Cléprix
French insurance document reports
FR
Cléprix / Privacy Policy
Legal

Privacy Policy

How Cléprix handles uploaded insurance documents, contact details, technical logs, AI workflows and privacy rights.

Table of contents / Sommaire

OverviewController and contactScope of this noticeData we may collectSensitive data and minimizationPurposes of processingLegal basesAI, automation and human reviewCustom GPT and external assistantsUploaded documentsCookies, analytics and logsService providersInternational transfersRetentionSecurityEU/UK/US privacy rightsChildrenMarketing and communicationsChangesContact

Overview

Cléprix.com (“Cléprix”, “we”, “us”) provides insurance-document collection, educational explanation, risk-card, report and workflow services for consumers. This Privacy Policy explains how we may collect, use, disclose, retain and protect personal data. It is written conservatively for testing across EU and US-facing traffic. It is not a substitute for review by qualified counsel before production launch.

Important: Cléprix is not an insurer, broker, law firm, financial adviser or claims adjuster. We do not sell insurance, bind coverage, decide claims or provide legal advice.

Controller and contact

For the website and report workflows, the controller or business operator is Cléprix.com, pending final company registration details. Until replaced, contact privacy@cleprix.com. If a separate entity later operates the service, this page should be updated with the legal name, registered address, DPO/contact, company number and supervisory authority information.

Scope of this notice

This notice applies to cleprix.com, its static pages, upload forms, email report flows, Custom GPT handoff pages, SEO/GEO resources, future account areas, report requests, support communications and related analytics or security logs. Third-party websites, payment processors, Custom GPT interfaces and model providers have their own terms and privacy notices.

Data we may collect

  • Contact data: email address and messages you send.
  • Submission data: insurance category, document category, provider name if provided, visible price if provided, main question, selected report path, language and consent choices.
  • Uploaded files: insurance quotes, renewal notices, contracts, coverage tables, invoices, claim emails, screenshots and related files.
  • Technical data: IP address or truncated/hash version, browser, device, approximate region, referrer, UTM parameters, timestamps, event logs, upload velocity, file type, file size bucket and error logs.
  • Payment workflow data: payment status, checkout identifiers and limited transaction metadata. Full card data should be handled only by the payment processor.
  • Quality signals: duplicate file hashes, OCR quality, extraction confidence, suspected low-quality or fake material indicators, failed upload events and user feedback.

Sensitive data and minimization

Insurance documents can contain personal data and sometimes sensitive information. You should mask unnecessary identifiers before upload: name, phone, email, full address, bank details, policy number, plate number, claim reference, national ID, social security number and full licence numbers. Do not upload health records, full identity documents or bank statements unless specifically needed and requested in a future protected workflow. We aim to collect the minimum data needed for the selected report path.

Purposes of processing

  • Receive and organize your submission package.
  • Provide a free risk-check handoff or prepare Plus/Pro/Family report workflows.
  • Send email status updates and report delivery messages.
  • Respond to support, privacy and deletion requests.
  • Prevent abuse, spam, fraud, malware, duplicate submissions and misuse.
  • Improve document schemas, glossary, risk flags, prompts, templates and regression tests using privacy-preserving and aggregated signals where possible.
  • Comply with legal, tax, payment, accounting, security and record-keeping obligations.

AI, automation and human review

Cléprix may use AI systems, templates and human review to prepare explanations, risk cards, missing-field lists, draft questions or report sections. AI output can be incomplete or wrong. High-risk issues, claim disputes, legal questions, unclear liability, suspected fraud or low-confidence outputs may require human review or may be refused. We do not use AI output as a binding insurance decision.

Custom GPT and external assistants

Free risk checks may route users to a Custom GPT or other external AI interface. Information entered there is handled under that provider’s account, product and privacy terms. Do not paste unnecessary identifiers. Custom GPT is an intake and preliminary risk-check assistant only; complete Plus/Pro report workflows remain on the website or internal workflow.

Uploaded documents

Uploaded files should be stored in private storage, access-limited to authorized workflows and personnel. Files may be scanned for malware, duplicate hashes, file type, size and quality. We may reject archives, executable files, suspicious files, abusive submissions or files outside the allowed formats.

Cookies, analytics and logs

We may use essential cookies or local storage for language, session, security and form functionality. We may use privacy-conscious analytics to understand visits, page performance, Custom GPT clicks, service page clicks, completed submissions and errors. Where required, non-essential cookies should be disabled until consent is obtained. Security logs may include IP or device data for abuse prevention.

Service providers

We may use hosting, storage, email, payment, analytics, security, AI/model, OCR, logging, customer support and workflow providers. Providers should process data only under contract and for authorized purposes. Examples of provider categories include static hosting, object storage, transactional email, payment checkout, AI APIs, spam prevention and error monitoring.

International transfers

Data may be processed in the EU, United States or other countries depending on providers. Where required, transfers should rely on adequacy decisions, Standard Contractual Clauses, UK addenda, Data Privacy Framework participation where applicable, supplementary measures or another lawful transfer mechanism.

Retention

We keep data only as long as reasonably necessary for the service, security, legal obligations and product improvement. Suggested defaults for testing: raw uploaded files for a limited period unless the user purchases a retained report workflow; form submissions for report delivery and support; payment records as required by law; logs for security and debugging; anonymized or aggregated learning signals longer where they no longer identify a person. Production retention periods should be finalized before launch.

Security

We use reasonable technical and organizational measures such as access controls, private storage, least-privilege workflows, transport encryption, file-type restrictions, logging, backups and staff/process limitations. No internet service is perfectly secure. Users should avoid uploading unnecessary sensitive data and should keep copies of important originals.

EU/UK/US privacy rights

Depending on your location, you may have rights to access, correct, delete, restrict, object, withdraw consent, data portability, opt out of certain processing, limit sensitive data use, and complain to a supervisory authority. EU GDPR rights include information, access, rectification, erasure, restriction, portability and objection. US state rights may include access, deletion, correction, portability and opt-out rights. To exercise rights, contact privacy@cleprix.com. We may verify your request and retain limited records to document compliance.

Children

Cléprix is not intended for children. Do not submit documents for minors unless you are a parent/legal guardian or authorized representative and the document is necessary for the requested insurance-document workflow.

Marketing and communications

We may send service emails related to submissions, reports, support and security. Marketing emails require consent where applicable and should include an unsubscribe option. We do not sell insurer leads as part of the current product concept.

Changes

We may update this Privacy Policy as the product, providers, laws and workflows evolve. Material changes should be posted on the website with an updated date. Continued use after changes may be treated as acceptance where permitted by law.

Contact

Email: privacy@cleprix.com. For production, replace this placeholder with the final legal entity, registered address, DPO or privacy contact and any required supervisory authority information.