1. Who We Are
IntelWork4ce is a French technology company headquartered in Île-de-France, France. IntelWork4ce builds and operates a multi-agent AI SaaS platform that deploys specialized AI agents (marketing, sales, finance, content, operations) within customers' Slack workspaces and connected tools.
Data controller: IntelWork4ce, Île-de-France, France.
DPO contact: privacy@intelwork4ce.com — Response within 72 hours.
For B2B customers: IntelWork4ce acts as a data processor under GDPR Article 28 when processing personal data on your behalf (e.g., contact data from your CRM). Your organization remains the data controller for that data. A Data Processing Agreement (DPA) is available on request.
2. Data We Collect
2.1 Account & Identity Data
Collected at registration and maintained throughout your subscription:
- Full name and professional email address
- Company name, incorporation country, and VAT number (for billing)
- Authentication credentials — managed via Clerk; passwords are hashed and never stored in plaintext
- Billing information — processed by Stripe; IntelWork4ce never stores card numbers
2.2 Platform Usage Data
Generated as you use the platform:
- Agent task types executed, credit consumption, and completion status
- Slack workspace ID, channel IDs, and user IDs of workspace members interacting with agents
- Message content directed to IntelWork4ce agents in designated channels (required to execute tasks)
- Approval actions (accepted/rejected) and timestamps
- Session logs and navigation data within the customer portal
2.3 Third-Party Connector Data
When you authorize a connector via OAuth 2.0, we access only the scopes you explicitly grant. Examples by connector type:
| Connector Type | Data Accessed (per your authorization) |
|---|---|
| Google Workspace | Emails, calendar events, and Drive documents you request agents to process |
| CRM (HubSpot, Salesforce) | Contacts, deals, activities — for sales agent task execution |
| LinkedIn (via Marc agent) | Profile data and connection metadata — for prospecting tasks |
| Social platforms | Post metadata and account identifiers — for publishing tasks |
| Accounting tools | Invoice and expense data — for Hugo (finance) agent tasks |
| Any other connector | Only the specific OAuth scopes you authorize during connection |
OAuth credentials (access and refresh tokens) are stored encrypted at rest using AES-256, isolated per workspace via Google Cloud Secret Manager. Tokens are never logged or shared with third parties beyond the intended connected service.
2.4 Technical & Diagnostic Data
- IP addresses (30-day retention for security purposes)
- Browser type and OS (portal usage only)
- API request logs (90-day retention for debugging)
- Error logs and crash reports (aggregated, anonymized)
3. Legal Basis for Processing (GDPR Art. 6)
| Legal Basis | Processing Activities Covered |
|---|---|
| Contract Performance (Art. 6(1)(b)) | Account management, agent task execution, credit billing, connector operations, Slack integration delivery |
| Legitimate Interests (Art. 6(1)(f)) | Platform security, fraud prevention, aggregated analytics for service improvement, error diagnostics |
| Legal Obligation (Art. 6(1)(c)) | Tax records, accounting obligations under French law (PCG / CGI), CNIL compliance |
| Consent (Art. 6(1)(a)) | Marketing communications (explicit opt-in only); non-essential analytics cookies |
4. How We Use Your Data
- Executing AI agent tasks: instructions are processed via Gemini 2.5 Flash (Google Cloud, EU infrastructure)
- Operating the Slack integration: routing messages, managing approval workflows, delivering agent outputs
- Running connector operations: reading/writing data to authorized third-party services on your behalf
- Managing subscriptions: credit tracking, Stripe billing, plan management, usage reporting
- Security and fraud prevention: anomaly detection, unauthorized access monitoring
- Customer support: diagnosing issues and responding to enquiries
- Platform improvement: anonymized, aggregated usage pattern analysis — no task content is used
5. Subprocessors
All subprocessors are bound by data processing agreements compliant with GDPR Article 28. Full, up-to-date list: https://intelwork4ce.com/subprocessors
| Subprocessor | Purpose | Data Location |
|---|---|---|
| Google Cloud (GCP) | Hosting (Cloud Run), AI inference (Gemini) | europe-west1 (Belgium) |
| Supabase | Database, auth, file storage | EU (Frankfurt) |
| Nango | OAuth credential management | EU |
| Clerk | Portal authentication & sessions | EU |
| Stripe | Payment processing & billing | EU / US (SCCs) |
| Google Secret Manager | API key & token vault | europe-west1 |
| Slack Technologies | Messaging platform integration | US (SCCs) |
6. Data Retention
| Data Category | Retention Period |
|---|---|
| Account and billing data | Contract duration + 5 years (French accounting law) |
| Slack message content processed by agents | Deleted within 72 hours of task completion |
| Agent task logs (metadata only — no content) | 12 months |
| OAuth connector tokens | Until connector is disconnected or account deleted |
| IP addresses and access logs | 30 days |
| API request logs | 90 days |
| Credit usage records | 3 years (billing audit trail) |
7. International Data Transfers
IntelWork4ce primarily processes data within the EEA. For transfers outside the EEA (Stripe, Slack — US infrastructure), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. All AI inference is routed through Google Cloud EU infrastructure (europe-west1) where technically available.
8. Your Rights (GDPR)
Exercise any of the following rights by emailing privacy@intelwork4ce.com. We respond within 30 days.
| Right | Description |
|---|---|
| Access (Art. 15) | Obtain a copy of all personal data we hold about you |
| Rectification (Art. 16) | Correct inaccurate or incomplete data |
| Erasure (Art. 17) | Request deletion of your personal data |
| Portability (Art. 20) | Receive your data in machine-readable format (JSON / CSV) |
| Restriction (Art. 18) | Restrict processing in defined circumstances |
| Object (Art. 21) | Object to processing based on legitimate interests |
| Withdraw Consent | Withdraw consent at any time without affecting prior lawful processing |
You have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés): www.cnil.fr
9. Data Deletion on Account Termination
Upon subscription cancellation or account deletion:
- All agent task content and Slack message data: deleted within 72 hours
- OAuth credentials and connector tokens: revoked and deleted immediately
- Account metadata and billing records: retained per Section 6 retention schedule
To request full data deletion: email privacy@intelwork4ce.com, subject line: “Data Deletion Request — [Workspace Name]”. Confirmed within 10 business days.
10. Security
- All data in transit: TLS 1.2+ encryption
- All data at rest: AES-256 encryption
- Per-workspace credential isolation: zero data leakage between customer environments
- OAuth tokens stored in Google Cloud Secret Manager — never in application logs or code
- Breach notification: supervisory authority within 72 hours; affected customers without undue delay (GDPR Art. 33)
11. Changes to This Policy
Material changes will be communicated via email and in-app notification at least 14 days before they take effect. Continued use of IntelWork4ce after the effective date constitutes acceptance.
Contact
privacy@intelwork4ce.com · support@intelwork4ce.com · https://intelwork4ce.com/privacy · IntelWork4ce, Île-de-France, France