Version: 2.0 – Last updated: May 19, 2026.
This legal notice is written in French. Any translation, particularly into English, is provided for informational purposes only. In case of any discrepancy, ambiguity, or difficulty in interpretation between the French version and a translated version, only the French version shall prevail.

Ask Technologies Privacy Policy

1. Introduction

Ask Technologies is a SaaS provider specializing in RAG (Retrieval-Augmented Generation) AI chatbots, offering instant conversation solutions that integrate AI and its clients' data. Data protection is an integral part of Polaria Tech's DNA, which publicly commits as a GDPR-compliant provider, dedicated to the security and confidentiality of processed information. Your privacy is an absolute priority for the company, which ensures that data is stored and managed securely.

This Privacy Policy describes Ask Technologies' commitments regarding privacy, with reference to applicable laws, including Regulation (EU) 2016/679 of April 27, 2016 (GDPR) and the amended French law n°78-17 of January 6, 1978, known as the "Data Protection Act." Polaria Tech ensures compliance with all these legal provisions throughout the entire lifecycle of the data processed.

2. Fundamental Principles

Ask Technologies strictly applies the fundamental principles of personal data protection:

Minimization of Collected Data: Only personal data strictly necessary for the purposes pursued is collected and processed. In accordance with the GDPR's proportionality principle, recorded information must be relevant and limited to what is essential for the activity or service in question.
   
Precise and Legitimate Purposes: Data is collected only for a specific, explicit, and legitimate purpose. Polaria Tech commits to using data only for clearly defined and legal objectives, which are communicated to its clients and users. No data is processed in a manner incompatible with these initial purposes.
   
Confidentiality and Integrity: Polaria Tech guarantees the confidentiality and integrity of processed personal data. This involves preventing any unauthorized access, illegitimate disclosure, or alteration of data. In accordance with the security principles stipulated by regulations, the company ensures that only duly authorized individuals can access personal information, and implements mechanisms to detect any unauthorized modification.

3. Compliance Commitments

Ask Technologies demonstrates an exemplary commitment to GDPR compliance and associated regulations:

Strict GDPR Compliance: All regulatory obligations are respected. Polaria Tech adopts a “Privacy by Design and by Default” approach (data protection from conception and by default), maintains its record of processing activities, and has appointed a Data Protection Officer (DPO) responsible for ensuring compliance with regulations. The company regularly trains its teams on data protection best practices and implements internal compliance control processes.
Processing Localized in the EU: Polaria Tech ensures that all personal data processing takes place exclusively within the European Union. Specifically, data is hosted on secure servers located in France, via OVH's infrastructure, guaranteeing a sovereign and secure architecture. This European sovereignty ensures that data consistently benefits from the level of protection required by European standards.
No Transfers Outside the EEA Without Guarantees: Polaria Tech commits not to transfer personal data to countries outside the European Economic Area (EEA), unless the recipient offers an adequate level of protection or appropriate safeguards in accordance with the GDPR. In practice, an international transfer only occurs if there is a solid legal basis, for example, if the destination country benefits from an adequacy decision by the European Commission or if approved standard contractual clauses are in place. These measures ensure a level of data protection equivalent to that in force within the EU in case of a necessary exception.

4. Advanced Security Measures

To ensure optimal data protection, Ask Technologies implements advanced security measures, both technical and organizational:

Encryption of Data in Transit and at Rest: All personal data managed by Polaria Tech is encrypted during transmission over the network (via TLS/HTTPS protocols) and when stored on our servers. Encryption renders information unreadable to any unauthorized person, thereby guaranteeing its confidentiality even in the event of interception. Furthermore, this mechanism helps preserve data integrity: any unauthorized alteration would be detected during decryption, which protects against fraudulent modifications.
Secure Hosting in France: Polaria Tech's technical infrastructure is hosted in highly secure data centers located in France (OVH provider). These data centers meet the strictest physical and logical security standards (access control, 24/7 surveillance, system redundancy) to protect data against intrusions, disasters, or any other incident. This location in France also ensures the sovereignty of the processed data, which remains under French and European jurisdiction.
Access Restriction and Traceability: Ask Technologies enforces a strict access management policy based on the principle of least privilege. Only duly authorized employees who require access to data as part of their duties can do so. Every access to sensitive information is subject to detailed logging, allowing us to track who accessed what data and when. Regular authorization controls, the use of robust authentication methods (e.g., multi-factor authentication), and internal audits help prevent any inappropriate data access.
Backups and Recovery Plan: Regular data backups are performed to prevent any risk of accidental loss or alteration. Polaria Tech has implemented a business continuity and data restoration plan in the event of a major incident (e.g., outage, disaster, cyberattack...), enabling rapid restoration of service and data integrity. These backups are themselves protected (encrypted and securely stored) and are retained for a defined period before being deleted.

