Logo Summos.AI

PRIVACY POLICY

Introduction

InitRD ("we," "us," or "our"), a French simplified joint-stock company (SASU) with its registered office at 254 Rue Vendôme, 69003 LYON, France, is committed to protecting your privacy and personal data.

This Privacy Policy explains how we collect, use, process, and protect your personal information when you use our Summos.AI service (the "Service"). This policy complies with the General Data Protection Regulation (GDPR) and applicable French data protection laws.

Data Controller

InitRD SASU is the data controller for all personal data processed through the Service.

Contact Information:

  • Company: InitRD SASU
  • Address: 254 Rue Vendôme, 69003 LYON, France
  • Privacy Contact: contact@summos.ai

Personal Data We Collect

Account Information

We collect the following personal data when you create an account:

  • Email address
  • Password (encrypted)
  • Account preferences and settings

API Keys and Integration Data

  • Third-party news service API keys (with your explicit consent)
  • Integration configuration data for remarkable and email services
  • Service usage parameters and filters

Technical Data

We collect technical data for the proper functioning of the Service:

  • Session cookies (technical purposes only)
  • Error logs when HTTP 4XX/5XX errors occur
  • IP addresses for security and system administration purposes
  • Browser and device information for compatibility

Communication Data

  • Email address for PDF delivery
  • Support communications and correspondence

Payment Information

Payment data is processed by Stripe Payments Europe Limited (based in Ireland) and is not stored on our systems. We only receive confirmation of successful payments and subscription status.

Legal basis for processing

We process your personal data based on the following legal grounds under the GDPR:

Contract Performance (Article 6(1)(b) GDPR)

  • Providing the news aggregation service
  • Managing your subscription and account
  • Processing API integrations
  • Delivering PDF reports via email or reMarkable

4.2 Consent (Article 6(1)(a) GDPR)

  • Storing and using your third-party API keys
  • Optional communications and service updates

4.3 Legitimate Interest (Article 6(1)(f) GDPR)

  • System security and fraud prevention
  • Technical error monitoring and service improvement
  • Customer support and service optimization

How we use your data

Service Provision

  • Authenticate and manage your account
  • Process news content using your API Keys
  • Filter and curate content based on your prompts
  • Generate and deliver PDF containing filtered content
  • Facilitate integrations with email and remarkable services

Technical Operations

  • Maintain system security and prevent unauthorized access
  • Monitor system performance and resolve technical issues
  • Ensure service compatibility across devices and browsers

Communication

  • Send service-related notifications
  • Provide customer support
  • Communicate important changes to our service or policies

Data sharing and third parties

Third-Party Service Providers

We share data with the following categories of third parties solely for service provision:

Payment Processing:
  • Stripe Ireland Limited (payment processing, GDPR compliant)
News Content Providers:
  • Your API keys are used to access news content from providers you authorize
  • We do not share your API keys between different news providers
Email Delivery:
  • Email service providers for PDF delivery (EU-based or GDPR compliant)
reMarkable Integration:
  • Direct integration with reMarkable services as configured by you

No Data Sales

We do not sell, rent, or lease your personal data to third parties for marketing or commercial purposes.

Legal Requirements

We may disclose personal data if required by law, court order, or to protect our legal rights and those of our users.

Data Security

Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of API keys and sensitive data
  • Secure data transmission protocols (HTTPS/TLS)
  • Access controls and authentication systems
  • Regular security assessments and monitoring

API Key Security

  • API keys are encrypted (RSA) and stored securely
  • API keys are only decrypted in volatile memory when used to retrieve articles
  • Access is restricted to authorized system processes only
  • API keys are used exclusively for your authorized news sources
  • No cross-customer sharing or access to API keys

Data Retention

Active Account Data

  • Account information: Retained while your account is active
  • API keys: Retained during service provision, deleted upon termination
  • Technical logs: Retained for up to 90 days for operational purposes

Backup and Deletion

  • Deleted data may remain in backup systems for up to 30 days
  • All data is permanently deleted from backups after this period
  • No copies of processed news content are retained

Immediate Deletion

Upon account termination, your data is deleted immediately from active systems, with the exception of backup retention as specified above.

