Privacy Policy

Last updated: February 18, 2025

1. Introduction

FONTAINE68 SARL ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you use the Dikto application and website ("Service").

We comply with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and French data protection laws (Loi Informatique et Libertés).

2. Data Controller

The data controller for your personal data is:

• Company: FONTAINE68 SARL
• SIRET: 928 649 243 00013
• Address: 123 Rue Principale
• Email: contact@dikto.ai

3. Data We Collect

3.1 Account Data

When you create an account, we collect:

• Email address
• Name (optional)
• Password (hashed, never stored in plain text)

3.2 Usage Data

We collect anonymous usage data to improve the Service:

• Number of dictation requests (not the content)
• Language preferences
• Application version and operating system
• Error logs (anonymized)

3.3 Voice and Text Data

Important: Your voice recordings are processed in real-time for transcription and are not stored on our servers. The transcribed text is sent to AI providers for formatting and is not retained after processing. We do not build voice profiles or use your data to train AI models.

3.4 Payment Data

Payment information is collected and processed exclusively by our payment provider, Paddle.com, who acts as Merchant of Record. We do not collect, store, or have access to your credit card details. Paddle shares with us only:

• Your email address
• Subscription status (active, cancelled, expired)
• Transaction identifiers
• Country of residence (for tax purposes)

4. How We Use Your Data

We process your data for the following purposes and legal bases:

• Service delivery (contract performance): To provide the dictation and AI formatting service
• Account management (contract performance): To manage your account and subscription
• Service improvement (legitimate interest): To analyze anonymous usage patterns and improve the Service
• Security (legitimate interest): To detect and prevent fraud, abuse, and unauthorized access
• Communication (contract performance / legitimate interest): To send important service updates, security alerts, and subscription notifications

We do not use your data for marketing purposes unless you explicitly opt in.

5. Data Sharing

We share your data only with the following categories of processors, all committed to GDPR compliance:

• Mistral AI (Paris, France) — AI text processing. Receives transcribed text for formatting only. Data processed in the EU.
• Paddle.com (United Kingdom) — Payment processing and subscription management. Operates under UK GDPR.
• Scaleway (Paris, France) — Cloud infrastructure hosting. Data stored in Paris, France.
• Brevo (Paris, France) — Transactional email delivery.

We do not sell, rent, or share your personal data with advertisers or data brokers.

6. Data Storage & Security

Your data is stored on servers located in Paris, France, operated by Scaleway. We implement appropriate technical and organizational measures including:

• Encryption in transit (TLS 1.3) and at rest
• Access controls and authentication
• Regular security audits
• Automated backups with encryption

7. Data Retention

• Account data: Retained for the duration of your account plus 3 years after deletion (legal obligation)
• Usage data: Anonymized and retained for up to 26 months
• Voice recordings: Not retained — processed in real-time and immediately discarded
• Transcribed text: Not retained — processed for formatting and immediately discarded
• Payment records: Retained by Paddle according to their retention policy and applicable tax laws

8. Your Rights (GDPR)

Under the GDPR, you have the following rights:

• Right of access: Request a copy of your personal data
• Right to rectification: Correct inaccurate personal data
• Right to erasure: Request deletion of your personal data ("right to be forgotten")
• Right to restriction: Request restriction of processing
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Where processing is based on consent, withdraw at any time

To exercise any of these rights, contact us at contact@dikto.ai. We will respond within 30 days.

You also have the right to lodge a complaint with the French data protection authority: CNIL (www.cnil.fr).

9. Cookies

The Dikto website uses minimal cookies:

• Essential cookies: Required for the website to function (session management). No consent required.
• Analytics: We use Plausible Analytics, which is cookie-free and does not track individual users. No consent required.

We do not use advertising cookies or third-party tracking scripts.

10. International Transfers

Your data is primarily processed within the European Union (France). Where data is transferred to the United Kingdom (Paddle), this is covered by the EU adequacy decision for the UK.

We do not transfer your data outside the EU/EEA/UK.

11. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the application. The "Last updated" date at the top indicates when the policy was last revised.

13. Contact

For any privacy-related questions or to exercise your rights:

• Email: contact@dikto.ai
• Address: FONTAINE68 SARL, 123 Rue Principale