Privacy Policy
Effective Date: 30 June 2025
Matique SAS (“Matique”, “we”, “us”, or “our”) values your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal data in connection with your use of our website and services. It applies to users in the European Economic Area (EEA), the United Kingdom (UK), the United States, and other jurisdictions where we operate.
We comply with the General Data Protection Regulation (EU GDPR), the UK General Data Protection Regulation (UK-GDPR), the Data Protection Act 2018, the ePrivacy Directive, and U.S. state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), Virginia CDPA, and Colorado CPA.
1. Who We Are
Matique SAS
14 rue Vivienne, 75002 Paris – France
Email: privacy @ matique .co
Matique is the controller of your personal data when you interact with our website and marketing. When you use our products or services as a client, we may act as a processor on your behalf.
2. Definitions
For clarity, the following terms are used throughout this Privacy Policy:
Client: A business entity that uses Matique’s platform and services.
End-user: An individual interacting with a voice assistant deployed by a client (e.g. a website visitor or phone caller).
Controller: The entity that determines the purposes and means of processing personal data. Matique acts as a controller when handling its own client or prospect data.
Processor: The entity processing personal data on behalf of a controller. Matique acts as a processor when handling end-user data on behalf of its clients.
Personal Data: Any information relating to an identified or identifiable individual.
Usage Data: Data automatically collected when using the platform, such as IP addresses, device/browser info, session duration, or interaction logs.
Data Subject: Any natural person whose personal data is being processed.
2.1 When We Are a Controller vs. Processor
As Controller: We collect and use your personal data for our own purposes (e.g., when you visit our site, subscribe to newsletters, or contact us).
As Processor: We process personal data on behalf of our clients when they use our platform. In these cases, our clients remain the data controllers, and we act under their instructions, per Art. 28 GDPR and UK-GDPR.
3. Personal Data We Collect
We collect and process two categories of personal data:
Client data: information about our business clients and their teams, where Matique acts as the data controller.
End-user data: information processed on behalf of our clients during interactions with voice assistants, where Matique acts as a data processor under client instructions.
We retain personal data only as long as necessary to provide our services, meet contractual or legal obligations, or protect legitimate interests. Operational data (e.g. conversations, transcripts, contact details) is retained for no longer than 12 months, unless a shorter period is requested by the client. Specific default retention periods are outlined below.
3.1 Data We Collect as Controller (About Our Business Clients)
Data Category | Examples | Legal Basis | Purpose | Retention |
Identification | Client contact name, company | Art. 6(1)(b)/(f) GDPR & UK-GDPR | Contract management | 36 months from end of contract |
Contact | Email, phone | Art. 6(1)(a)/(f) GDPR & UK-GDPR | Communication, updates, billing | 36 months from last interaction or until consent withdrawal |
Usage & Device | Login IP, browser, usage logs | Art. 6(1)(f) GDPR & UK-GDPR | Platform performance, support | 13 months (per CNIL) |
Payment | Billing address, invoice info | Art. 6(1)(b) GDPR & UK-GDPR | Payment and legal accounting | 10 years (legal requirement) |
Data Category | Examples | Legal Basis | Purpose | Retention |
When clients connect third-party tools, we store required credentials (e.g. API keys or tokens) securely and use them only to operate the service. These credentials are encrypted at rest and deleted upon request or disconnection.
3.2 Data We Process as Processor (About Our Clients’ End Users)
Data Category | Examples | Legal Basis (on behalf of client) | Purpose | Retention |
Voice Input & Transcripts | Spoken input, transcription text | Client’s instructions (Art. 28 GDPR) | Providing voice assistant functionality | Up to 12 months (client-configurable) |
Recordings | Audio recordings (if enabled) | Client’s instructions (consent or legitimate interest) | QA, compliance, training (if used) | Up to 12 months (if enabled) |
Metadata | Call duration, timestamps, source info | Same | Analytics, system performance | 12 months |
Contact Placeholders | Temporary names for unknown callers | Same | Personalization, fallback IDs | Anonymized after 30 days |
Other Notes on End-User Data
Matique does not knowingly collect data from children under 16 in the EEA/UK or under 13 in the United States.
Transcripts, recordings, and metadata are only used to improve service quality when explicitly permitted by the client.
Clients may request early deletion of their data by contacting privacy@matique.co or using in-platform controls. Requests are processed within 10 business days.
4. Cookies and Tracking Technologies
We use cookies to enhance your experience, analyze traffic, and personalize content.
Strictly Necessary Cookies – Essential for site functionality.
Analytics Cookies – Track performance (stored max 13 months).
Preference Cookies – Remember settings like language.
Marketing Cookies – Not currently used. If used in the future, we will request prior consent.
See our Cookie Policy or adjust preferences via the cookie banner.
5. Sharing Your Data
We may share your data with:
Authorized employees, bound by confidentiality.
Processors/subcontractors, under Art. 28 GDPR/UK-GDPR (e.g., hosting, analytics, CRM).
Public authorities, if legally required or necessary for legal claims.
We do not sell or share your personal data for monetary gain or behavioral profiling.
6. International Data Transfers
We transfer personal data outside the EEA and UK only with appropriate safeguards:
From the EEA: Standard Contractual Clauses (SCCs) under EU law.
From the UK: UK International Data Transfer Agreement (IDTA) or UK Addendum to the SCCs approved by the ICO.
From the U.S., where applicable, using contracts consistent with state privacy laws.
7. Security
We apply appropriate technical and organizational measures, including:
SSL encryption
Access controls and authentication
Regular audits and penetration tests
Data breach procedures in line with GDPR/UK-GDPR and U.S. standards
8. Your Rights (EU & UK Residents)
You have the right to:
Access your data
Rectify incorrect data
Erase data (“right to be forgotten”)
Restrict processing
Object to processing
Data portability
Withdraw consent at any time
To exercise these rights, contact: privacy @ matique .co
9. U.S. State Privacy Notice
If you are a resident of California, Colorado, Virginia, or another U.S. state with privacy laws, you may have additional rights:
The right to know what personal data we collect, use, disclose, or sell
The right to request deletion of your personal data
The right to correct inaccurate data
The right to opt-out of the sale or sharing of personal data
The right to non-discrimination for exercising these rights
How to exercise your U.S. privacy rights:
Email: privacy @ matique .co
Subject: “U.S. Privacy Request”
We may require identity verification before processing your request.
U.S. “Do Not Sell or Share” Disclosure
We do not sell or share personal data as defined under the California Consumer Privacy Act (CCPA/CPRA). If this changes, we will update this policy and provide opt-out mechanisms.
Authorized Agents
California residents may use an authorized agent to submit a request. The agent must provide proof of authorization and identity.
Children's Data (U.S.)
We do not knowingly collect personal data from children under 13. If we become aware that a child has submitted personal data, we will delete it promptly.
10. Supervisory Authority Contacts
EU/EEA Users:
https://edpb.europa.eu/about-edpb/about-edpb/members_en
UK Users:
Information Commissioner’s Office (ICO)
https://ico.org.uk
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Phone: +44 303 123 1113
11. Marketing Communications
You may receive service or feature updates. You can opt-out via unsubscribe links or by contacting privacy@matique.co.
12. Policy Updates
We may update this policy. Significant changes will be announced. The effective date is at the top of this page.
13. Contact Us
Matique SAS
14 rue Vivienne, 75002 Paris – France
Email: privacy @ matique .co
