Privacy Policy

Data controller

LUXE ÆTERNAI

Simplified joint-stock company (SASU) with a share capital of 1,000 euros

Registered office: 70 place du Docteur F. Lobligeois, 75017 Paris, France

Registration with the Paris Trade and Companies Register in progress

President and data controller: Mickaël Tsakiris

Contact: [email protected]

Categories of data collected

The website luxeaeternai.com collects the following categories of data:

  • Email address: voluntarily provided via the newsletter sign-up form (LinkedIn opt-in) or via the agentic evaluation tool (opt-in to receive the personalised summary).
  • AI diagnostic responses: answers to 9 multiple-choice questions, optional free-text inputs on AI usage, declared professional role. No personally identifiable data.
  • Browsing data: pages visited, session duration, device type. Collected anonymously by Umami (no cookies). Microsoft Clarity collects behavioural data (clicks, scrolling) only after explicit consent.

Purposes and legal bases

Each processing activity relies on a legal basis under Regulation (EU) 2016/679 (GDPR), Article 6:

Audience analytics (Umami)

Purpose: measure website traffic and improve content.

Legal basis: legitimate interest (Art. 6(1)(f)). Umami sets no cookies, collects no personal data, and is GDPR-compliant by design. Exempt from consent under CNIL guidelines on strictly necessary trackers.

Behavioural analytics (Microsoft Clarity)

Purpose: analyse user interactions (clicks, scrolling, heatmaps) to improve site usability.

Legal basis: consent (Art. 6(1)(a)). Clarity is activated only after explicit acceptance via the consent banner. Data is anonymised.

Agentic evaluation (AI diagnostic)

Purpose: generate a personalised AI maturity summary, displayed on screen and optionally sent by email.

Legal basis:

  • Legitimate interest (Art. 6(1)(f)) for respondents who have not provided an email address: processing limited to displaying the on-screen summary.
  • Consent (Art. 6(1)(a)) for respondents who have provided their email address: explicit opt-in via an unchecked checkbox.

Newsletter

Purpose: delivery of the LUXE ÆTERNAI newsletter via LinkedIn.

Legal basis: consent (Art. 6(1)(a)). Subscription is voluntary via LinkedIn.

Appointment scheduling (Calendly)

Purpose: facilitate appointment booking.

Legal basis: consent (Art. 6(1)(a)). The Calendly widget is loaded only on user click, with no prior data transfer.

Recipients and sub-processors

Personal data may be shared with the following sub-processors, strictly within the purposes described above:

  • Anthropic, PBC (340 Pine Street, Suite 323, San Francisco, CA 94104, USA) — Diagnostic responses are sent to the Claude API to generate the summary. Anthropic does not retain data submitted via the API beyond real-time processing (see Anthropic's privacy policy).
  • Resend, Inc. (548 Market St, PMB 72271, San Francisco, CA 94104, USA) — Email infrastructure used for diagnostic summary delivery and internal notifications. Does not process user data for its own purposes.
  • Cloudflare, Inc. (101 Townsend Street, San Francisco, CA 94107, USA) — Site and Worker hosting. Cloudflare KV is limited to technical rate limiting (request count per IP) and stores no personal data from responses.
  • Microsoft Corporation (One Microsoft Way, Redmond, WA 98052, USA) — Microsoft Clarity, activated only after consent. Data is anonymised.
  • Calendly, LLC (3423 Piedmont Road NE, Atlanta, GA 30305, USA) — Appointment booking widget, loaded only on click.

No personal data is sold to third parties.

Retention periods

  • Diagnostic responses (no email): processed in real time, not retained.
  • Email address (diagnostic, opt-in): retained only for the time required to send the summary, then removed from the processing pipeline.
  • Internal notification: aggregated scores received by email are retained in accordance with internal professional email management practices. Deleted upon request.
  • Newsletter (LinkedIn): email address managed by LinkedIn. Unsubscribe at any time via LinkedIn.
  • Browsing data (Umami): aggregated and anonymous, no nominative retention period.
  • Clarity data: retained according to Microsoft's retention policy (see Clarity FAQ).

Transfers outside the European Union

Some sub-processors are established in the United States. Data transfers outside the European Union are governed by:

  • The EU-US Data Privacy Framework (DPF) for certified sub-processors (Cloudflare, Microsoft).
  • Standard Contractual Clauses (SCCs) adopted by the European Commission, for sub-processors not DPF-certified (Anthropic, Resend).

These safeguards ensure a level of data protection equivalent to that provided by the GDPR.

Rights of data subjects

Under the GDPR and applicable French data protection law (Loi Informatique et Libertés, as amended), you have the following rights:

  • Right of access (Art. 15 GDPR) — obtain confirmation that your data is being processed and receive a copy.
  • Right to rectification (Art. 16 GDPR) — correct inaccurate or incomplete data.
  • Right to erasure (Art. 17 GDPR) — request deletion of your data.
  • Right to restriction of processing (Art. 18 GDPR) — restrict processing in certain circumstances.
  • Right to object (Art. 21 GDPR) — object to processing based on legitimate interest.
  • Right to data portability (Art. 20 GDPR) — receive your data in a structured, machine-readable format.
  • Right to withdraw consent at any time, without retroactive effect.

To exercise these rights: [email protected]

Complaint with the CNIL

If you believe the processing of your data constitutes a violation of the GDPR, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), the French data protection authority:

CNIL — 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France

www.cnil.fr/fr/plaintes

Cookies and trackers

This site uses two analytics tools:

Umami — Cookie-free analytics, GDPR-compliant by design. Sets no cookies, collects no personal data, does not track users across sites. Exempt from consent under CNIL recommendations on strictly necessary trackers.

Microsoft Clarity — Behavioural analytics tool (heatmaps, session recordings). Activated only after explicit consent via the consent banner displayed at the bottom of the page. If declined, no Clarity tracker is loaded.

Calendly — The appointment booking widget is loaded only on user click. No Calendly script is executed on page load.

Fonts — Fonts are hosted locally on the server. No calls to Google Fonts or any external CDN are made.

You may manage your consent preferences at any time by clearing your browser's local storage (cmp_consent key).

Policy updates

This privacy policy may be updated to reflect changes to the site or regulatory requirements. The date of last update is indicated below.

Last updated: April 2026