Privacy Policy

Last updated: July 12, 2026

1. Introduction

THINKPOL SAS ("we," "our," or "us") is incorporated in France and acts as data controller responsible for the personal data described in this policy. Our registered address is 59 rue de Ponthieu, Bureau 326, 75008 Paris, France. SIRET: 102 449 683 00014. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

2. Information We Collect

We may collect personal information that you voluntarily provide to us, including but not limited to:

  • Name, email address, and contact information
  • Company name and job title
  • Information provided through our contact forms
  • Usage data and analytics information

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Respond to your inquiries and fulfill your requests
  • Send administrative information and service updates
  • Analyze usage patterns to enhance user experience
  • Comply with legal obligations

4. Data Sharing & Disclosure

We do not sell your personal information. We may share your information with trusted third-party service providers who assist us in operating our platform, conducting our business, or servicing you, provided they agree to keep this information confidential.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet is 100% secure.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements.

7. Your Rights

Under applicable data protection laws (including GDPR), you have the following rights in relation to your personal data:

  • Access (Art. 15): Request a copy of the personal data we hold about you.
  • Rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Erasure (Art. 17): Request deletion of your personal data where there is no legitimate ground for continued processing.
  • Restriction (Art. 18): Request that we limit processing of your data in certain circumstances.
  • Object (Art. 21): Object at any time to processing based on our legitimate interests, including processing of publicly available data collected from third-party platforms. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
  • Portability (Art. 20): Receive your personal data in a structured, machine-readable format where processing is based on consent or contract.

To exercise any of these rights, contact us at contact@think-pol.com. We will respond within 30 days. You also have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) at cnil.fr if you believe our processing does not comply with applicable law.

8. Third-Party Platform Data: Article 14 Notice

This section constitutes our transparency notice under GDPR Article 14 for data subjects whose publicly available content is processed through our intelligence platform.

Categories of data processed: Publicly posted text content (posts, comments, usernames), associated metadata (timestamps, community identifiers, engagement signals), and derived analytical signals. We do not process data from behind login walls, and we do not collect content that requires authentication to access.

Source: Publicly accessible third-party platforms, including social media and community platforms. THINKPOL is not affiliated with, endorsed by, or sponsored by any such platform. We do not circumvent technical access controls deployed by third-party platforms.

Purpose: Providing threat intelligence, fraud detection, brand protection, law enforcement support, and security research capabilities to authorized professional customers.

Legal basis: Article 6(1)(f) GDPR — legitimate interests. Our legitimate interests are: enabling professional customers (law enforcement, government agencies, corporate security teams) to identify threats, detect fraud, and conduct lawful security investigations using publicly available open-source intelligence. These interests are balanced against data subjects' rights given that only publicly posted content is processed and no individual profiling for commercial purposes takes place.

Retention: Publicly available content is retained for as long as operationally necessary to provide intelligence services. Content removal requests are processed in accordance with the erasure rights described in Section 7.

Restrictions on use: Data processed through our platform is used solely to generate analytical intelligence for authorized professional customers (such as law enforcement, government agencies and corporate security teams) in the context of their lawful investigations, and never for advertising, commercial profiling or automated decisions producing legal effects. Our analysis is limited to content that individuals have made public. Where such content itself reveals information that may relate to special categories of data under GDPR Article 9 (for example where an individual has manifestly made such information public), any processing is confined to the professional security and law-enforcement purpose described above, and remains subject to the objection right set out in Section 7 and below.

How to object: If you are a data subject whose publicly available content is processed through our platform and wish to object to this processing under Article 21 GDPR, you may submit a request at contact@think-pol.com. Include sufficient information to identify the content in question. We will review your objection and respond within 30 days.

Legitimate interest assessment: Before relying on Article 6(1)(f), we carried out and documented a balancing test. Our purpose (enabling competent authorities and vetted security professionals to detect threats, fraud and serious crime using publicly available open-source intelligence) is legitimate; the processing is necessary because this capability cannot reasonably be achieved by less intrusive means; and the impact on data subjects is limited because we process only content the individual made public, apply no advertising or commercial profiling, and restrict access to vetted professional customers under contract. We keep this assessment under review and reassess it against any objection received.

Objections, removal requests and restriction of processing: When we receive an objection or removal request, we immediately cease the most intrusive processing by removing public access to the account through our free tools. Any residual records are then restricted under Article 18 (stored but not otherwise processed) and retained only where a compelling legitimate ground applies, namely support for competent authorities' investigations into serious crime and threats to public security, and the establishment, exercise or defence of legal claims, in each case under strict safeguards: no public exposure, access limited to vetted competent authorities, EU hosting and data minimisation. Where no such ground applies, we erase the data. We give particular weight to, and act on with priority, requests that concern a minor, special categories of data under Article 9, or content that is non-consensual.

Customers who access our services are independently responsible for ensuring their use of derived intelligence complies with applicable data protection law, including the GDPR, and any relevant third-party platform policies in their jurisdiction.

9. Contact

For questions about this Privacy Policy, contact us at contact@think-pol.com or at THINKPOL SAS, 59 rue de Ponthieu, Bureau 326, 75008 Paris, France.

Stop reading about
it in the news.

Request access to THINKPOL. We respond within one working day. A 30-minute scoping call follows, and a sandbox tenant is provisioned within five working days of contract signature.

Contractual agreement requiredSandbox in 5 working days
© 2026 THINKPOL SAS
Backed byFrance 2030APOK InvestLa French Tech