Data protection

Privacy Policy

INEYA Studio is committed to protecting your personal data. This policy explains what data we process on Subventa (https://subventa.fr), why, on what legal basis, with whom it is shared, how long it is kept, and what your rights are. It complements our legal notice.

1. Data controller

The data controller is INEYA Studio, a simplified joint-stock company with a sole shareholder (SASU) with share capital of €500, registered office at 36 rue de Wattignies, 75012 Paris, France, registered with the Paris Trade and Companies Register under number 107 137 994. For any data-related request: contact@ineya.studio (or by post to the registered office).

2. Data we process

Depending on your use of the site, we may process:

  • Contact and request data: e-mail address, name or organisation where applicable, and the content you send us through our forms (support request, alert sign-up, waiting list, partner application, message);
  • Service usage data: grants you pin to build your file, preferences, filters and interactions with the site;
  • Assistant conversations: the questions you ask our search assistant, processed on our own infrastructure (see section 4);
  • Technical data: IP address, browser type, pages viewed, timestamps and security logs;
  • Audience measurement: aggregated, cookieless usage statistics (see section 7).

We do not collect payment data (access to paid features currently runs through a waiting list, with no card transaction). We do not collect special-category data (Article 9 GDPR) unless you voluntarily include it in a message.

3. Purposes and legal bases

PurposeLegal basis (Art. 6 GDPR)
Respond to your enquiries and support you via the formsPre-contractual measures / legitimate interest
Send the alerts and communications you signed up forConsent
Manage the waiting list and partner applicationsPre-contractual measures / legitimate interest
Provide and improve the service (search, file, assistant)Legitimate interest
Measure audience anonymously and in aggregateLegitimate interest
Ensure site security, prevent fraud and abuseLegitimate interest
Comply with legal and accounting obligationsLegal obligation

4. Recipients and processors

Your data is accessible to authorised INEYA Studio staff and to a deliberately limited number of processors, selected for their security guarantees and bound by contract under Article 28 GDPR:

  • OVH SAS (France, EU) — infrastructure hosting;
  • Proprietary, cookieless, self-hosted audience measurement (France) — our usage statistics are produced by our own tool, without cookies and without transmission to any third-party ad network;
  • Functional Software, Inc. (Sentry) (USA) — technical monitoring and error tracking, to detect and fix incidents.

The artificial-intelligence features (search assistant) run on our own servers, with no transmission to a third party: your questions are not sent to an external AI provider.

We never sell or rent your personal data. It may be disclosed to an authority where required by law.

5. Transfers outside the EU

Our servers and hosting are located in the European Union. Where a processor involves a transfer outside the EU (notably Sentry, in the USA), it is governed by appropriate safeguards: European Commission Standard Contractual Clauses and/or the EU-US Data Privacy Framework, a copy of which is available on request.

6. Retention periods

  • Prospects, contact messages and applications: up to 3 years from the last contact;
  • Alert sign-ups: until you unsubscribe (one click);
  • Technical data and logs: up to 12 months;
  • Accounting records: 10 years, as required by law.

Data is then deleted or anonymised.

7. Cookies and trackers

The site uses strictly necessary cookies (language preference, security) that do not require consent. Our audience measurement is cookieless and privacy-friendly: it sets no identifying tracker and does not follow you across sites. No advertising or personalisation cookie is set without your prior consent, which you may withdraw at any time via your browser settings. Refusing non-essential trackers does not prevent access to the site.

8. Security

INEYA Studio implements appropriate technical and organisational measures to protect your data against loss, unauthorised access, disclosure or alteration: encrypted communications (HTTPS/TLS), access control, data isolation, logging and regular backups.

9. Your rights

Under the GDPR and the French Data Protection Act, you have the rights of access, rectification, erasure, objection, restriction, portability, withdrawal of consent at any time, and to set directives regarding your data after your death. To exercise them, e-mail contact@ineya.studio; we may request proof of identity in case of reasonable doubt. You may also lodge a complaint with the CNIL (French data protection authority — 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07 — www.cnil.fr).

10. Minors

The site is not intended for children under 15. We do not knowingly collect their data without parental consent.

11. Changes

This policy may be updated to reflect changes to the service or regulations. The version in force is the one published on this page.

Last updated: 2026.