Privacy Policy

Data Controller: Eldaa Consulting

Effective date: 08/06/2026

Last updated: 08/06/2026

Scope: France + European Union

1. Who we are

Eldaana is a conversational digital presence operated by Eldaa Consulting, a micro-enterprise registered in France under SIRET number 991 294 455 00019, headquartered at 231 rue Saint-Honoré, 75001 Paris, France.

Data Controller: Eldaa Consulting, represented by Mr. Fandril MBATA MAYELA, Founder.

Contact for personal data: privacy@eldaana.com

Data Protection Officer (DPO): Not appointed. The Data Controller directly assumes data protection obligations.

2. What this policy is for

This policy explains:

  • what personal data Eldaana collects about you,
  • why we collect it,
  • how we protect it,
  • how long we keep it,
  • and what rights you have to control it.

It applies to anyone using Eldaana in France and the European Union. By using Eldaana, you acknowledge that you have read and understood this policy. Your explicit consent is collected at first login via a dedicated screen.

2.1 What Eldaana is — and what it is not

Eldaana is a personalized conversational digital presence, designed to support users in their daily life, suggest options, help organize certain decisions, and offer a more personal space for exchange.

Eldaana is not:

  • a healthcare professional or medical device,
  • a psychologist, psychiatrist, or therapist,
  • a legal or financial advisor,
  • nor a substitute for a human, family, friendly, or romantic relationship.

Eldaana's responses, even when they take the form of reflections on the future, probabilistic predictions, or personalized advice, are intended to accompany the user and help them think. They never constitute certainties, diagnoses, or individualized professional recommendations.

Eldaana is designed to support users without encouraging exclusive emotional dependency. We reserve the right to limit, rephrase, or interrupt certain interactions when necessary to protect the user, preserve healthy use of the service, or comply with our legal obligations.

If you are going through a difficult time (suicidal thoughts, intense distress, risky behaviors), Eldaana may detect these signals and direct you toward professional help resources. In France: National Suicide Prevention Number 3114 (available 24/7, free and confidential).

3. What data we collect

3.1 Data you provide directly

At login (via Google, Facebook, or LinkedIn):

  • First name, last name
  • Email address
  • Profile picture
  • Preferred language
  • City of residence (declared by you, to personalize weather and transport)

During your conversations with Eldaana:

  • Content of your text and voice messages
  • Answers to questions Eldaana asks during conversational onboarding
  • Corrections you make to your profile

Payment data (only for paid Essential and Premium subscriptions):

  • Processed exclusively by Stripe, our payment provider
  • Eldaa Consulting neither stores nor processes your payment card details directly

3.2 Data Eldaana learns from conversations

With your explicit consent, Eldaana may detect, infer, and store certain information from your exchanges to personalize your experience. This information may include:

  • Socio-demographic data: city and country of residence, year of birth, relationship status, presence and number of children
  • Professional data: type of activity, profession, sector
  • Lifestyle data: dietary preferences, hobbies, modes of transport, active social networks
  • Communication and preference data: preferred response style, routines, interests, personal goals
  • Psychographic data (Premium users only): personal values, life priorities, communication preferences, organizational patterns, expressed aspirations

Eldaana is not designed to intentionally collect or analyze sensitive data within the meaning of GDPR, in particular: physical or mental health data, political opinions, religious or philosophical beliefs, sexual orientation, biometric data, social security number or any national identifier.

Some conversations may contain personal elements that indirectly touch upon these topics. In such cases, these elements are not used for advertising or commercial purposes, are not exploited to establish a sensitive profile, and are processed only to the extent necessary to provide the service or comply with the law.

3.3 Technical data

  • Session logs (anonymized)
  • Daily API call counter
  • Authentication tokens (encrypted)
  • Technical cookies necessary for app operation

We do not use advertising cookies or third-party trackers.

4. Why we collect this data

PurposeLegal basis (GDPR Article 6)
Provide the Eldaana service (conversation, personalized predictions)Performance of contract
Personalize your experience (silent extraction from conversations)Explicit consent
Manage your subscription and paymentsPerformance of contract + legal obligation
Improve the service (anonymized analysis)Legitimate interest
Contact you for important informationLegitimate interest
Comply with legal and tax obligationsLegal obligation

No data is used for advertising or sold to third parties under any circumstances.

More specifically, we NEVER use your data to:

  • build an advertising profile of you,
  • approach you commercially for third-party products,
  • sell or rent this data.

4.1 Use of conversations for improvement and training

By default, conversations with Eldaana are not used by Eldaa Consulting to train its own models.

We may, however, use certain data in an anonymized or aggregated manner for quality measurement, feature improvement, error detection, and adjustment of conversational scenarios.

