Data protection
Privacy Policy
INEYA Studio is committed to protecting your personal data. This policy explains what data we process on Subventa (https://subventa.fr), why, on what legal basis, with whom it is shared, how long it is kept, and what your rights are. It complements our legal notice.
1. Data controller
The data controller is INEYA Studio, a simplified joint-stock company with a sole shareholder (SASU) with share capital of €500, registered office at 36 rue de Wattignies, 75012 Paris, France, registered with the Paris Trade and Companies Register under number 107 137 994. For any data-related request: contact@ineya.studio (or by post to the registered office).
2. Data we process
Depending on your use of the site, we may process:
- Contact and request data: e-mail address, name or organisation where applicable, and the content you send us through our forms (support request, alert sign-up, waiting list, partner application, message);
- Service usage data: grants you pin to build your file, preferences, filters and interactions with the site;
- Assistant conversations: the questions you ask our search assistant, processed on our own infrastructure (see section 4);
- Technical data: IP address, browser type, pages viewed, timestamps and security logs;
- Audience measurement: aggregated, cookieless usage statistics (see section 7).
We do not collect payment data (access to paid features currently runs through a waiting list, with no card transaction). We do not collect special-category data (Article 9 GDPR) unless you voluntarily include it in a message.
3. Purposes and legal bases
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| Respond to your enquiries and support you via the forms | Pre-contractual measures / legitimate interest |
| Send the alerts and communications you signed up for | Consent |
| Manage the waiting list and partner applications | Pre-contractual measures / legitimate interest |
| Provide and improve the service (search, file, assistant) | Legitimate interest |
| Measure audience anonymously and in aggregate | Legitimate interest |
| Ensure site security, prevent fraud and abuse | Legitimate interest |
| Comply with legal and accounting obligations | Legal obligation |
4. Recipients and processors
Your data is accessible to authorised INEYA Studio staff and to a deliberately limited number of processors, selected for their security guarantees and bound by contract under Article 28 GDPR:
- OVH SAS (France, EU) — infrastructure hosting;
- Proprietary, cookieless, self-hosted audience measurement (France) — our usage statistics are produced by our own tool, without cookies and without transmission to any third-party ad network;
- Functional Software, Inc. (Sentry) (USA) — technical monitoring and error tracking, to detect and fix incidents.
The artificial-intelligence features (search assistant) run on our own servers, with no transmission to a third party: your questions are not sent to an external AI provider.
We never sell or rent your personal data. It may be disclosed to an authority where required by law.
5. Transfers outside the EU
Our servers and hosting are located in the European Union. Where a processor involves a transfer outside the EU (notably Sentry, in the USA), it is governed by appropriate safeguards: European Commission Standard Contractual Clauses and/or the EU-US Data Privacy Framework, a copy of which is available on request.
6. Retention periods
- Prospects, contact messages and applications: up to 3 years from the last contact;
- Alert sign-ups: until you unsubscribe (one click);
- Technical data and logs: up to 12 months;
- Accounting records: 10 years, as required by law.
Data is then deleted or anonymised.
7. Cookies and trackers
The site uses strictly necessary cookies (language preference, security) that do not require consent. Our audience measurement is cookieless and privacy-friendly: it sets no identifying tracker and does not follow you across sites. No advertising or personalisation cookie is set without your prior consent, which you may withdraw at any time via your browser settings. Refusing non-essential trackers does not prevent access to the site.
8. Security
INEYA Studio implements appropriate technical and organisational measures to protect your data against loss, unauthorised access, disclosure or alteration: encrypted communications (HTTPS/TLS), access control, data isolation, logging and regular backups.
9. Your rights
Under the GDPR and the French Data Protection Act, you have the rights of access, rectification, erasure, objection, restriction, portability, withdrawal of consent at any time, and to set directives regarding your data after your death. To exercise them, e-mail contact@ineya.studio; we may request proof of identity in case of reasonable doubt. You may also lodge a complaint with the CNIL (French data protection authority — 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07 — www.cnil.fr).
10. Minors
The site is not intended for children under 15. We do not knowingly collect their data without parental consent.
11. Changes
This policy may be updated to reflect changes to the service or regulations. The version in force is the one published on this page.
Last updated: 2026.