Sigora

Last updated: April 2026

Privacy Policy

1. Introduction

Sigora (Agen, France) operates the AI workspace platform accessible at app.sigora.eu ("the Service"). This Privacy Policy explains how we collect, use, store, and protect your personal data, and describes your rights under applicable law, including the European General Data Protection Regulation (GDPR) and, where applicable, the California Consumer Privacy Act (CCPA).

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

Information you provide directly

  • Account information: name, email address, password (hashed)
  • Profile information: company name, role, team size
  • Workspace content: documents, tasks, goals, messages, files, and other content you create within the Service
  • Payment information: billing details processed securely through Stripe. We do not store card numbers.

Information collected automatically

  • Usage data: features used, pages visited, actions performed, session duration
  • Device information: browser type, operating system, IP address, device identifiers
  • Cookies and similar tracking technologies (see Section 12)

4. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

  • Performance of a contract: to provide you with the Service you signed up for
  • Legitimate interests: to improve the Service, ensure security, and prevent fraud
  • Consent: for analytics cookies and marketing communications (you may withdraw at any time)
  • Legal obligation: where required by applicable law

5. How We Use Your Information

  • To provide, operate, and maintain the Service
  • To personalize your workspace and power AI features
  • To process payments and manage subscriptions
  • To send transactional communications (account confirmations, invoices, security alerts)
  • To send product updates and marketing communications (with your consent, opt-out available at any time)
  • To analyze usage and improve the Service
  • To detect, prevent, and respond to fraud, abuse, or security incidents
  • To comply with legal obligations

6. AI and Your Data

Your workspace content (goals, tasks, documents, messages) is used in real-time to power AI features within your workspace. We do not use your business data or workspace content to train general AI models. Data sent to third-party AI model providers (see Section 7) is governed by their respective Data Processing Agreements and is not retained for model training purposes.

7. Data Sharing and Sub-processors

We do not sell your personal data. We may share data with the following service providers acting as data processors on our behalf:

  • Stripe - payment processing (DPA available)
  • Clerk - authentication and identity (DPA available)
  • Vercel - website hosting (DPA available)
  • Railway - application hosting (DPA included in terms of service)
  • Anthropic - AI inference (DPA available)

Other disclosures:

  • With law enforcement or regulatory authorities when required by applicable law
  • In connection with a merger, acquisition, or sale of assets (you will be notified)

8. International Data Transfers

Sigora is based in France. Some of our sub-processors are located outside the European Economic Area (EEA), including in the United States. Where we transfer your data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) and at rest
  • Role-based access controls
  • Regular security audits
  • Secure password hashing

In the event of a personal data breach that poses a risk to your rights, we will notify the relevant supervisory authority (CNIL) within 72 hours and affected users without undue delay, as required by GDPR.

10. Data Retention

We retain your personal data for as long as your account is active. Upon account deletion, we remove your personal data within 30 days. Certain data may be retained longer where required by law (e.g., financial records for 10 years under French law). Anonymized and aggregated usage data may be retained indefinitely.

11. Your Rights

Under GDPR (EU/EEA users)

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request erasure of your data ("right to be forgotten")
  • Restrict or object to certain types of processing
  • Data portability (receive your data in a structured, machine-readable format)
  • Withdraw consent at any time (without affecting prior processing)
  • Lodge a complaint with your national data protection authority (in France: the CNIL at cnil.fr)

Under CCPA (California residents)

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of your personal information (we do not sell personal data)
  • Non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at: privacy@sigora.eu

We will respond to all requests within 30 days.

12. Cookies

We use the following types of cookies:

  • Essential cookies: required for authentication and session management (Clerk). Cannot be disabled.
  • Functional cookies: to remember your preferences and improve your experience. Require your consent.

You can manage or withdraw cookie consent at any time through the cookie banner on our website or your browser settings.

13. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us at contact@sigora.eu and we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service at least 30 days before they take effect. The date of the latest revision is indicated at the top of this page.

15. Contact and Complaints

For any questions about this Privacy Policy or your data: contact@sigora.eu

If you are located in the EU and believe we are processing your data unlawfully, you have the right to lodge a complaint with your local supervisory authority. In France: CNIL at cnil.fr