Cleo
CompanyPricing
Request a Demo
Anaelle GuezNaomie Halioua
Request a Demo
Cleo

AI-powered regulatory intelligence.

contact@cleolabs.co

Solutions

  • Due Diligence
  • Product Compliance

Company

  • About
  • Research
  • Blog

Jurisdictions

  • 🇪🇺 European Union
  • 🇫🇷 France
  • 🇩🇪 Germany
  • 🇬🇧 United Kingdom
  • 🇺🇸 United States

Legal

  • Privacy
  • Terms
  • Security

Events

  • VivaTech ParisJun 11–14, 2026

© 2026 Cleo Labs. All rights reserved.

GDPREU Data

Privacy Policy

Last updated: 2026-02-24

Cleo Corp SAS ("Cleo Labs", "we", "us", or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and website at cleolabs.co.

1. Data Controller

Cleo Corp SAS, a company registered in France, is the data controller for the personal data processed through our platform. For any questions regarding this policy, you can contact us at contact@cleolabs.co.

2. Data We Collect

We collect the following categories of personal data:

  • •Account information: name, email address, company name, job title
  • •Usage data: pages visited, features used, timestamps, device and browser information
  • •Domain scan data: company domains submitted for regulatory analysis (publicly available information only)
  • •Communication data: emails, support tickets, and demo requests
  • •Payment data: processed by our payment provider (Stripe). We do not store credit card numbers

3. How We Use Your Data

We process your personal data for the following purposes:

  • •Providing and improving our regulatory intelligence services
  • •Generating regulatory scan reports and compliance analysis
  • •Sending account notifications, regulatory alerts, and product updates
  • •Responding to your inquiries and providing customer support
  • •Analyzing usage patterns to improve our platform (via PostHog analytics)
  • •Complying with legal obligations

4. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

  • •Contract performance: to deliver the services you have subscribed to
  • •Legitimate interest: to improve our platform, prevent fraud, and ensure security
  • •Consent: for marketing communications (you can opt out at any time)
  • •Legal obligation: to comply with applicable laws and regulations

5. Data Storage and Security

All data is stored on servers located in the European Union (EU), under EU jurisdiction and GDPR protection. We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.3 encryption in transit, access controls with role-based permissions, and regular security audits.

6. Data Sharing

We do not sell your personal data. We may share data with:

  • •Service providers: hosting (Scaleway, EU, Paris region), email delivery (Resend, US, under SCCs), analytics (PostHog, EU), payment processing (Stripe, US, under SCCs)
  • •Legal authorities: when required by law or to protect our rights
  • •Business transfers: in the event of a merger, acquisition, or sale of assets

All service providers are contractually bound to protect your data and process it only on our instructions.

7. AI and Your Data

Cleo Labs uses artificial intelligence to analyze regulatory sources and generate compliance intelligence. We want to be transparent about how AI interacts with your data:

  • •We never use customer data to train our AI models
  • •Regulatory scans analyze publicly available information about your company
  • •AI-generated reports are based on public regulatory sources, not your private data
  • •You retain full ownership of all data you provide to us

8. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • •Right of access: obtain a copy of your personal data
  • •Right to rectification: correct inaccurate data
  • •Right to erasure: request deletion of your data ("right to be forgotten")
  • •Right to restrict processing: limit how we use your data
  • •Right to data portability: receive your data in a structured, machine-readable format
  • •Right to object: object to processing based on legitimate interest or for direct marketing
  • •Right to withdraw consent: at any time, without affecting prior processing

To exercise any of these rights, contact us at contact@cleolabs.co. We will respond within 30 days. You also have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés), the French data protection authority.

9. Cookies

We use essential cookies to ensure our platform functions correctly and analytics cookies (PostHog) to understand how our platform is used. You can manage your cookie preferences through your browser settings.

10. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy. Account data is retained for the duration of your subscription and deleted within 90 days of account closure. Regulatory scan data is retained for 12 months unless you request earlier deletion.

11. International Transfers

Your data is stored and processed within the EU. In cases where data may be transferred outside the EU (e.g., to service providers), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our platform. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

13. Contact

For any questions about this Privacy Policy or your personal data, contact us at: contact@cleolabs.co. Cleo Corp SAS, 17 rue Berteaux Dumas, 92200 Neuilly-sur-Seine, France. SIREN 984 567 883, RCS Nanterre. Share capital: €1,000. Data Protection Lead: Anaelle Guez (contact@cleolabs.co).