When we rely on infrastructure providers (Anthropic, Google, Perplexity, etc.), they may process certain data to execute the service, in accordance with their contractual terms. If in the future Eldaa Consulting wishes to use identifiable conversations to train its own systems, this will only be done after clear information to the user and, where GDPR requires it, on the basis of distinct explicit consent.

5. Who we share your data with

ProcessorRoleLocationLegal framework
Anthropic PBCEldaana response generation (Claude models)USAEU SCCs + Data Privacy Framework
Streamlit / SnowflakeApplication hostingUSASCCs + Data Privacy Framework
Supabase Inc.User database hostingEuropean UnionIntra-EU processing, GDPR
Google LLCOAuth authentication + Gemini modelUSASCCs + Data Privacy Framework
Meta Platforms Inc.Facebook OAuth authenticationUSASCCs + Data Privacy Framework
Microsoft CorporationLinkedIn OAuth authenticationUSA / IrelandSCCs + Data Privacy Framework
Perplexity AITransport information searchUSAStandard Contractual Clauses
Stripe Inc.Payment processing (paid subscriptions only)USA / IrelandSCCs + Data Privacy Framework

We never sell, rent, or share your data for commercial purposes with anyone else.

6. International transfers (outside EU)

Several processors are based in the United States. Under GDPR, these transfers are governed by:

  • EU Standard Contractual Clauses (SCCs)
  • EU-US Data Privacy Framework when the processor is certified
  • Technical security measures (encryption in transit and at rest)

Our main database (Supabase) is hosted within the European Union — your conversational and profile data do not leave the EU for storage. You may request a copy of these safeguards via privacy@eldaana.com.

7. How long we keep your data

Data typeRetention period
Account data and user profile24 months after your last activity
Raw conversations (text and voice)12 months after creation, unless early deletion is requested
Derived conversational memory (preferences, learned facts, profile elements)24 months after last relevant interaction, with granular erasure available at any time
Logs or content explicitly saved by the userUntil user deletion or 24 months after last activity
Technical logs12 months
Billing data10 years (French legal tax obligation)
After account deletionErased within 30 days, except legal obligations

Users may request at any time the deletion of a specific conversation, a learned fact, a set of memories, or their entire history.

8. How we protect your data

  • Encryption of authentication tokens (Fernet)
  • Mandatory HTTPS on all connections
  • Row Level Security on Supabase: each user only accesses their own data
  • Regular encrypted backups
  • Periodic security audits
  • Incident response plan: notification within 72 hours in case of a breach likely to pose a risk to your rights, in accordance with GDPR Article 33

9. Your rights

In accordance with GDPR (Articles 15–22) and the French Data Protection Act:

9.1 Right of access

View all your data from the “My Profile” page, section “What Eldaana has learned from chatting with you”.

9.2 Right to rectification

Modify your data from the “My Profile” page, manually or by asking Eldaana.

9.3 Right to erasure (“right to be forgotten”)

Erase a learned piece of information (✕ button) or your entire learning history (“🗑️ Erase everything” button). For complete account deletion: privacy@eldaana.com.

You can also use the !delete command directly in the chat.

9.3 bis — Right to targeted erasure of relational memory

You may request the deletion of a specific information, a preference, or a “memory” learned by Eldaana, without deleting your entire account. This targeted deletion applies to the display in your profile, the relational memory used by Eldaana, and the data stored in our active systems.

9.4 Right to portability

Export your data in JSON from the “My Profile” page → “Export my data”.

9.5 Right to object

Disable silent extraction while continuing to use Eldaana, from settings.

9.6 Right to restriction

Temporarily suspend processing. Contact privacy@eldaana.com.

9.7 Right to withdraw consent

At any time, without affecting the lawfulness of prior processing.

9.8 Right to lodge a complaint

  • France: CNIL — www.cnil.fr
  • European Union: supervisory authority of your country of residence

Response time: maximum one month from receipt of your request.

10. Cookies

Eldaana uses only strictly necessary cookies:

  • Session cookie (maintaining your login)
  • Preferences cookie (language, theme)

No advertising, third-party analytics, or tracking cookies.

11. Minors

Eldaana is intended for users aged 15 and above, in accordance with GDPR Article 8 and French digital majority age.

For users aged 15 to 18: some features may be limited or adapted, some types of interactions may be subject to enhanced safeguards, and we recommend supervised use by a parent or legal guardian when appropriate.

Age verification at signup: a date of birth field is required when creating an account. Accounts declaring an age below 15 are automatically rejected.

12. Changes

This policy may be updated. In case of substantial change, we will notify you:

  • By email
  • By in-app notification
  • By visible update on eldaana.com/privacy

The last update date is shown at the top of the document.

13. Contact us

Email: privacy@eldaana.com

Mail: Eldaa Consulting, 231 rue Saint-Honoré, 75001 Paris, France

← Back to homeFrançais →