FR EN
Free audit
Personal data

Privacy policy

How we collect, use and protect your personal data.

Data controller

The controller of personal data collected on this site and through our SaaS products is Doveaia (Parc Lorans — Bâtiment 1G, Rue Jean-Marie Huchet, 35000 Rennes, France).

Contact: contact@doveaia.com.

GDPR compliance lead: James Gaglo, founder of Doveaia (contact@doveaia.com).

Data collected

We only collect data necessary for the purposes described below:

  • Booking form (/en/book/): name, company, work email, phone (optional), training and session, format, number of attendees, free-text notes.
  • Scheduling: if you use the Microsoft Bookings calendar via /en/contact/, the data you provide to Microsoft is governed by the Microsoft privacy statement.
  • Paid social-media campaigns for our SaaS products: when you submit a lead-generation form attached to one of our advertising campaigns (notably LinkedIn Lead Gen Forms), the advertising platform transmits the data you have consented to share: first name, last name, work email, company, job title, country. This data is synchronized into our CRM through official APIs (LinkedIn Lead Sync API and equivalents).
  • Technical data: standard HTTP requests are logged by our host Cloudflare for security purposes (IP address, user-agent, requested URL, timestamp). No third-party analytics cookie is placed on this site.
  • Cloudflare Turnstile: an anti-bot challenge may appear on the booking form. Cloudflare collects technical signals (no tracking cookie) to distinguish a human visitor from a bot, as documented in its privacy reference.

Purposes

  • Answer your booking, quote and contact requests.
  • Issue training agreements, quotes and invoices for our services.
  • Acquisition, qualification and commercial prospecting in the context of launching and operating our SaaS products (including Elevate Seller — www.elevateseller.com): qualify interested prospects, send them informational content, offer beta access or a product demonstration.
  • Preserve site security and prevent abuse.
  • Comply with our legal and accounting obligations.
  • Performance of pre-contractual measures or of the contract (GDPR art. 6.1.b) for request forms.
  • Explicit consent (GDPR art. 6.1.a) for data collected via advertising lead-generation forms and the associated marketing communications. You may withdraw this consent at any time via the unsubscribe link in every email.
  • Legitimate interest (GDPR art. 6.1.f) for site security and fraud prevention.
  • Legal obligation (GDPR art. 6.1.c) for accounting retention.

Recipients

Your data is intended exclusively for Doveaia. It may be transmitted to the following technical processors, bound by a data-processing agreement (DPA) and confidentiality:

  • Cloudflare, Inc. — site hosting and security (United States, under standard contractual clauses).
  • Microsoft Corporation — Microsoft Bookings (scheduling) and Microsoft Azure (France Central region) for application hosting of our SaaS products.
  • HubSpot Ireland Limited — CRM and marketing automation for tracking prospects collected through our advertising campaigns (Ireland, European Union).
  • Social advertising platforms — LinkedIn Ireland Unlimited Company (Ireland, EU) and other equivalent platforms used occasionally for campaign delivery: serving advertisements and collecting Lead Gen Forms.

No data is sold, transferred or shared for third-party prospecting purposes.

Retention period

  • Unconverted contact / booking requests: 12 months from the last exchange.
  • Contractual data (customers, quotes, trainings): 10 years from the end of the relationship, in accordance with legal and accounting obligations.
  • Prospects collected through advertising campaigns: 24 months from the last exchange, unless consent is withdrawn or an objection is exercised.
  • Security logs: 12 months maximum.

Your rights

Under the GDPR and the French Data Protection Act, you have the following rights: access, rectification, erasure, restriction, objection, portability, withdrawal of consent at any time.

To exercise these rights, contact us at contact@doveaia.com. We reply within one month.

If you believe your rights have not been respected, you may lodge a complaint with the French data-protection authority CNIL (www.cnil.fr) or your local supervisory authority.

Security

We implement reasonable technical and organizational measures to preserve the integrity and confidentiality of data: HTTPS required, restricted access, at-rest encryption at our subprocessors, access monitoring, API call logging.

Changes

This policy may change to reflect legal or technical updates. The version in force is the one published on this page.

Version in force as of 17 May 2026.