Creative Logic
Privacy Policy
Information about the collection, use, and protection of personal data in connection with the CoachPoint service.
This English translation is provided for informational purposes only. The authoritative version is the French original. In case of any conflict, the French version prevails, subject to mandatory consumer-protection rules in the customer's country of habitual residence which may entitle the customer to rely on the translated version.
Last updated
June 21, 2026.
1. Data controller
The data controller within the meaning of the GDPR is Creative Logic, SAS with share capital of 1 000 euros, registered with the RCS de Paris under number 917 887 788, whose registered office is located at 49, rue de Ponthieu, 75008 Paris, France.
Data-protection requests may be sent to privacy@creativelogic.es. No Data Protection Officer has been formally appointed, because Creative Logic's size and activity do not require it within the meaning of Article 37 of the GDPR.
2. Data collected
| Category | Examples |
|---|---|
| Identification data | Last name, first name, email address, account identifiers. |
| Professional data | Coaching activity, niche, positioning, editorial preferences. |
| Provided content | Voice samples, drafts, instructions, generated or edited posts. |
| Subscription and billing data | Plan, subscription status, invoices, payment data processed by Stripe Payments Europe Ltd. |
| Technical data | IP address, connection logs, browser, device type, security events. |
| Usage data | Pages viewed, features used, cookieless audience metrics via Vercel Analytics. |
| Third-party integrations | LinkedIn OAuth identifiers and tokens, only if you enable the auto-publishing feature. |
3. Purposes and legal bases
| Purpose | Legal basis |
|---|---|
| Create and manage your user account | Performance of the contract (art. 6.1.b GDPR) |
| Provide the CoachPoint service and generate content at your request | Performance of the contract (art. 6.1.b GDPR) |
| Personalize editorial style from the examples you provide | Performance of the contract (art. 6.1.b GDPR) |
| Manage subscription, billing, and support | Performance of the contract and legal accounting obligations (art. 6.1.b and 6.1.c GDPR) |
| Secure the service and prevent abuse | Creative Logic's legitimate interest in protecting the service and its users (art. 6.1.f GDPR) |
| Measure anonymous audience data for the site and application | Legitimate interest in understanding usage, without cookies or trackers (art. 6.1.f GDPR) |
| Transactional communications | Performance of the contract (art. 6.1.b GDPR) |
| Marketing communications, where applicable | Consent (art. 6.1.a GDPR), withdrawable at any time |
| Publish on LinkedIn on your behalf after your explicit approval | Performance of the contract and OAuth authorization that you grant (art. 6.1.b GDPR) |
4. Artificial intelligence and automated decisions
The CoachPoint service uses language models that statistically generate post suggestions based on the voice elements and instructions you provide. The models are provided by OpenAI and accessed via the OpenRouter aggregator.
Generated content is statistical suggestions intended to be reviewed, modified, and validated by you before any publication. In accordance with Article 50 of Regulation (EU) 2024/1689, Creative Logic identifies content produced by artificial intelligence by appropriate technical means.
Creative Logic does not reuse your personal data, voice samples, or drafts to train, fine-tune, or improve artificial intelligence models. No decision producing legal effects concerning you or significantly affecting you is made by CoachPoint in an exclusively automated manner.
5. Recipients and processors
Data may be accessible to authorized Creative Logic personnel and to service providers necessary for the service, subject to contractual confidentiality and security commitments.
| Processor | Role | Country |
|---|---|---|
| Vercel Inc. | Website and web application hosting | Registered office: United States; data processing: European Union (Paris, Vercel region cdg1) |
| Supabase Pte. Ltd. | Storage and database | Registered office: Singapore; data processing: European Union (Frankfurt, AWS eu-central-1 region) |
| Stripe Payments Europe Ltd | Payment and billing processing | Ireland (EU) |
| Resend, Inc. | Transactional email sending | United States |
| OpenAI, L.L.C. via OpenRouter, Inc. | AI content generation | United States |
| LinkedIn Ireland Unlimited Co. | Content publication, only if you enable auto-publishing | Ireland (EU); certain processing in the United States |
| Vercel Analytics + Speed Insights | Anonymous audience measurement, cookieless | EU hosting (Vercel) |
Full details, including categories of shared data, durations, and safeguards, appear in our Data Processing Addendum (DPA), available on request at privacy@creativelogic.es.
6. Transfers outside the European Union
CoachPoint user data is stored and processed in the European Union, including for application hosting through Vercel in Paris, Vercel region cdg1, and for database storage through Supabase in Frankfurt, AWS eu-central-1 region.
No effective transfer of personal data to the United States or Singapore takes place as part of Vercel application hosting or Supabase hosting, although the contractual relationships with Vercel Inc. and Supabase Pte. Ltd. are governed by the Standard Contractual Clauses.
Some operational processors, including Resend, Inc. for transactional email, OpenAI, L.L.C. via OpenRouter, Inc. for AI generation, and LinkedIn for the optional auto-publication mode, nevertheless process data in the United States. These transfers are governed by the Standard Contractual Clauses approved by the European Commission, supplemented where applicable by additional measures.
For transfers to the United States, we also rely, where applicable, on the EU-U.S. Data Privacy Framework for certified processors.
7. Retention periods
| Data | Duration |
|---|---|
| Active user account | Account duration |
| Account data after closure | 6 months, backups included, unless earlier deletion is requested |
| Billing data | 10 years, in accordance with accounting obligations |
| Content and drafts | Account duration, or deletion by the user from the interface |
| Security logs | 12 months |
| Marketing data | Until consent is withdrawn, or 3 years from the last contact |
| Cookies and trackers | According to the Cookie Policy |
8. LinkedIn integration (Mode B - future feature)
If and when CoachPoint offers a direct auto-publishing feature on LinkedIn, it will only be activated after your separate explicit consent and OAuth authorization of your LinkedIn account.
This integration is not active by default. This policy will be updated before any deployment of this feature.
9. Data subject rights
In accordance with Articles 15 to 22 of the GDPR, you have the following rights:
- Right of access to your personal data
- Right to rectification of inaccurate data
- Right to erasure, or right to be forgotten
- Right to restriction of processing
- Right to data portability
- Right to object to processing based on legitimate interest
- Right to withdraw consent where processing is based on consent
- Right to define instructions concerning your data after your death
To exercise these rights, contact us at privacy@creativelogic.es. We will respond within one month, which may be extended by two months in the case of a complex request. You may also lodge a complaint with the CNIL.
10. Security
Creative Logic implements reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or disclosure.
- Encryption of data in transit (TLS)
- Encryption at rest on databases
- Multi-factor authentication for administrative accounts
- Restriction of data access to authorized persons only
- Access logging and monitoring
- Periodic risk assessment
Because no security measure can guarantee absolute protection, Creative Logic may not be held liable for incidents beyond its reasonable control.
11. Changes to this policy
This policy may be modified to reflect changes in the service, processors used, or applicable regulations. Substantial changes will be notified to you by email or by in-service notification at least 30 days before they take effect.
12. Contact
For any question about this policy or use of your data:
Email: privacy@creativelogic.es
Postal mail: Creative Logic, 49 rue de Ponthieu, 75008 Paris, France