In addition to these measures, Polaria Tech conducts periodic security tests and vulnerability analyses to identify potential flaws and rectify them promptly. The entire security system is regularly updated to incorporate industry best practices and comply with evolving protection standards.

5. Roles and Responsibilities of the Parties

Within the scope of the services provided, data protection relies on a clear distribution of roles among the various stakeholders:

Polaria Tech as a Data Processor: Ask Technologies generally acts as a data processor under the GDPR for the processing of personal data carried out on behalf of its clients. This means that Polaria processes data solely according to the documented instructions of its clients (who are the data controllers) and for the purposes they have determined. In accordance with the legal definition, a processor is the entity that processes personal data on behalf of another organization responsible for the processing. Polaria Tech commits to complying with all obligations incumbent on processors (Article 28 of the GDPR), including: strict confidentiality of data processed on behalf of its clients, implementation of adequate security measures, assisting the client in complying with its own obligations (e.g., for impact assessments or the exercise of data subject rights, see section 6), and promptly notifying the client of any data breach. A Data Processing Agreement is systematically concluded with each client to govern this relationship and specify the responsibilities of each party, in accordance with legal requirements.
Clients (businesses/administrations) as Data Controllers: Polaria Tech's clients, whether public bodies or private companies, are the data controllers for the data they entrust to the chatbot platform. As such, they determine the purposes and means of processing carried out via Polaria's solutions. It is their responsibility to ensure the lawfulness of the data collected (for example, by informing end-users about the use of a chatbot and data collection, or by obtaining consent when necessary) and to ensure that only relevant data is transmitted to Polaria Tech. Clients must also respond to data subject requests concerning their data (with Polaria Tech's support if needed) and, more generally, comply with all GDPR obligations incumbent on data controllers. Polaria Tech provides its clients with all reasonable assistance to help them comply, for example, by providing information on its processing activities to enable clients to document their records, or by offering contractual guarantees of security and confidentiality.
Polaria Tech's Sub-processors: To provide its service, Ask Technologies may use third-party providers who are themselves sub-processors (e.g., for hosting, maintenance, or certain functionalities). The use of any sub-processor is subject to the prior consent of the client acting as data controller, in accordance with the GDPR. Polaria ensures that each of its providers applies data protection measures equivalent to its own. Strict contractual commitments regarding confidentiality, security, and GDPR compliance are imposed on these partners. Polaria Tech remains fully responsible to its clients for any processing carried out by a sub-processor it has appointed. In the event of a change or addition of a sub-processor, Polaria will inform its clients so that they can exercise their right to object or obtain appropriate information.

In summary, Polaria Tech assumes responsibility for protecting the data entrusted to it as a processor, while its clients retain control and responsibility for the data they delegate to it. Each party commits to scrupulously respect its legal and contractual obligations to ensure maximum protection of the personal information concerned.

