SIDE B · TRACK L1 · LEGAL

Privacy Policy

What data we collect, why we collect it, and the controls you have. GDPR-aligned, EU-sovereign by design.

LAST UPDATED · June 2026

01Who we are

Duke Analytics SAS is a French company headquartered in Paris. We provide agent-native analytics infrastructure for European teams.

For the purposes of the General Data Protection Regulation (GDPR), Duke Analytics SAS is the data controller for the personal data described in this policy. Contact: privacy@duke-analytics.com.

02What we collect

We collect only what we need to deliver and improve the service.

  • Account data: name, work email, organisation, role.
  • Product usage: feature events, performance metrics, error logs.
  • Communications: support requests, demo bookings, newsletter opt-ins.
  • Customer data processed on your behalf: handled as a processor, governed by your DPA.

03Why we process it

  • Provide the Duke Analytics service and honour our contract with you.
  • Operate, secure and improve the platform.
  • Send service-critical communications.
  • Comply with our legal obligations under EU and French law.

04Where we host

All production workloads run on EU-hosted infrastructure operated by vetted providers under EU jurisdiction. Inference runs on sovereign endpoints by default; alternative LLM endpoints are opt-in and clearly disclosed.

05Sharing & sub-processors

We never sell personal data. A current list of sub-processors is available on request and updated when material changes occur. We notify enterprise customers in writing of any new sub-processor.

06Retention

Account and billing data are retained for the duration of the contract and up to the statutory limitation period. Product telemetry is aggregated or deleted within 13 months. Customer data processed on your behalf is retained per your instructions.

07Your rights

Under GDPR you have the right to access, rectify, erase, restrict or port your personal data, and to object to processing. To exercise these rights, write to privacy@duke-analytics.com. You may also lodge a complaint with the French data protection authority (CNIL).

08Security

We follow industry best practice: encryption in transit and at rest, least-privilege access, audit logging, regular vulnerability testing, and a documented incident-response process.

09Changes

We update this policy when our practices change. Material changes are announced at least 30 days in advance via in-product notice or email.

Duke Analytics · Paris, France · hello@duke-analytics.com

INTERLUDEElectrophazz, les vibes du studio