Privacy Policy

Last updated: May 20, 2026

This Privacy Policy explains how Security Against AI (the "Site") collects, uses, and protects information about visitors. This Site is operated by CG Consulting, based in France. The Site complies with the EU General Data Protection Regulation (GDPR), the French Loi Informatique et Libertés, and applicable e-Privacy rules.

1. Who is responsible for your data

The data controller is:

• Security Against AI
• Email: contact@securityagainstai.com
• Site: https://www.securityagainstai.com

For any privacy-related question, contact us at the address above. We will respond within 30 days as required by GDPR Article 12.

2. What data we collect, and why

2.1 Newsletter signups

If you subscribe to our newsletter, we collect your email address. We use it only to send the newsletter you signed up for. We do not share it with third parties for marketing.

Legal basis: your explicit consent under GDPR Article 6(1)(a). You can withdraw consent at any time by clicking the unsubscribe link in any email or by emailing us.

2.2 Contact form submissions

If you send us a message via the Contact page, we collect the name, email, phone (optional), subject and message you provide. We use this only to respond to your inquiry.

Legal basis: legitimate interest in responding to inbound communications, GDPR Article 6(1)(f).

2.3 Site analytics

We use Google Analytics 4 to understand how visitors find and use the Site. Google Analytics may collect:

• Your IP address (anonymized before storage)
• Device and browser type
• Pages visited, time on page, referring website
• Approximate geographic location (city-level)

This data is aggregated and not used to identify you personally. Legal basis: legitimate interest in measuring audience and improving the Site, GDPR Article 6(1)(f).

2.4 Server logs

Our hosting provider (Webflow) records standard server logs including IP address, timestamp, and pages requested. These are retained briefly for security and operational purposes.

3. Cookies

The Site uses two categories of cookies:

• Strictly necessary cookies — required for the Site to function (session, security). No consent required.
• Analytics cookies — set by Google Analytics to measure traffic. Lifespan: up to 2 years. You can opt out by using a browser extension like Google Analytics Opt-out or by enabling "Do Not Track" / "Global Privacy Control" in your browser.

We do not use advertising, retargeting, or profiling cookies.

4. Who we share data with

We share personal data with the following data processors, each bound by a Data Processing Agreement consistent with GDPR Article 28:

• Webflow, Inc. (United States) — Site hosting, form submissions, newsletter list. Transfer to the U.S. is covered by the EU-U.S. Data Privacy Framework and Standard Contractual Clauses. See Webflow's Privacy Policy.
• Google LLC (United States) — analytics via Google Analytics 4. Transfer covered by the EU-U.S. Data Privacy Framework. See Google's Privacy Policy.

We do not sell or rent personal data to anyone. We disclose data only when legally required (court order, official request from a competent authority).

5. How long we keep your data

• Newsletter email: until you unsubscribe.
• Contact form messages: up to 24 months after the last exchange, then deleted.
• Analytics data: up to 14 months (Google Analytics 4 default retention, configurable in the GA admin).
• Server logs: typically 30 days (Webflow's standard).

6. Your rights under GDPR

You have the right to:

1. Access the personal data we hold about you (Article 15)
2. Rectify inaccurate data (Article 16)
3. Erase your data — "right to be forgotten" (Article 17)
4. Restrict processing in certain circumstances (Article 18)
5. Receive your data in a portable format (Article 20)
6. Object to processing based on legitimate interest (Article 21)
7. Withdraw consent at any time, without affecting prior lawful processing (Article 7(3))
8. Lodge a complaint with the French data protection authority (CNIL — www.cnil.fr) or the supervisory authority in your country of residence

To exercise any right, email contact@securityagainstai.com. We may ask you to verify your identity before acting on certain requests.

7. Children

The Site is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal data, contact us and we will delete it.

8. Security

The Site is served exclusively over HTTPS. Form submissions and newsletter signups are encrypted in transit. We rely on Webflow's infrastructure security and follow industry-standard practices for the data we control.

No internet transmission is 100% secure. If we become aware of a personal data breach affecting you, we will notify the CNIL within 72 hours and notify you directly if the breach poses a high risk to your rights.

9. Changes to this Policy

We may update this Policy as the Site evolves. The "Last updated" date at the top reflects the most recent revision. Material changes will be announced on the Site and, where appropriate, by email to newsletter subscribers.

10. Contact

Questions about this Policy or how we handle your data:

Security Against AI
Email: contact@securityagainstai.com

This Privacy Policy is provided for information purposes. CG Consulting reserves the right to update it without prior notice. For binding legal advice, consult a qualified attorney in your jurisdiction.