Privacy Policy

CyberFlair (https://www.cyberflair.net) helps you assess the reliability of a website. This page explains what data we process, why, and what your rights are.

Last updated : 03/06/2026

1) Introduction

CyberFlair is a service that helps you check the reliability of a website and identify risk signals before signing up, entering personal data, or making a purchase.

2) Data Controller

The data controller is the company:

STUDIUM — SARL

SIREN : 903 101 749 — SIRET : 903 101 749 00013

VAT : FR05903101749

RCS : 903 101 749 R.C.S. Cusset

Contact : --

We have not appointed a DPO. For any questions regarding your data, you can contact us at the address above.

3) Data collected

Depending on your use, we may process the following categories of data:

User account

  • First name / Last name
  • Email
  • Registration via form or Google OAuth (name, email)

Site analyses

  • Tested URL
  • IP address (security, anti-abuse, statistics)
  • Analysis result (summary and scores)

AI assistant (chat)

  • Messages exchanged with the assistant (what you type)
  • Technical context related to your request (e.g., URL, internal conversation identifiers)
  • Note: if you mention personal information in the chat, it will be part of the message sent to the AI service.

Forms

  • Messages sent via contact / feedback
  • Context data (date/time, origin page)

Statistics & monetization

  • Google Analytics / Google Tag Manager (audience measurement)
  • Google AdSense (advertising)

We do not sell any data. Information is used for the operation, improvement and security of the platform.

4) Purposes & legal bases

Purpose Data concerned Legal basis (GDPR)
Create / manage an account Name, email Performance of a contract (requested service)
Analyze a URL and display a report URL, IP, results Legitimate interest (security, improvement) + performance of the service
Provide an AI assistant (chat) and respond to requests Chat messages, technical context (e.g., URL, current report) Performance of the service + legitimate interest (support and improvement)
Respond to a request (contact/feedback) Message, email, context Legitimate interest
Audience measurement Navigation data (via Google tools) Legitimate interest (statistics) — subject to cookie rules
Advertising (AdSense) Advertising data/cookies Legitimate interest / consent depending on configuration and obligations

Depending on your country and cookie settings, some processing (especially advertising) may require consent.

Go to the "Cookies" page

5) AI services (analysis & assistant)

Some features may be assisted by AI services: OpenAI (page analysis) and DeepSeek (chat assistant).

Analysis: we send only information from the tested website (e.g., URL, public page content elements, public metadata).
Assistant (chat): we send the content of the messages you type so it can respond. No account information (name, email, etc.) is sent; however, if you write personal information in the chat, it will be part of the message sent.

Analyzed content comes from public web pages, and responses are provided for informational purposes. Avoid sharing sensitive information in the chat.

6) Google AdSense / Google Analytics / Google Tag Manager

We use Google services:

  • Google AdSense: to lightly monetize the service.
  • Google Analytics and Google Tag Manager: for statistics and platform improvement.

Important: at this stage, these services may be loaded directly during your navigation. A "Cookies" page will explain in more detail the categories of cookies/trackers and their purposes, as well as a more comprehensive management system.

7) Retention periods

GDPR requires that data be kept for a <span class="font-semibold text-foreground">limited</span> period, proportionate to the purpose. We apply the following durations (subject to change):

User account

Kept as long as the account is active. The user can request deletion from their profile; we execute deletion within 24h after the request (except legal obligations).

Analyses (URL, IP, results)

Retained for statistics, improvement and anti-abuse purposes: up to 24 months, then deleted or anonymized when possible.

Conversation history (assistant)

Kept to allow follow-up of your exchanges and to improve the service: up to 24 months, then deleted or anonymized when possible. Conversation history is stored in the platform database (Laravel) and may also be stored on Supabase.

Forms (contact/feedback)

Message and exchanges kept for 12 months after last contact, unless extension is needed to handle a dispute.

Newsletter (to come)

Email kept until unsubscription or at most 3 years after last active contact.

Some data may be kept longer when required by law (e.g., accounting obligations) or in case of a dispute, to the extent necessary.

8) Recipients & subprocessors

Data is accessible to:

  • Authorized personnel of STUDIUM (administration and support).
  • Our host Infomaniak (website and database hosting).
  • Technical providers necessary for operation: OpenAI (analysis), DeepSeek (assistant), Supabase (conversation storage), Google (Analytics, GTM, AdSense).

Hosting: platform data (including database) is hosted by Infomaniak.

9) Transfers outside the European Union

Some providers (notably Google, OpenAI and DeepSeek) may process data from countries outside the European Union. If applicable, these transfers are governed by the mechanisms provided for by the regulations (e.g., standard contractual clauses), according to the terms of these providers.

Important: we do not send your account information to AI services. For the assistant, only the messages you type are sent (and therefore any personal information you include in them).

10) Your rights (GDPR)

In accordance with the GDPR, you have the following rights in particular:

  • Right of access
  • Right to rectification
  • Right to erasure (deletion)
  • Right to object
  • Right to restriction
  • Right to data portability (in certain cases)

To exercise your rights, contact us at --. We may ask you for proof of identity if necessary, to prevent fraudulent disclosure.

11) Security

We implement reasonable technical and organizational measures to protect data: access control, restricted administrator access, and secure communications.

No system is infallible, so we invite you to use a strong password and remain vigilant on your own devices.

12) Cookies

Cookies and similar technologies may be used, especially for audience measurement and advertising (Google).

Go to the "Cookies" page

13) Contact & complaint

For any questions about this policy or your data: --.

If, after contacting us, you believe your rights are not respected, you can lodge a complaint with the CNIL (French supervisory authority).

We use cookies to improve your experience

You can accept or refuse audience measurement and advertising cookies. Necessary cookies (session, security) always remain active. See the Cookies page to refine your choices.

Your choice is stored for approximately 6 months. If the legal texts are updated, we may ask you to choose again.