iNodesPrivacy Policy
Website: iNodes.ai
Data controller: iNodes — SIREN 517 398 400
Last updated: March 13, 2026
Version: 1.0
Preamble
This Privacy Policy describes how iNodes, whose registered office is at 200 rue de la Croix Nivert, 75015 Paris, France, registered under number SIREN 517 398 400 (hereinafter “the Publisher”, “we”, “our”), collects, uses, stores and protects the personal data of users (hereinafter “the User”, “you”) of the iNodes.ai platform (hereinafter “the Platform”).
This policy is established in accordance with the General Data Protection Regulation (GDPR – EU Regulation 2016/679) and French Law No. 78-17 of 6 January 1978 on data processing, data files and individual liberties (Loi Informatique et Libertés).
Article 1 – Data controller
Data controller: iNodes
Address: 200 rue de la Croix Nivert, 75015 Paris, France
Email: contact@inodes.ai
SIREN: 517 398 400
Article 2 – Data collected
2.1 Data provided directly by the user
| Category | Data | Purpose |
|---|---|---|
| Registration | Name, email, password (hashed) | Account creation and management |
| Billing | Billing address, order history | Billing and accounting |
| Support | Messages, attachments | Processing of requests |
| User Content | Prompts, instructions, generation parameters | Performance of the AI generation service |
2.2 Data collected automatically
- Technical data: IP address, browser type and version, operating system, screen resolution, unique device identifiers.
- Navigation data: pages visited, date and time of access, session duration, actions performed.
- Transaction data: Token purchase history, Token consumption, subscription details.
2.3 Third-party data
We may receive information when you use sign-in features via third-party services (Google, GitHub, etc.).
2.4 Data not collected
The Publisher does not collect and does not store:
- Payment information (credit card), processed exclusively by the third-party payment provider.
- Content Generated by artificial intelligence, which is transmitted directly from the AI Provider to the User.
Article 3 – Purposes and legal bases for processing
| Purpose | Legal basis (GDPR) |
|---|---|
| User account management | Contract performance (Art. 6.1.b) |
| Provision and performance of services | Contract performance (Art. 6.1.b) |
| Billing and payment management | Contract performance (Art. 6.1.b) and legal obligation (Art. 6.1.c) |
| Transmission of prompts to AI Providers | Contract performance (Art. 6.1.b) |
| Customer support | Contract performance (Art. 6.1.b) |
| Sending commercial communications | Consent (Art. 6.1.a) |
| Platform improvement and statistics | Legitimate interest (Art. 6.1.f) |
| Fraud prevention and security | Legitimate interest (Art. 6.1.f) |
| Compliance with legal and tax obligations | Legal obligation (Art. 6.1.c) |
Article 4 – Data recipients
Personal data may be shared with the following categories of recipients:
4.1 Artificial intelligence providers
fal – Features & Labels, Inc. (FAL.ai)
- Headquarters: San Francisco, California, United States
- Data transmitted: User Content (prompts, generation parameters)
- Purpose: performance of AI generation operations
- Privacy policy: https://fal.ai/legal/privacy-policy
4.2 Payment provider
Stripe Payments Europe, Ltd.
- Data transmitted: payment information
- Purpose: secure transaction processing
4.3 Hosting provider
OVHcloud (OVH SAS)
- Data transmitted: data necessary for hosting
- Server location: European Union (France / Germany depending on configuration)
4.4 Other recipients
- Analytics providers for Platform improvement.
- Competent authorities in the event of legal obligation or court order.
Article 5 – Data transfers outside the European Union
User Content (prompts) is transmitted to FAL.ai, whose servers are located in the United States. This transfer is necessary for the performance of the service and is governed by:
- The European Commission’s standard contractual clauses (SCCs), in accordance with Article 46.2.c of the GDPR.
- The EU-US Data Privacy Framework, where applicable.
The User is informed of this transfer prior to use of the service. This transfer is based on the legal bases applicable to the processing and on the safeguards governing international transfers described in this article.
In the event of changes to the safeguards governing transfers, the Publisher undertakes to implement alternative protection measures in compliance with the GDPR.
