Privacy Policy

Last updated: April 22, 2026  ·  Effective date: April 22, 2026

1. Data Controller Identity

Hatch OS, a simplified joint-stock company (SAS) with a capital of €1,000, headquartered at 104 rue de la Folie-Méricourt, 75011 Paris, France (Paris Commercial Registry: 930 893). President: Patrick Rakotondrajao. Data Protection Officer (DPO): cesar@gethatch.io.

The company publishes and operates a SaaS platform accessible via gethatch.io and its subdomains, designed for franchise networks and their teams.

2. Personal Data Collected

2.1 User-Provided Data

• Full name and professional email address
• Phone number (optional)
• Company or franchise details (name, role, location)
• Content created on the platform (messages, templates, uploaded documents)

2.2 Data Collected via Google OAuth

When you connect your Google Drive account, Hatch OS requests access to the following scopes:

2.3 Technical Data

• IP address, browser type, operating system
• Connection and platform usage logs
• Technical and session cookies

3. Processing Purposes

Your data is processed for the following purposes:

• Service delivery: account creation, authentication, access to features
• AI agent: indexing documents for assistant responses (RAG)
• Customer support
• Service improvement: aggregated and anonymized analysis
• Security: fraud and abuse detection
• Legal obligations: billing, accounting and regulatory compliance

4. Google Data Usage & Limited Use Policy

Hatch OS complies with the Google API Services User Data Policy. In particular:

• Google Drive files are used exclusively to power your AI agent (RAG) and are not shared with any third party except where required by law
• Google data is never used for advertising purposes
• Google data is never used to train general or third-party AI models

5. GDPR Legal Basis

You may withdraw your consent at any time via your Hatch OS account settings or directly at myaccount.google.com/permissions.

6. Recipients and Sub-processors

Your data may be shared with the following sub-processors, strictly for service delivery purposes:

We never sell your personal data. International data transfers outside the European Union are governed by Standard Contractual Clauses.

7. Data Retention

• Account data: contract duration + 3 years after termination
• Indexed Google Drive documents: until Google account disconnection, then deleted within 30 days
• Technical logs: 12 months
• Billing data: 10 years (legal requirement)

8. User Rights (GDPR)

In accordance with GDPR, you have the following rights: access, rectification, erasure, restriction of processing, portability, objection and withdrawal of consent. To exercise these rights, contact our DPO at: cesar@gethatch.io. We are committed to responding within one month.

8.1 Revoking Google Access

You can revoke Hatch OS access to your Google account at any time, either through your Hatch OS account settings or directly on the Google permissions page: myaccount.google.com/permissions.

9. Cookies

The platform uses only strictly necessary cookies for its operation. No advertising cookies or third-party tracking tools are used without your explicit consent.

10. Security

Hatch OS implements appropriate technical and organizational measures, including: TLS 1.2+ encryption, strict access controls, access logging, regular backups and the least-privilege principle.

11. Minors

The service is designed for professional use and is not intended for persons under 16 years of age. We do not knowingly collect data relating to minors.

12. Modifications

Any substantial changes to this policy will be notified to you by email at least 30 days before they take effect.

13. Contact

DPO: cesar@gethatch.io
Postal address: 104 rue de la Folie-Méricourt, 75011 Paris, France