Legal

Privacy Policy

Last updated: April 2026

1. Introduction

FLEINZ, a SASU (Société par Actions Simplifiée Unipersonnelle), publisher of the Gio application (app.hellog.io) and website (hellog.io), is committed to protecting the privacy of its users. This policy describes what data is collected, why, how it is used, and your rights under the General Data Protection Regulation (EU 2016/679) and the French Data Protection Act (loi n° 78-17 du 6 janvier 1978 modifiée).

2. Data Controller

The data controller is FLEINZ, SASU with a share capital of €100, registered at 2 Rue du Lomont, 25230 Dasle, France. SIREN: 983 629 387. Represented by Floran Aubry, President. Contact: gio@hellog.io.

3. Data Collected

We collect the following categories of personal data, each with its specific purpose and legal basis under GDPR Article 6:

DataPurposeLegal basis (GDPR art. 6)
Email addressAccount creation, communicationsContract performance (art. 6.1.b)
Name / first nameAccount personalizationContract performance (art. 6.1.b)
Phone number (optional)Phone verification, SMS notificationsConsent (art. 6.1.a)
Usage data (pages visited, features used)Service improvement, analyticsLegitimate interest (art. 6.1.f)
Coaching data (clients, sessions, billing)Core service deliveryContract performance (art. 6.1.b)
Technical data (IP, browser, device)Security, fraud preventionLegitimate interest (art. 6.1.f)
Conversation data (AI chat)AI assistant functionalityContract performance (art. 6.1.b)

4. Data Storage and Security

  • Data is stored on Supabase infrastructure (AWS, EU region where applicable)
  • Application hosted on Vercel (serverless, edge network)
  • Voice processing (STT/TTS) runs on a self-hosted VPS — audio data is processed in real-time and not stored permanently
  • All data is transmitted over HTTPS/TLS
  • Database access is protected by Row Level Security (RLS) policies
  • Passwords are hashed; API keys are never exposed to the client

5. Data Retention

  • Account data: retained as long as the account is active, then deleted within 30 days of account deletion
  • Coaching data (clients, sessions): retained as long as the account is active
  • AI conversation history: retained for 12 months, then automatically purged
  • Server logs: retained for 90 days for security purposes
  • Invoicing data: retained for 10 years (French legal obligation, article L123-22 Code de commerce)

6. Data Sharing

FLEINZ does not sell personal data to third parties. Data may be shared with the following processors:

  • Supabase (database hosting) — as data processor
  • Vercel (website hosting) — as data processor
  • OpenRouter / Anthropic (AI model providers) — conversation content sent for processing, subject to their respective privacy policies
  • SMS Factor / Onoff Business (SMS services) — phone numbers for verification/notifications
  • ManyChat (Instagram integration) — Instagram user data for messaging
  • Payment processors (when billing features are active)

All processors are bound by data processing agreements (DPA) per GDPR Article 28.

7. International Transfers

Some processors (Vercel, OpenRouter, Anthropic) may process data outside the EU/EEA. Such transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, or the processors' adequacy mechanisms. Users can request information about specific safeguards by contacting gio@hellog.io.

8. Your Rights (GDPR Articles 15–22)

You have the following rights regarding your personal data:

  • Access (art. 15): obtain a copy of your personal data
  • Rectification (art. 16): correct inaccurate data
  • Erasure (art. 17): request deletion of your data ("right to be forgotten")
  • Restriction (art. 18): restrict processing in certain circumstances
  • Data portability (art. 20): receive your data in a structured, machine-readable format
  • Objection (art. 21): object to processing based on legitimate interest
  • Withdraw consent (art. 7): withdraw consent at any time for consent-based processing

To exercise any of these rights, contact: gio@hellog.io.

Response time: within 30 days (extendable by 60 days for complex requests, per GDPR art. 12.3).

9. Right to Lodge a Complaint

If you believe your data rights have been violated, you can lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés).

Website: https://www.cnil.fr — Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France.

10. Cookies

  • Essential cookies: session management, language preference (i18n_redirected), color mode — no consent required (strictly necessary)
  • Analytics cookies: none at this time
  • Users can configure cookie preferences in their browser settings. For more information: https://www.cnil.fr/fr/cookies-et-autres-traceurs

11. Children's Data

Gio is not intended for children under 16 years of age. FLEINZ does not knowingly collect data from children under 16. If a parent or guardian learns that their child has provided personal data, they should contact gio@hellog.io.

12. Changes to This Policy

This policy may be updated. Users will be notified of material changes by email or in-app notification. The "last updated" date at the top of this page reflects the most recent revision. Continued use of the service after changes constitutes acceptance.

13. Contact

For any privacy-related questions: gio@hellog.io — Data controller: FLEINZ, 2 Rue du Lomont, 25230 Dasle, France.

For any questions, contact us at gio@hellog.io