Mirage Cloud IAMirage

Privacy Policy (GDPR)

Version 1.0.1 — Effective 14 May 2026

Privacy Policy — Mirage Cloud

Version 1.0.1 — Effective 14/05/2026

1. Data Controller

Mirage Cloud, 28 avenue Friedland, 75008 Paris (chez Les Licornes Françaises). Contact: contact@mirage-cloud.com.

2. Data Collected

  • Identification: email, last name, first name, phone (optional).
  • Billing: payment method (stored by Stripe — not by Mirage Cloud), invoice history, company identifiers (legal name, SIREN, VAT number for businesses).
  • Usage: conversations with AI agents, requests, connected integrations, technical logs (IP, user agent).
  • Legal acceptances: version + timestamp of accepted documents, IP, user agent (legally enforceable records retained for 5 years).

3. Purposes

  • To provide and improve the Service.
  • Billing and management of the contractual relationship.
  • Security, fraud prevention, legal compliance.
  • Statistics and product improvement (anonymised).

4. Legal Basis

  • Performance of the contract (Terms of Service / Terms of Sale).
  • Consent (non-essential analytics, marketing communications).
  • Legal obligations (accounting, anti-money laundering).
  • Legitimate interest (security, abuse prevention).

5. Recipients

Data is processed by Mirage Cloud and its technical subprocessors:

  • Stripe (Ireland / USA): payments.
  • OpenAI, Anthropic (USA): AI generation.
  • Hosting provider: IONOS France (1&1 IONOS SARL, 7 place de la Gare, 57200 Sarreguemines, France).

6. Transfers Outside the EU

When data is transferred outside the EU, transfers are based on the Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Retention Periods

  • Active account: duration of the contractual relationship.
  • After deletion: 3 years for commercial records, 10 years for accounting records, 5 years for legal acceptances.

8. User Rights (GDPR)

You may exercise your rights of access, rectification, erasure, restriction, objection and portability by writing to contact@mirage-cloud.com. You may also lodge a complaint with the French Data Protection Authority (CNIL, www.cnil.fr) or your local supervisory authority.

9. Cookies

Mirage Cloud uses strictly necessary cookies (session, security) and, subject to your consent, audience measurement cookies.

10. Data Protection Officer

Mirage Cloud has not appointed a Data Protection Officer (DPO) under Article 37 of the GDPR, as such appointment is not mandatory given the nature and scale of the processing performed. A GDPR contact may be reached for any question regarding the processing of your data at: contact@mirage-cloud.com.

Integrity fingerprint (SHA-256) : 0e69f66d4de41fe0593fd78b1952796e547b2cf644450bc6a439efdffd258218

This document is currently in force and binding. Any update results in a new distinct version requiring re-acceptance at the next billing-related interaction.