Article 6 – Retention period
| Type of data | Retention period |
|---|---|
| Account data | Duration of registration + 3 years after account deletion |
| Billing data | 10 years (legal accounting and tax obligation) |
| Navigation data (logs) | 12 months |
| User Content (prompts) | Duration necessary for technical processing, then deletion. Not retained beyond the session. |
| Support data | 3 years after the request is closed |
| Cookie-related data | See Article 9 |
Article 7 – Data subject rights
In accordance with the GDPR and the Loi Informatique et Libertés, the User has the following rights:
- Right of access (Art. 15 GDPR): obtain confirmation that data concerning them is being processed and receive a copy.
- Right to rectification (Art. 16 GDPR): request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17 GDPR): request deletion of their data in the cases provided for by law.
- Right to restriction of processing (Art. 18 GDPR): request suspension of processing in certain circumstances.
- Right to data portability (Art. 20 GDPR): receive their data in a structured, commonly used and machine-readable format.
- Right to object (Art. 21 GDPR): object to the processing of their data on legitimate grounds, including commercial prospecting.
- Right to withdraw consent at any time, when processing is based on consent.
- Right not to be subject to automated decision-making: request human intervention regarding any decision based solely on automated processing producing legal effects.
- Right to define directives regarding the fate of their data after their death (Loi Informatique et Libertés).
Exercising rights
To exercise these rights, the User may send their request to:
- Email: contact@inodes.ai
- Postal address: iNodes – 200 rue de la Croix Nivert, 75015 Paris, France
The Publisher undertakes to respond within one (1) month of receipt of the request. This period may be extended by two (2) months in the event of complexity or a large number of requests.
Complaint
In the event of difficulty, the User may lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL):
- Website: https://www.cnil.fr
- Address: 3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07
For users located in another EU country, they may contact the data protection authority of their country of residence.
Article 8 – Data security
The Publisher implements appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, in particular:
- Encryption of data in transit (SSL/TLS).
- Password hashing.
- Access control and strengthened authentication.
- Regular backups.
- Security updates.
In the event of a personal data breach likely to result in a risk to the rights and freedoms of the data subjects, the Publisher undertakes to notify the CNIL within 72 hours and to inform the data subjects if the risk is high, in accordance with Articles 33 and 34 of the GDPR.
Article 9 – Cookies
9.1 What is a cookie?
A cookie is a small text file placed on the User’s device (computer, smartphone, tablet) when visiting the Platform.
9.2 Types of cookies used
| Type | Purpose | Duration | Consent required |
|---|---|---|---|
| Essential cookies | Site operation, authentication, security | Session duration | No (strictly necessary) |
| Preference cookies | Remembering user choices (language, display) | 12 months | Yes |
| Analytics cookies | Audience measurement, service improvement | 13 months maximum | Yes |
9.3 Cookie management
On their first visit, the User is informed of the placement of cookies via a consent banner. The User may at any time:
- Accept or refuse non-essential cookies via the consent banner or the cookie manager accessible from the Platform.
- Configure their browser to block or delete cookies. Deleting essential cookies may affect the operation of the Platform.
Article 10 – Data processing by AI Providers
10.1 Nature of processing
When the User uses the AI generation features, the following data is transmitted to the AI Providers (including FAL.ai):
- The User’s prompts and instructions.
- Technical parameters for the generation.
10.2 AI provider commitments
In accordance with FAL.ai’s terms of service (API Services Terms):
- FAL.ai does not use User Content (prompts and results) to train, develop or improve its own models or products, except for models expressly indicated as “Pending Enterprise Ready”.
- FAL.ai processes User Content solely for the purpose of providing the service.
10.3 User information
The User is informed that:
- Their prompts are transmitted to servers located in the United States.
- They must not include sensitive personal data (health data, political opinions, biometric data, etc.) in their prompts.
- The Publisher does not retain Generated Content on its servers.
Article 11 – Minors
The Platform is not intended for persons under 18 years of age. The Publisher does not knowingly collect personal data from minors. If the Publisher becomes aware that a minor has provided personal data, it will be deleted as soon as possible.
Article 12 – Modification of the policy
The Publisher reserves the right to modify this Privacy Policy. Any substantial modification will be notified to the User by email or by display on the Platform. The “Last updated” date at the top of the document is updated accordingly.
Article 13 – Contact
For any questions regarding this Privacy Policy or to exercise your rights:
iNodes
200 rue de la Croix Nivert
75015 Paris, France
Email: contact@inodes.ai