Privacy Policy

1. Introduction

THINKPOL SAS ("we," "our," or "us") is incorporated in France and acts as data controller responsible for the personal data described in this policy. Our registered address is 59 rue de Ponthieu, Bureau 326, 75008 Paris, France. SIRET: 102 449 683 00014. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

2. Information We Collect

We may collect personal information that you voluntarily provide to us, including but not limited to:

• Name, email address, and contact information
• Company name and job title
• Information provided through our contact forms
• Usage data and analytics information

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Respond to your inquiries and fulfill your requests
• Send administrative information and service updates
• Analyze usage patterns to enhance user experience
• Comply with legal obligations

4. Data Sharing & Disclosure

We do not sell your personal information. We may share your information with trusted third-party service providers who assist us in operating our platform, conducting our business, or servicing you, provided they agree to keep this information confidential.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet is 100% secure.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements.

7. Your Rights

Under applicable data protection laws (including GDPR), you have the following rights in relation to your personal data:

• Access (Art. 15): Request a copy of the personal data we hold about you.
• Rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Erasure (Art. 17): Request deletion of your personal data where there is no legitimate ground for continued processing.
• Restriction (Art. 18): Request that we limit processing of your data in certain circumstances.
• Object (Art. 21): Object at any time to processing based on our legitimate interests, including processing of publicly available data collected from third-party platforms. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
• Portability (Art. 20): Receive your personal data in a structured, machine-readable format where processing is based on consent or contract.

To exercise any of these rights, contact us at contact@think-pol.com. We will respond within 30 days. You also have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) at cnil.fr if you believe our processing does not comply with applicable law.

8. Third-Party Platform Data: Article 14 Notice

This section constitutes our transparency notice under GDPR Article 14 for data subjects whose publicly available content is processed through our intelligence platform.

Categories of data processed: Publicly posted text content (posts, comments, usernames), associated metadata (timestamps, community identifiers, engagement signals), and derived analytical signals. We do not process data from behind login walls, and we do not collect content that requires authentication to access.

Source: Publicly accessible third-party platforms, including social media and community platforms. THINKPOL is not affiliated with, endorsed by, or sponsored by any such platform. We do not circumvent technical access controls deployed by third-party platforms.

Purpose: Providing threat intelligence, fraud detection, brand protection, law enforcement support, and security research capabilities to authorized professional customers.

Legal basis: Article 6(1)(f) GDPR — legitimate interests. Our legitimate interests are: enabling professional customers (law enforcement, government agencies, corporate security teams) to identify threats, detect fraud, and conduct lawful security investigations using publicly available open-source intelligence. These interests are balanced against data subjects' rights given that only publicly posted content is processed and no individual profiling for commercial purposes takes place.

Retention: Publicly available content is retained for as long as operationally necessary to provide intelligence services. Content removal requests are processed in accordance with the erasure rights described in Section 7.

Restrictions on use: Data processed through our platform is used solely to generate analytical intelligence for authorized professional customers. We do not re-identify pseudonymous individuals, cross-reference platform data with off-platform personal identifiers for individual profiling purposes, or derive or infer special category data (as defined under GDPR Article 9) from third-party platform content.

How to object: If you are a data subject whose publicly available content is processed through our platform and wish to object to this processing under Article 21 GDPR, you may submit a request at contact@think-pol.com. Include sufficient information to identify the content in question. We will review your objection and respond within 30 days.

Customers who access our services are independently responsible for ensuring their use of derived intelligence complies with applicable data protection law, including the GDPR, and any relevant third-party platform policies in their jurisdiction.

9. Contact

For questions about this Privacy Policy, contact us at contact@think-pol.com or at THINKPOL SAS, 59 rue de Ponthieu, Bureau 326, 75008 Paris, France.