Privacy Policy
Effective date: 2 May 2026
This Privacy Policy explains how Cielle AI (“Cielle,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal data when you or your organisation uses the Cielle AI platform, our website at cielle.ai, the application at app.cielle.ai, and any related integrations or channels (collectively, the “Service”).
1. Who we are and our role
Cielle AI provides an AI-powered assistant platform used by professional services firms (our “Customers”) to support their employees and end-users (“Authorised Users”).
- When a Customer uses the Service to process information about its own employees, clients, or contacts, the Customer is the data controller and Cielle is a data processor acting on the Customer’s instructions under our Data Processing Addendum.
- When you interact directly with our marketing website, contact us, or sign up for an administrator account, Cielle is the data controller for that limited set of personal data.
2. Information we collect
2.1 Account information
When an Authorised User registers for or is provisioned an account, we collect their name, work email address, organisation, role within the organisation, and authentication credentials (or third-party sign-in identifiers). Passwords are stored only as salted hashes; we never see plain-text passwords.
2.2 Conversation content
The Service is built around conversations with AI agents. We process the messages Authorised Users send to and receive from those agents, including any text, files, images, audio, or structured data they include. This content may contain personal data about the user, their colleagues, or third parties, depending on what the user chooses to share.
2.3 Documents and knowledge sources
Customers and Authorised Users may upload documents or connect knowledge sources (for example, file shares, intranets, or wikis) that the Service indexes so that agents can retrieve relevant information. We process the contents of those documents on the Customer’s instructions.
2.4 OAuth-connected services
With the explicit consent of the Authorised User or Customer administrator, the Service can integrate with third-party platforms such as Google Workspace, Microsoft 365, Dropbox, Microsoft Teams, Telegram, Google Chat, and WhatsApp. When an integration is connected, we receive only the data necessary to perform the requested function — for example, calendar events, email metadata, or files the user has selected to make available to the Service. Tokens issued by these third parties are stored encrypted in our secrets store (HashiCorp Vault) and can be revoked at any time through the third party’s settings or by the Customer administrator.
2.5 Usage and technical data
We automatically collect technical information necessary to operate, secure, and improve the Service, including IP address, browser type and version, operating system, language preference, page-view and feature-usage events, request timestamps, error reports, and aggregate token-consumption metrics for billing and capacity planning.
2.6 Information from communications with us
If you contact us by email or through any other channel, we keep a record of the correspondence and any information you choose to provide so that we can respond to your enquiry.
3. How we use information
We use personal data to:
- provide, maintain, and improve the Service, including responding to user requests, generating AI responses, retrieving relevant knowledge, and integrating with third-party platforms;
- administer Customer accounts, authenticate Authorised Users, and enforce permissions;
- monitor performance, diagnose problems, prevent abuse, detect security incidents, and protect the integrity of the Service;
- generate aggregate, de-identified statistics about how the Service is used so that we can improve it; and
- comply with legal obligations, exercise legal rights, and respond to lawful requests from public authorities.
We do not sell personal data, and we do not use Customer conversation content or uploaded documents to train foundational AI models for ourselves or any third party.
4. Legal bases for processing (EEA / UK users)
If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR / UK GDPR:
- Contractual necessity — to provide the Service to the Customer and to administer Authorised User accounts;
- Legitimate interests — to secure, monitor, and improve the Service, prevent abuse, and operate our business, where those interests are not overridden by your rights and freedoms;
- Consent — for optional integrations that you actively connect (for example, OAuth-based access to email, calendar, or storage), and for any other processing that requires consent under applicable law; and
- Legal obligation — where we are required by law to retain or disclose information.
You may withdraw any consent you have given at any time, without affecting the lawfulness of processing that occurred before the withdrawal.
5. Sharing and sub-processors
We share personal data with carefully selected service providers (“sub-processors”) that help us operate the Service. Each sub-processor is bound by contractual obligations consistent with our commitments to Customers and applicable data protection law. Our current sub-processors are:
| Sub-processor | Purpose | Processing region |
|---|---|---|
| Hetzner Online GmbH | Primary application hosting (compute, database, storage, networking) | Frankfurt, Germany |
| Anthropic, PBC | Large-language-model inference (Claude family) | United States / European Union |
| OpenAI, L.L.C. | Large-language-model inference | United States / European Union |
| Google LLC / Google Cloud | Large-language-model inference (Gemini); Google Workspace integration APIs | United States / European Union |
| Microsoft Corporation / Microsoft Azure | Microsoft Teams bot infrastructure; Microsoft 365 integration APIs | European Union / United States |
| xAI Corp. | Large-language-model inference (Grok family) | United States |
| DeepSeek | Large-language-model inference | Outside the EEA |
| RunPod, Inc. | GPU inference for embedding generation and audio transcription | European Union / United States |
| Cloudflare, Inc. (R2) | Object storage for uploaded files | European Union |
Secrets and credentials are managed in a self-hosted HashiCorp Vault instance running on our Hetzner infrastructure; no third party processes those secrets on our behalf.
