Privacy Policy – InPerson

Last Updated: 6 May 2025

1. Who We Are & Scope

InPerson SAS (“InPerson”, “we”, “us”, “our”) is a Paris-based company (34 rue Dauphine, 75006 Paris, France). We collect, process, and provide structured datasets via web platforms, APIs, and the Snowflake Marketplace. This Policy covers both our role as a controller of sourced and licensed data and as a processor of customer-provided data under our Data Processing Addendum (DPA).

2. What We Collect

• Public Data: Public websites, social media posts, official records.
• Licensed Data: Third-party datasets acquired under contract.
• Customer Data: Data you upload for enrichment or analysis.
• Identifiers & Metadata: Names, titles, URLs, dates, tags, geolocation.
• Usage & Technical: Access logs, IPs, device/browser info, API usage.
• Contact Info: Business contact names, emails, roles.
• Consent-Based Samples: Voice or image samples only with explicit consent.

3. Where We Get Data

• Public Web Crawling: Respecting terms of service and robots.txt.
• Official Sources: Registries, publications, and licensed APIs.
• Customer Inputs: Uploaded datasets, streams, and files.

All records include provenance metadata (source URL/ID, timestamp, license tag) for traceability.

4. Purposes & Legal Bases

1. Service delivery & improvement (contract; legitimate interests).
2. Data governance, quality, and normalization (legitimate interests; legal obligation).
3. Security, fraud prevention, and abuse detection (legitimate interests; legal obligation).
4. Support and communications (contract; consent).
5. Analytics & research (legitimate interests; consent for non-essential use).
6. Feature engineering & modeling (no deceptive or impersonation use; legitimate interests; consent for voice).
7. Legal compliance (legal obligation).

You may object to processing based on legitimate interests at any time (Section 12).

5. Marketplace Permitted Uses & Restrictions

• Permitted: Evaluation, internal analytics, enrichment, ML feature development.
• Prohibited: Re-identification, private surveillance, deceptive content, impersonation.
• No model training on PII without documented lawful basis and adherence to this Policy.
• Data includes detailed provenance fields for auditability.

6. Cookies & Tracking

We use essential cookies for security and navigation. With consent, we use analytics cookies to measure site usage. Manage cookie preferences via our banner or browser settings. We do not honor non-standardized "Do Not Track" signals.

7. Sharing & Disclosures

• Customers & Consumers: Under license terms restricting reuse and onward sharing.
• Service Providers: Hosting, analytics, QA under NDA and DPAs.
• Cloud/Integration Partners: Snowflake, cloud hosts for data delivery.
• Legal & Compliance: Courts, regulators as required by law.

We do not "sell" personal data in the traditional sense. See Section 13 for opt-out rights.

8. International Transfers

Data transferred outside the EEA/UK is protected by EU Standard Contractual Clauses (SCCs), UK IDTA, or other lawful safeguards. Additional measures include encryption and access controls.

9. Security Measures

We implement industry-standard controls: encryption in transit and at rest, role-based access, least-privilege, regular audits, vulnerability scanning, incident response, and personnel training.

10. Data Retention

• Public/licensed data: Retained as needed for our services and data integrity.
• Usage logs: Up to 12 months, unless extended for security or compliance.
• Customer data: Stored per contract, then deleted or returned.
• Consent-based samples: Purged upon consent withdrawal or end of purpose.

We retain minimal audit logs for opt-out enforcement and legal obligations.

11. Children's Data

Not directed to children under 16 in the EEA/UK or under 13 in the US. We do not knowingly collect data about minors; we will promptly delete if discovered.

12. Your Rights

Depending on jurisdiction, you may have rights to access, correct, delete, restrict, or port your data, and to object to processing. To exercise rights, email contact@in-person.ai. We verify identity and respond within legal timelines. EU complaints: CNIL (www.cnil.fr).

13. US State Privacy Rights

Residents of states with privacy laws (CPRA, VCDPA, CPA, CTDPA, UCPA) may have rights to know, correct, delete, opt out of "sale" or "sharing", and appeal. To opt out, email contact@in-person.ai with "Do Not Sell or Share" in the subject.

14. Public-Source Opt-Out & Takedown

To remove or suppress your public-source data, email contact@in-person.ai with relevant URLs or identifiers. We honor removal requests in future updates and suppress data for your privacy.

15. Automated Decisions & Profiling

We do not make decisions with legal or significant effects solely by automated means. We may profile public data for entity extraction and analytics; you may object (Section 12).

16. Controller vs Processor & DPA

Controller: For data we source and license and then provide. Processor: For customer-provided data. Our Data Processing Addendum, including SCCs, is available on request via contact@in-person.ai.

17. Subprocessors

We engage subprocessors for hosting, analytics, QA, and support under written agreements with confidentiality and data protection obligations. A current list is available on request.

18. Your Choices

• Email communications: Unsubscribe via links or contact us.
• Cookie preferences: Manage via banner or browser settings.
• Public-source suppression: See Section 14.
• Do Not Sell/Share: See Section 13.

19. IP & Infringement

If you believe our datasets include infringing or unlawful content, contact contact@in-person.ai with details. We review and remove content as appropriate.

20. Breach Notification

We maintain an incident response plan. In the event of a data breach affecting personal data, we will notify impacted individuals and authorities within 72 hours where required by law.

21. Changes to This Policy

We may update this Policy for legal, technical, or business reasons. We will update the "Last Updated" date and publish changes on our website. Material changes may be communicated by email.

22. Definitions

• Personal data: Information relating to an identified or identifiable person.
• Processing: Any operation on personal data.
• Controller/Processor: As defined by GDPR/UK GDPR.
• Sale/Share: As defined by applicable US state laws.

23. Annex A – Lawful Basis Examples

• Legitimate interests: Public content indexing, provenance, abuse protection.
• Contract: Fulfilling customer orders and private data shares.
• Consent: Voice/likeness, non-essential cookies, marketing communications.

InPerson
34 rue Dauphine, 75006 Paris (France)
contact@in-person.ai