Privacy Policy

beReferenced, with its registered office in Toulouse (France), places privacy protection and personal data security at the heart of its technological commitments.

As a provider of AI-powered SaaS solutions for SEO/GEO, beReferenced commits to processing all data entrusted to it in strict compliance with the General Data Protection Regulation (GDPR), the French Data Protection Act (Loi Informatique et Libertés), and the European Artificial Intelligence Regulation (AI Act).

1. Identification of the Data Controller

The personal data processing described below is implemented by beReferenced, registered with the Toulouse Trade and Companies Register under number [Registration in progress], represented by its Publication Director, Mr. Odilon Vidal.

For any questions regarding the management of your data or to exercise your rights, our Data Protection Officer (DPO) / data protection lead can be reached at: [email protected].

2. Nature, Purposes, and Legal Bases of Processed Data

beReferenced limits data collection to what is strictly necessary (data minimization principle).

• Access and customer account management: Identification data (Full name and professional email address of the Client’s employees). Legal basis: Performance of the service contract.
• Provision of SEO/GEO analysis services: Analysis data (URLs submitted, search prompts, and performance data from third-party tools such as Google Search Console, Google Analytics, Bing Webmaster, etc.). Legal basis: Performance of the service contract.
• Service Security and "Fair Use" compliance: Technical data (IP addresses, activity logs, and tracers strictly necessary for navigation). Legal basis: Legitimate interest of beReferenced in ensuring the security and integrity of its infrastructure.

The Client is strictly prohibited from submitting any data of a "sensitive" nature within the meaning of the regulations when using our tools.

3. Processing by Artificial Intelligence and Ownership

In accordance with the AI Act, beReferenced informs its users that analyses are produced by automated systems. To guarantee absolute confidentiality, beReferenced exclusively uses professional interfaces (APIs) with its AI providers (OpenAI, Anthropic).

Non-training commitment: beReferenced contractually guarantees that neither the Client's queries (prompts) nor the audit data are used to train global language models. This data remains the exclusive property of the Client.

4. Interconnection with Third-Party Services

The Platform may require interconnection with third-party services (Google Search Console, Google Analytics). beReferenced acts under the express mandate of the Client and complies with Google's "Limited Use" requirements. Access is strictly limited to reading the metrics necessary to generate visibility scores, without any modification of the source data.

5. Sub-processing and Transfers Outside the EU

beReferenced uses the infrastructure of Railway Corp, whose production servers are physically located in Amsterdam (Netherlands).

For the purposes of Artificial Intelligence analysis, some data may be subject to a transient transfer to the servers of AI providers (OpenAI/Anthropic/Google/Perplexity) located in the United States. These transfers are strictly governed by the European Commission's Standard Contractual Clauses (SCC) and by technical security measures (end-to-end encryption) ensuring a level of protection equivalent to the GDPR.

6. Retention Period

Data is kept only for the duration necessary for the purposes pursued:

• Account data: Duration of the contractual relationship.
• Audit data: Permanent deletion or anonymization within thirty (30) days following contract termination.
• Accounting data: Retained for ten (10) years in accordance with French legal obligations.

7. Security and Notification

beReferenced implements robust security measures (TLS encryption, logic isolation of accounts). In the event of a data breach, beReferenced commits to notifying the Client in writing within a maximum of forty-eight (48) hours after becoming aware of it.

8. Rights of Individuals

Each user has a right of access, rectification, erasure, limitation, portability, and a right to object to the processing of their data. In accordance with French law, users also have the right to define directives regarding the fate of their personal data after their death.

All these rights can be exercised via [email protected]. In the event of a dispute, the user retains the right to lodge a complaint with the CNIL (www.cnil.fr).

9. Cookies and Trackers

The Platform exclusively uses technical and session cookies strictly necessary for the Service's operation (authentication, security, load balancing). These tracers are exempt from prior consent in accordance with CNIL guidelines. No third-party advertising tracers are deployed on the Platform without explicit consent.