any sub-processor accessing your data is bound by a Data Processing Agreement (DPA) compliant with Article 28 of the GDPR, and certified or compliant with European standards (ISO 27001, SOC 2, etc.).
- Sub-processor register: the list of principal sub-processors is available upon request at info@akora.pro.
6 Your rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15): obtain a copy of the data concerning you and information about its processing.
- Right to rectification (Art. 16): correct inaccurate or incomplete data.
- Right to erasure (Art. 17): request deletion of your data in cases provided for by regulations.
- Right to data portability (Art. 20): receive your data in a structured, commonly used and machine-readable format.
- Right to object (Art. 21): object to processing based on legitimate interest or for direct marketing purposes.
- Right to restriction (Art. 18): temporarily restrict the processing of your data.
To exercise your rights, send your request to info@akora.pro. We will respond within 30 days. If a dispute remains unresolved, you may lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL): www.cnil.fr.
7 EU AI Act compliance
Akorbit is developed in compliance with EU Regulation 2024/1689 on Artificial Intelligence (EU AI Act), which entered into force on 1 August 2024.
- Risk classification: the AI systems offered by Akorbit are classified as limited risk or minimal risk, in accordance with the criteria defined in Articles 6 to 9 of the Regulation.
- Transparency: you are informed when you interact with an artificial intelligence system. Outputs generated by LLMs are clearly identified as such.
- Human oversight: Akorbit guarantees the possibility of effective human oversight for any decision produced by its AI agents, in compliance with Article 14 of the Regulation.
- Technical documentation: comprehensive technical documentation (Art. 11) is kept up to date for each AI system offered on the platform.
- Prohibitions: Akorbit strictly prohibits any use falling under unacceptable risk AI systems (Art. 5), including cognitive manipulation, social scoring, and real-time biometric surveillance.
8 Data security
Akora PRO implements a comprehensive set of technical and organisational measures to ensure the confidentiality, integrity and availability of your data:
- Encryption in transit: all communications are encrypted using the TLS 1.3 protocol.
- Encryption at rest: stored data is encrypted using the AES-256 algorithm.
- Authentication: multi-factor authentication (MFA) available and recommended for all accounts.
- Access control: role-based access control (RBAC) with the principle of least privilege applied to all internal teams.
- Regular audits: penetration testing, secure code reviews and security audits conducted periodically by independent third parties.
- Business continuity: Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) documented and regularly tested.
- Breach notification: in the event of a data breach likely to create a risk to your rights, you will be notified within the timeframes prescribed by Article 34 of the GDPR.
9 Cookies and trackers
Akorbit uses cookies and trackers in the following categories:
- Essential cookies (no consent required): session cookies, CSRF token, interface preferences. Necessary for the technical operation of the platform.
- Analytical cookies (with consent): Google Analytics with full IP address anonymisation (
anonymize_ipparameter enabled). These cookies allow us to analyse aggregated usage to improve the user experience. - No advertising cookies: Akorbit does not place any trackers for advertising, retargeting or commercial profiling purposes.
You can manage your cookie preferences at any time via the consent banner on the platform, or by configuring your browser. Declining analytical cookies does not affect the operation of the platform.
10 Policy changes
We reserve the right to modify this Privacy Policy to reflect legal, regulatory or technical developments. In the event of significant changes:
- You will be notified by email and/or via a visible notification in your client area at least 30 days before the changes take effect.
- The update date in the header will be systematically revised.
- The previous version will remain accessible upon request.
Continued use of the platform after the changes take effect constitutes acceptance of the revised policy.
11 Contact & complaints
For any question, request to exercise rights or complaint regarding the protection of your personal data:
- Email: info@akora.pro
- Response time: we are committed to responding within a maximum of 30 calendar days.
- Supervisory authority: if your request does not receive a satisfactory response, you may contact the CNIL: www.cnil.fr — 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France.
Questions? Contact us
info@akora.pro