Your rights under GDPR

You have the following rights regarding your personal data:

Access (Article 15 GDPR)

Request a copy of the personal data we hold about you.

Rectification (Article 16 GDPR)

Request correction of inaccurate or incomplete personal data.

Erasure (Article 17 GDPR)

Request deletion of your personal data when:

  • It's no longer necessary for the purposes collected
  • You withdraw consent (where consent is the legal basis)
  • You object to processing based on legitimate interests

Restriction (Article 18 GDPR)

Request limitation of processing in specific circumstances.

Data Portability (Article 20 GDPR)

Request your data in a structured, commonly used format for transfer to another service.

Objection (Article 21 GDPR)

Object to processing based on legitimate interests.

Withdrawal of Consent

Where processing is based on consent, you can withdraw it at any time through your account settings.

Exercising your rights

To exercise any of these rights, contact us at: contact@contact.ct

We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months.

International Transfers

EU/EEA Processing

Your data is only processed within the European Union and European Economic Area.

Third-Party Services

Some third-party services (such as Stripe) may process data within the EU under GDPR compliance frameworks. We ensure all third parties provide adequate protection for your personal data.

Cookies and Tracking

Technical Cookies

We use only essential technical cookies for:

  • Session management and authentication
  • Service functionality and security

These cookies do not require consent under GDPR as they are strictly necessary

No Tracking or Analytics

We do not use:

  • Analytics cookies (Google Analytics, etc.)
  • Marketing or advertising cookies
  • Social media tracking pixels
  • Cross-site tracking technologies

Data Protection Officer

Given the nature and scale of our operations, we have not appointed a formal Data Protection Officer. For all privacy-related inquiries, please contact: privacy@summos.ai

Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have collected data from a minor, please contact us immediately.

Automated Decision-Making

Content Filtering

The Service uses automated systems to filter news content based on your specified prompts and criteria. This processing:

  • Is necessary for contract performance
  • Does not involve profiling that significantly affects you
  • Can be modified through your account settings

No Profiling

We do not engage in automated profiling for marketing, advertising, or other purposes beyond the content filtering functionality you explicitly request.

Data Bbreach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected users without undue delay if the risk is high
  • Provide clear information about the breach and remedial actions

Supervisory Authority

You have the right to lodge a complaint with the French data protection authority:

Commission Nationale de l'Informatique et des Libertés (CNIL)
  • Address: 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, France
  • Website: www.cnil.fr
  • Phone: +33 1 53 73 22 22

Changes to This Policy

Policy Updates

We may update this Privacy Policy to reflect changes in our practices or applicable law. We will:

  • Notify you of material changes via email or service notification
  • Provide at least 30 days' notice before changes take effect
  • Maintain previous versions for your reference

Continued Use

Your continued use of the Service after policy changes constitutes acceptance of the updated terms.

Specific Processing Activities

News API Integration

  • Purpose: Access news content from your authorized sources
  • Legal Basis: Contract performance and consent
  • Data: API keys, access tokens, content requests
  • Retention: Duration of service provision

PDF Generation and Delivery

  • Purpose: Create and deliver customized news summaries
  • Legal Basis: Contract performance
  • Data: Email addresses, content preferences, delivery settings
  • Retention: No retention of generated content

Error Monitoring

  • Purpose: Maintain service quality and resolve technical issues
  • Legal Basis: Legitimate interest
  • Data: Error logs, system status, performance metrics
  • Retention: 30 days maximum

Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices:

Privacy Contact:
  • Email: contact@summos.ai
Company Address:
  • InitRD SASU
  • 254 Rue Vendôme
  • 69003 LYON, France

This Privacy Policy is effective as of September 16, 2025, and applies to all users of the Summos.AI service.