6. User Rights and Procedures

Ask Technologies attaches particular importance to respecting the rights of individuals whose data is processed. In accordance with the GDPR, each user or data subject has the following rights:

Right of access: You can obtain confirmation that your personal data is being processed by Polaria Tech (or by our clients via our services) and, if applicable, receive a copy of the data concerning you, as well as information on the purposes of processing, recipients, retention period, etc.
Right to rectification: You can request the correction of inaccurate or incomplete data concerning you, so that erroneous information held by Polaria or our clients is rectified as soon as possible.
Right to erasure (right to be forgotten): You can request the erasure of your personal data as soon as possible, particularly if it is no longer necessary for the purposes for which it was collected or if you withdraw your consent (in cases where consent was the legal basis). This right is exercised in compliance with exceptions provided by law (for example, Polaria or the client may need to retain certain data to comply with a legal obligation).
Right to restriction of processing: You have the right to request the temporary suspension of processing your data in certain situations (for example, while a dispute over the accuracy of the data is being resolved). When restriction is granted, the data concerned are marked so that they are no longer subject to any operation other than storage.
Right to data portability: Upon request, in cases provided for by the GDPR, you can receive the personal data you have provided to Polaria Tech (or its client) in a structured, commonly used, and machine-readable format, or request that it be transmitted directly to another data controller if technically feasible. This right facilitates the reuse of your personal data with other services.
Right to object: You can object, on grounds relating to your particular situation, at any time to the processing of your data for a specific purpose, especially if the processing is based on the legitimate interest of the data controller. In the event of an objection, Polaria Tech (or its client) will cease processing the data concerned, unless there are legitimate and compelling grounds requiring the processing to continue or for the establishment, exercise, or defense of legal claims. Furthermore, you can object to receiving marketing communications from us at any time, without justification.
Right to withdraw your consent: When the processing of your data is based on your consent (for example, if you have consented to the chatbot processing some of your information), you have the option to withdraw this consent at any time. The withdrawal of consent has no retroactive effect and will therefore not affect the lawfulness of processing carried out before this withdrawal, but it means that we will cease to use your data for the future in the context concerned.
Right to lodge a complaint with a supervisory authority: In addition to the above rights, if you believe your rights are not being respected, you have the right to lodge a complaint with the competent data protection authority. In France, the supervisory authority is the CNIL (Commission Nationale de l’Informatique et des Libertés). You can contact the CNIL (via its website cnil.fr or by mail) for any complaint regarding the processing of your personal data.

Procedures for exercising your rights: You can exercise your rights at any time by sending a request to Polaria Tech's Data Protection Officer (see section 9 for contact details). If your request concerns data processed by Polaria Tech on behalf of a client (where Polaria acts as a processor), we will forward your request without delay to the client concerned (data controller) and assist them in responding to it, in accordance with our contractual commitments. No automated decision producing legal effects will be made concerning you without your explicit consent or without an appropriate legal basis, in accordance with regulations.

Polaria Tech strives to respond to all requests as quickly as possible and in any event within the one-month period stipulated by the GDPR (which may be extended to two months given the complexity and number of requests). The exercise of these rights is free of charge, except in cases of manifest abuse (repetitive or unfounded requests) where reasonable fees may be charged in accordance with the law. Identity verification may be requested in case of reasonable doubt regarding the applicant's identity, to protect data confidentiality.

7. Data Retention Period

Ask Technologies retains personal data only for the period strictly necessary for the purposes for which it was collected, or to comply with its legal contractual obligations. The fundamental principle applied is that of storage limitation: data cannot be kept indefinitely. An appropriate retention period is defined for each data category, based on its nature and the purpose of processing.

Specifically:

Operational data related to the chatbot service (e.g., conversation content, knowledge bases provided by the client) is retained for the duration of the contract between Polaria Tech and the client, in order to properly provide the service. Some data may be deleted earlier at the request of the client or user if compatible with the service's operation.
Client account data (such as client administrator contact information, login credentials, etc.) is retained for the duration of the contractual relationship. At the end of the contract, Polaria Tech may retain some of this information for the period necessary for termination management, compliance with legal obligations (e.g., retention of invoices and accounting data for the legal period of 10 years), or for the establishment/exercise of legal rights, where applicable.
End-user data (e.g., information about employees or end-customers who have interacted with our client's chatbot) is generally stored according to the parameters defined by each data controller client. Polaria Tech only performs intermediate retention as part of the service and no longer holds the data once the client has retrieved or deleted it according to their own policies. Polaria encourages its clients to define retention policies compliant with CNIL and GDPR recommendations and provides them with the tools to easily export or delete data.