We will give Customers reasonable advance notice of any material change to our sub-processor list, in accordance with our Data Processing Addendum, and Customers may object to a new sub-processor on reasonable data-protection grounds.
Beyond sub-processors, we may disclose personal data only:
- to the Customer that controls the relevant account;
- to professional advisers (lawyers, auditors, accountants) under duties of confidentiality;
- to a successor entity in connection with a merger, acquisition, financing, or sale of all or part of our business (subject to equivalent protections); and
- where required by law, court order, or to protect the rights, property, or safety of Cielle, our Customers, or others.
6. International data transfers
The Service is primarily hosted in Frankfurt, Germany. Some of our sub-processors are located outside the European Economic Area or the United Kingdom. Where personal data is transferred to such a country that has not been recognised as providing an adequate level of protection, we rely on appropriate safeguards, principally the European Commission’s Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable), supplemented by additional technical and organisational measures where necessary.
7. Security
We implement administrative, technical, and physical safeguards designed to protect personal data against unauthorised access, alteration, disclosure, and destruction, including:
- encryption of data in transit using TLS 1.2 or higher between users, our services, and our sub-processors;
- encryption at rest for sensitive credentials and secrets in HashiCorp Vault;
- strict logical isolation between Customer tenants so that one Customer’s data is never returned to another Customer;
- role-based access controls and the principle of least privilege for Cielle personnel, with access restricted to staff who need it to operate or support the Service;
- continuous logging, monitoring, and alerting on the production environment; and
- regular software updates, dependency reviews, and security testing.
No system can be guaranteed to be completely secure. If we become aware of a personal data breach affecting Customer or Authorised User data, we will notify affected Customers without undue delay and in accordance with applicable law.
8. Data retention and deletion
We retain personal data for as long as a Customer’s account is active and as necessary to provide the Service. Conversation history, uploaded documents, and indexed knowledge are retained until the Customer or Authorised User deletes them, or until the Customer’s account is closed.
On termination of a Customer’s subscription or upon written request, we will delete or return Customer data within a reasonable period (and in any event within 30 days), except for copies that we are legally required to retain or that are kept in routine backup media. Backups are overwritten on a rolling basis.
Aggregated and de-identified information that no longer identifies an individual may be retained for analytics and product-improvement purposes.
9. Your rights
Depending on where you live, you may have the following rights in relation to your personal data:
- Access — to obtain a copy of the personal data we hold about you;
- Rectification — to correct inaccurate or incomplete data;
- Erasure — to have your personal data deleted, subject to certain exceptions;
- Restriction — to limit the processing of your data in certain circumstances;
- Portability — to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller;
- Objection — to object to processing based on legitimate interests;
- Withdrawal of consent — where processing is based on consent;
- Non-discrimination — to not be discriminated against for exercising your rights (California residents); and
- Complaint — to lodge a complaint with your local data protection authority.
California residents have specific rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively “CCPA”), including the right to know what personal information we collect, the right to delete that information, the right to correct inaccurate information, and the right to opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioural advertising.
Where Cielle acts as a data processor for a Customer, requests to exercise these rights should generally be directed to the Customer that controls the data. We will support our Customers in responding to such requests as required by our Data Processing Addendum. You may also contact us directly using the details below and we will route the request appropriately.
10. AI processing of your data
When an Authorised User sends a message or uploads content, that content is transmitted in real time to one or more of the AI providers listed in section 5 so that the model can generate a response. Each request is processed under contractual terms with the relevant provider that prohibit the use of our Customers’ content to train that provider’s foundational models.
AI outputs are generated probabilistically and may be inaccurate or incomplete. Outputs should not be relied upon as legal, financial, medical, accounting, tax, or other professional advice. Customers and Authorised Users are responsible for reviewing AI outputs before relying on them or sharing them with third parties.
11. Cookies and similar technologies
The marketing website at cielle.ai uses only strictly necessary cookies required to serve the page. The application at app.cielle.ai uses cookies and local browser storage that are necessary to keep you signed in, remember your preferences (such as theme), and protect against cross-site request forgery. We do not use third-party advertising or cross-site tracking cookies.
12. Children’s privacy
The Service is not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us so that we can delete it.
13. Changes to this Policy
We may update this Policy from time to time. When we do, we will revise the “Effective date” at the top of this page. If the changes are material, we will provide additional notice (for example, by email to Customer administrators or by an in-application notification) before the changes take effect.
14. Contact us
For privacy questions, to exercise your rights, or to report a suspected security issue, please contact us at contact@cielle.ai. We will respond within a reasonable timeframe and, where required by law, within the period prescribed.