1. Who we are
Axycos is a Business Process Outsourcing company providing customer support, technical helpdesk and back-office services to technology companies. Axycos operates from two offices:
- Paris, France — European headquarters
- Tunis, Tunisia — Operations centre
As a company operating within the European Union, Axycos complies with the General Data Protection Regulation (GDPR — Regulation EU 2016/679).
Data Controller: Axycos · hello@axycos.com · axycos.com
2. What data we collect
We collect data in three ways:
2.1 Data you provide directly
When you fill out a contact form, book a call or request a consultation on our website, we collect:
- Full name
- Work email address
- Company name
- Phone number (optional)
- Preferred date and time for a call
- Team size information
- Any message or additional information you choose to share
2.2 Data collected automatically
When you visit our website, our hosting provider (Vercel) may collect standard server logs including:
- IP address (anonymised)
- Browser type and version
- Pages visited and time spent
- Referring URL
We do not use third-party analytics trackers (such as Google Analytics) or advertising cookies on this website.
2.3 Chat assistant data
When you use our AI-powered chat assistant, your messages are processed in real time to generate a response. Chat conversations are not stored on our servers beyond the duration of the session.
3. How we use your data
| Purpose | Legal basis (GDPR) |
|---|---|
| Responding to your contact requests and booking calls | Legitimate interest / Pre-contractual measures (Art. 6.1.b) |
| Sending you commercial information about our services (if you have consented) | Consent (Art. 6.1.a) |
| Improving our website and services | Legitimate interest (Art. 6.1.f) |
| Complying with legal obligations | Legal obligation (Art. 6.1.c) |
4. How long we keep your data
- Contact and booking requests: 3 years from the last contact
- Client data (for customers under contract): Duration of the contract + 5 years
- Server logs: 30 days (Vercel standard retention)
- Chat sessions: Not retained beyond the session
5. Who we share your data with
We do not sell, rent or trade your personal data. We may share data with trusted third-party processors acting on our behalf:
- Vercel Inc. (website hosting, USA — Standard Contractual Clauses apply)
- Resend Inc. (transactional email delivery)
- Anthropic PBC (AI chat assistant — messages processed in real time, not stored)
All processors are contractually required to protect your data in accordance with GDPR.
6. International data transfers
Some of our service providers are located outside the European Economic Area (EEA), in particular in the United States. In such cases, data transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an equivalent level of protection to that within the EEA.
7. Your rights under GDPR
You have the following rights regarding your personal data:
- Right of access — request a copy of the data we hold about you
- Right to rectification — request correction of inaccurate data
- Right to erasure ("right to be forgotten") — request deletion of your data
- Right to restriction of processing — request that we limit how we use your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — at any time, without affecting prior processing
To exercise any of these rights, contact us at: privacy@axycos.com. We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority. In France, this is the CNIL (Commission Nationale de l'Informatique et des Libertés).
8. Cookies
Our website uses only strictly necessary cookies:
- admin_session — secure session cookie for the admin area only, HttpOnly, not accessible via JavaScript, expires after 8 hours. This cookie is not set for regular visitors.
We do not use advertising, tracking or analytics cookies. No cookie consent banner is required for this site.
9. Security
Axycos implements appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or disclosure, including:
- HTTPS encryption for all communications (TLS 1.2+)
- HttpOnly, Secure and SameSite session cookies
- HMAC-SHA256 signed tokens for administrative sessions
- Environment-variable-based secret management (no credentials in source code)
- Strict access control to production systems
10. Changes to this policy
We may update this Privacy Policy from time to time. Any significant changes will be reflected in the "Last updated" date at the top of this page. We encourage you to review this page periodically.
11. Contact
For any privacy-related questions or to exercise your rights:
- Email: privacy@axycos.com
- General contact: hello@axycos.com
- Website: www.axycos.com