01Who we are
Duke Analytics SAS is a French company headquartered in Paris. We provide agent-native analytics infrastructure for European teams.
For the purposes of the General Data Protection Regulation (GDPR), Duke Analytics SAS is the data controller for the personal data described in this policy. Contact: privacy@duke-analytics.com.
02What we collect
We collect only what we need to deliver and improve the service.
- Account data: name, work email, organisation, role.
- Product usage: feature events, performance metrics, error logs.
- Communications: support requests, demo bookings, newsletter opt-ins.
- Customer data processed on your behalf: handled as a processor, governed by your DPA.
03Why we process it
- Provide the Duke Analytics service and honour our contract with you.
- Operate, secure and improve the platform.
- Send service-critical communications.
- Comply with our legal obligations under EU and French law.
04Where we host
All production workloads run on EU-hosted infrastructure operated by vetted providers under EU jurisdiction. Inference runs on sovereign endpoints by default; alternative LLM endpoints are opt-in and clearly disclosed.
05Sharing & sub-processors
We never sell personal data. A current list of sub-processors is available on request and updated when material changes occur. We notify enterprise customers in writing of any new sub-processor.
06Retention
Account and billing data are retained for the duration of the contract and up to the statutory limitation period. Product telemetry is aggregated or deleted within 13 months. Customer data processed on your behalf is retained per your instructions.
07Your rights
Under GDPR you have the right to access, rectify, erase, restrict or port your personal data, and to object to processing. To exercise these rights, write to privacy@duke-analytics.com. You may also lodge a complaint with the French data protection authority (CNIL).
08Security
We follow industry best practice: encryption in transit and at rest, least-privilege access, audit logging, regular vulnerability testing, and a documented incident-response process.
09Changes
We update this policy when our practices change. Material changes are announced at least 30 days in advance via in-product notice or email.
Duke Analytics · Paris, France · hello@duke-analytics.com
