Privacy Policy

Marbo Finance SAS, publisher of Talki Academy, is the controller of your personal data. DPO Contact: dpo@talki-app.fr

We collect the following data: - Identification data: last name, first name, email address, company, OPCO - Connection data: IP address, connection logs - Training data: progress, quiz results, certificates - Billing data: address, payment information (processed by Stripe — we do not store your banking data) - Analytics data: pages visited, session duration, acquisition source (Google Analytics 4, only with your consent) - Chatbot data: conversations with the AI assistant (processed by Anthropic)

Your data is processed for: - Managing your account and access to training courses - Tracking your learning progress - Issuing certificates and attestations - Billing and accounting follow-up - Improving our services (anonymized data) - Communication about our new training courses (with your consent)

Processing is based on: - Contract performance (access to purchased training courses) - Legal obligation (billing, accounting retention) - Legitimate interest (service improvement, security) - Consent (newsletters, marketing communications)

- Account data: duration of business relationship + 3 years - Billing data: 10 years (legal obligation) - Unconverted leads: 3 years after last contact - Connection logs: 12 months - Progress data: duration of access to training - Analytics data (GA4): 14 months - Chatbot conversations: 30 days - Cookies: 13 months maximum

In accordance with GDPR, you have the following rights: - Right to access your data - Right to rectification - Right to erasure (right to be forgotten) - Right to data portability - Right to object - Right to restriction of processing - Right to withdraw your consent To exercise these rights: dpo@talki-app.fr Response time: 30 days maximum.

Your data is hosted within the European Union (AWS region eu-west-1, Ireland). Our subprocessors: - Amazon Web Services EMEA SARL (hosting) — Luxembourg — Standard Contractual Clauses (SCC) - Stripe Inc. (payment) — United States — PCI-DSS certified, SCC, DPA in place - Google LLC (analytics GA4) — United States — SCC, anonymized data, collection subject to consent - Anthropic PBC (AI chatbot) — United States — DPA in place, conversations not used for training Transfers outside the EU are governed by Standard Contractual Clauses (SCC) in accordance with Articles 46 and 49 of GDPR.

We implement appropriate technical and organizational measures: TLS encryption, secure authentication, restricted data access, regular backups, access logging.

Strictly necessary cookies (no consent required): - Authentication and session - User preferences No advertising tracking cookies are used on this site.

If you believe that the processing of your data constitutes a violation of GDPR, you may lodge a complaint with CNIL: CNIL - 3 Place de Fontenoy, TSA 80715 75334 Paris Cedex 07 https://www.cnil.fr