Upon expiration of the defined retention periods, Polaria Tech securely deletes personal data or irreversibly anonymizes it, making it impossible to identify the individuals concerned. Deletions are carried out in a way that prevents any subsequent restoration of the data (e.g., by overwriting backups). As for technical backups, these are purged as soon as they exceed the established retention period.

Polaria Tech may retain data longer in archived form, separate from the active system, when a legal obligation requires it (e.g., retention of connection logs for security or evidence in case of litigation). In this case, archived data is accessible only on a restricted basis and for purposes required by law, before being permanently deleted at the end of the imposed period.

8. Data Breach Management

Despite all preventive measures in place, Ask Technologies has also established a rigorous system for managing security incidents, particularly personal data breaches. A data breach is understood as any incident, whether actual or suspected, resulting in the destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to personal data.

Detection and Responsiveness: Polaria Tech has monitoring and alert systems to quickly detect security anomalies (intrusion attempts, suspicious activity, etc.). When a security incident occurs, an internal emergency procedure is triggered: identification of the nature and extent of the breach, immediate measures to contain the incident (e.g., isolating an affected server, revoking compromised access), and assessment of the risk to affected individuals. The incident is recorded in an internal incident register, in accordance with Article 33(5) of the GDPR, describing the facts, effects, and corrective measures taken.

Notification to Authorities and Individuals: If the personal data breach is likely to result in a risk to the rights and freedoms of natural persons, Polaria Tech (in coordination with the data controller client, where applicable) undertakes to notify the competent supervisory authority (the CNIL in France) as soon as possible and, if feasible, within 72 hours of becoming aware of it. This notification will include all required information (nature of the breach, categories and volume of data concerned, number of affected individuals, probable consequences, measures taken or proposed to address it, etc.). If the 72-hour deadline is exceeded, the notification will be accompanied by the reasons for the delay, in accordance with regulations.

If the breach is likely to result in a high risk to the rights and freedoms of individuals (e.g., disclosure of sensitive data that could lead to significant harm), Polaria Tech will also promptly inform the affected individuals of the incident, the potentially compromised data, and recommendations for protection (e.g., password change, increased vigilance against potential fraud attempts). This notification to individuals will be made unless the data controller client prefers to handle this communication themselves – in all cases, Polaria will assist the client in this process if necessary.

Management and Continuous Improvement: After an incident is contained, Polaria Tech focuses on analyzing the root causes of the breach and implementing necessary corrective actions to prevent recurrence. A post-incident report can be provided to the client, including event details and lessons learned. Polaria prides itself on transparency with its clients in the event of an incident and remains available for any additional assistance (e.g., helping to answer end-user questions or CNIL investigations).

In summary, Ask Technologies has implemented a robust data security crisis management strategy: anticipation (proactive protection measures), rapid detection, effective response, transparent communication, and continuous improvement. These efforts aim to minimize the impact of potential incidents and best protect user privacy.

9. Contact and Additional Information

DPO Contact: Ask Technologies has appointed a Data Protection Officer (DPO) responsible for ensuring compliance with regulations and serving as a point of contact for personal data-related questions. For any questions, requests, or concerns regarding your data or the exercise of your rights (Section 6 above), you can contact our DPO:

   DPO Name: Didier Caradec
   Email: dpo (at) polaria (dot) com
   Postal address: Ask Technologies, 4 PLACE ALBERT EINSTEIN 56000 VANNES FRANCE.

Polaria Tech's DPO is your primary contact for all matters related to data protection. We are committed to providing a diligent and comprehensive response to every request.

Evolution of the Data Protection Policy: This policy may be updated to reflect legal, regulatory, technical, or organizational changes affecting data protection, or to incorporate new features or services offered by Polaria Tech. In the event of substantial changes to our practices, we will inform clients (e.g., via email or a website notification) and/or obtain their consent where required by law. We encourage you to regularly consult this page to review the most recent version. The "Last Updated" date at the top of the document indicates when changes were last made.

By choosing Ask Technologies, you are opting for a partner deeply committed to data sovereignty and protection. Our company strives to earn your trust by ensuring a high level of confidentiality, security, and compliance for your data. For any further information on our data protection approach, please do not hesitate to contact us – we are here to assist you with full transparency on these essential issues.