GDPR compliance
Your data rights under GDPR, and how Le Bureau handles data protection, retention, and deletion.
EU-hosted infrastructure
Le Bureau is built and hosted in France. All infrastructure, data storage, and processing happen within the European Union.
Your data rights
Under the General Data Protection Regulation (GDPR), you have the following rights:
Right of access
You can request a complete copy of all personal data we hold about you. This includes your account information, desktop metadata, billing records, and any associated logs.
Right to rectification
If any of your personal data is inaccurate or incomplete, you can ask us to correct it. For most account details, you can update them directly from your dashboard.
Right to erasure
You can request that we delete all your personal data. This includes:
- Your user account and profile
- All desktop VMs and their contents
- Billing records (subject to legal retention requirements)
- Session and authentication data
Once we process an erasure request, the deletion is permanent and irreversible.
Right to data portability
You can request your personal data in a structured, commonly used, and machine-readable format so that you can transfer it to another service.
Right to restriction
You can ask us to restrict processing of your personal data while you contest its accuracy or object to its use.
Right to object
You have the right to object to processing of your personal data for specific purposes.
What data we collect
We collect only what is necessary to provide the service:
| Data | Purpose | Retention |
|---|---|---|
| Email address | Account identification, notifications | Until account deletion |
| OAuth provider + ID | Authentication | Until account deletion |
| Display name | Personalization | Until account deletion |
| Desktop metadata | Service operation (status, resources, timestamps) | Until desktop deletion |
| Provider config (encrypted) | AI agent configuration | Until desktop deletion |
| Billing records | Payment processing, legal obligations | As required by law |
| IP addresses in logs | Security, rate limiting | 30 days |
What we do not collect
- Desktop file contents
- AI conversation logs
- Browsing history within VMs
- Keystroke data
- Screen recordings
Data processing
Le Bureau processes your data for:
- Service delivery: running your desktops and managing your account
- Billing: processing payments through Stripe
- Security: rate limiting, authentication, abuse prevention
- Communication: transactional emails (account creation, billing)
We do not process your data for advertising, profiling, or third-party marketing.
Third-party processors
| Processor | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, billing info |
| Infrastructure provider (OVH) | Infrastructure hosting | Encrypted data at rest |
| Google / GitHub | OAuth authentication | Email, name (read-only) |
Data retention
- Active accounts: data is retained as long as your account is active.
- Deleted desktops: VM data is permanently deleted immediately.
- Closed accounts: all personal data is deleted within 30 days, except billing records retained for legal compliance.
- Security logs: IP addresses and rate-limiting data are purged after 30 days.
How to exercise your rights
Send your request to contact@talentai.fr with:
- Your account email address
- The specific right you are exercising
- Any details that help us identify the relevant data
We will respond within 30 days as required by GDPR. There is no fee for exercising your rights.
Data protection contact
For any data protection questions or concerns:
Email: contact@talentai.fr Company: TalentAI Location: France, EU