Altitud
FR
Edition · 26 April 2026
Privacy

Privacy Policy

How we collect, use, and protect your personal data — under the GDPR (Regulation EU 2016/679) and the French Data Protection Act.

Last updated: 25 April 2026

Data controller

Altitud is the data controller for personal data collected via altitud.io. Contact: hello@altitud.io. Postal address: see the Legal Notice page.

What we collect

Two situations:

  • When you run the diagnostic anonymously: your answers to the 20-question questionnaire (industry, size, data maturity, pains, etc.). No identifying data is collected at this stage.
  • When you submit your email to receive the PDF: email address, full name (optional), company name (optional), phone (optional), and explicit consent to receive the report. Your diagnostic answers are linked to this contact at this point.

Why we collect it

  • Generate and deliver your personalised diagnostic PDF.
  • Send a follow-up email if you have explicitly consented.
  • Improve the methodology and the use-case catalogue (aggregated, anonymised analysis).
  • Comply with our legal obligations (accounting, lawful enquiries).

Legal basis

  • Performance of a contract or pre-contract — for delivery of the diagnostic you requested (Article 6.1.b GDPR).
  • Consent — for follow-up communications (Article 6.1.a GDPR). You can withdraw consent at any time.
  • Legitimate interest — for aggregated, anonymised analytics on usage of the diagnostic (Article 6.1.f GDPR).

How long we keep it

  • Diagnostic submissions (anonymous): 24 months.
  • Lead contact data (email, name, company, phone): 36 months from last contact, then deletion or anonymisation.
  • Customer contracts and accounting records: 10 years (legal requirement).

Who has access

Access to your data is restricted to Altitud team members on a need-to-know basis. We use the following sub-processors:

  • Supabase (database hosting, EU region — Frankfurt).
  • Vercel (web hosting, EU edge).
  • Anthropic (LLM-based personalisation of recommendation paragraphs — submission text only, no email).
  • Email provider — currently Gmail/Google Workspace; will move to dedicated SMTP shortly.

Your rights

Under the GDPR you have the right to access, rectify, erase, restrict processing of, and object to processing of your data. You also have the right to data portability and to lodge a complaint with the CNIL (cnil.fr).

To exercise any of these rights, email hello@altitud.io with the email address you used to submit. We respond within 30 days.

Cookies and tracking

altitud.io currently uses no analytics cookies and no advertising trackers. The site uses only strictly necessary technical cookies (session, locale preference). Any future analytics tooling will be opt-in via a cookie banner.

Changes

We may update this policy. The current version is always at altitud.io/privacy-policy with the date of last revision shown above.