Katalyz.ai
FREN

Privacy Policy

Last updated: May 14, 2026

Katalyz places fundamental importance on protecting your privacy and personal data. This Privacy Policy explains, in plain language, how we collect, use, share and protect your data when you use the katalyz.ai website and the Katalyz platform.

1. Data Controller

The data controller is Katalyz, whose full details appear in our Legal Notice.

Data protection contact: [dpo@katalyz.ai — to be confirmed]
Otherwise: contact@katalyz.ai

2. What data we collect

2.1 Data you provide directly

  • Contact / demo request form: first name, last name, business email, company name, free-text message.
  • Account creation: email, hashed password, company, role, phone number (optional).
  • Platform usage: imported invoices, debtor contacts, reminder history, payment agreements negotiated by the AI agent, voice call transcripts.

2.2 Data collected automatically

  • Connection data: IP address, browser type, operating system, pages viewed, connection timestamps.
  • Cookies: see section 8 below.

3. Purposes and legal bases

  • Responding to contact / demo requests — legal basis: pre-contractual measures at your request (Art. 6(1)(b) GDPR).
  • Operating the Katalyz platform (account management, AI reminders, voice calls, dashboard) — legal basis: contract performance (Art. 6(1)(b) GDPR).
  • Improving the Service (anonymized performance analysis) — legal basis: legitimate interest (Art. 6(1)(f) GDPR).
  • Security, fraud prevention, access logs — legal basis: legitimate interest and legal obligations.
  • Marketing communications (newsletter, product announcements) — legal basis: consent (Art. 6(1)(a) GDPR), with unsubscribe option at any time.

4. Recipients and sub-processors

Your data is never sold. It may be shared with the following categories of recipients:

  • Authorized Katalyz personnel (support, engineering, security), bound by confidentiality obligations.
  • Infrastructure host: Hetzner Online GmbH (Germany, EU).
  • AI / LLM providers: [Anthropic, OpenAI — to be confirmed].
  • Voice AI providers: [ElevenLabs, Vapi, Twilio — to be confirmed].
  • Email / SMS providers: [Postmark, SendGrid, Twilio — to be confirmed].
  • Accounting integrations enabled by you (Pennylane, Sage, QuickBooks, Xero, Dext) — only strictly necessary data.
  • Internal tools: anonymized analytics, monitoring, logs.

Every sub-processor is bound by a processing agreement compliant with Article 28 GDPR.

5. International transfers

Some sub-processors (notably AI providers) may be established outside the EU, primarily in the United States. Such transfers are governed by GDPR Article 46 safeguards: Standard Contractual Clauses, Data Privacy Framework adherence where applicable, or adequacy decisions. We publish the up-to-date sub-processor list and their jurisdictions on request at [dpo@katalyz.ai].

6. Retention periods

  • Unconverted contact / demo requests: 3 years from last contact.
  • Active customer accounts: for the duration of the contract.
  • Terminated customer accounts: 5 years post-termination, for accounting and civil/tax limitation periods.
  • Technical security logs: 12 months maximum.
  • Analytics cookies: 13 months maximum.
  • Data subject to legal obligations (invoicing, tax): applicable statutory periods.

7. Your rights

Under the GDPR, you have the following rights at any time:

  • Right of access: obtain a copy of your data.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten").
  • Right to restriction of processing.
  • Right to object, including to direct marketing.
  • Right to data portability in a structured format.
  • Right to withdraw consent at any time, without affecting the lawfulness of prior processing.
  • Right to lodge a complaint with the French data protection authority, CNIL (www.cnil.fr), or your local supervisory authority.

To exercise these rights, write to [dpo@katalyz.ai] or contact@katalyz.ai. We may ask for proof of identity in case of reasonable doubt. We reply within one month at most.

8. Cookies

  • Strictly necessary cookies (authentication, language preference, security) — exempt from consent.
  • Analytics cookies [to be confirmed: CNIL-exempt configuration or consent-based].
  • Third-party cookies only with your explicit consent.

You can change your preferences at any time via your browser settings or our cookie banner [to be implemented].

9. Security

Katalyz implements appropriate technical and organizational measures to protect your data: TLS 1.2+ encryption in transit, encryption at rest, strict access control, regular security reviews, encrypted backups, audit logs. In the event of a data breach posing a risk to your rights and freedoms, you will be informed as soon as possible (Article 34 GDPR).

10. Minors

The Katalyz platform is intended for professional B2B use. We do not knowingly collect data about minors under the age of 16.

11. Changes

This policy may evolve. The last update date is indicated at the top of the page. For any substantial change, you will be notified by email or via the platform.