Privacy Policy

(Focal Shift™)

1. Data Controller

The personal data collected on the Focal Shift website is processed by:

Steven De Jong
40 chemin de la Colle
13490 Jouques - France
Email: contact@focalshift.eu

2. Data Collected

Depending on how the website is used, the following data may be collected:

a) Data provided voluntarily

  • Email address
  • Last name or first name, if provided
  • Phone number, if provided
  • Messages sent via forms or through the AI Advisor

b) Data related to the use of the welcome chatbot

The website features a welcome chatbot available on all pages, designed to help visitors find the services or content best suited to their situation. This chatbot does not require a user account or identification.

Messages exchanged with the welcome chatbot are stored in encrypted form (AES-256-GCM) on our servers for a maximum period of 12 months, for the purpose of improving the service. No directly identifying data (IP address, email address) is associated with these conversations. However, the content of messages may contain sensitive information freely described by the visitor.

Exchanges are transmitted to the technical processor (OpenAI) with the non-retention option enabled: data is neither stored nor used to train models by this processor.

When the chatbot directs the visitor to book an appointment, a summary of the described situation is automatically generated and pre-filled in the message field of the booking form. This summary is encrypted, stored for a maximum of 24 hours and can only be used once. The visitor may edit or delete it before submitting the form.

Temporary storage is also maintained in the visitor's browser (sessionStorage) to ensure conversation continuity during the visit. This storage is automatically cleared when the browser tab is closed.

The anti-spam service Cloudflare Turnstile is used on the welcome chatbot to distinguish human users from bots. IP addresses are temporarily processed for rate limiting and anti-spam verification purposes.

c) Data related to the use of the AI Advisor

  • Content of exchanges and conversations (text)
  • Audio data transmitted when using voice mode (user voice recording, generated audio output)
  • Transcriptions resulting from voice processing
  • Technical identifiers required for the service to operate

Conversations are encrypted and are used only for the operation of the service and the improvement of the user experience. To ensure that the AI Advisor can operate, exchanges (text and, where applicable, audio) are transmitted securely to a technical processor (OpenAI), which processes the data only to generate responses. This processor retains the data only temporarily, for a maximum of 30 days, and does not use it to train its models. Conversations may also be subject to automated quality analysis, transmitted to the same processor without data retention, solely for the purpose of improving the service. Audio data is not retained by Focal Shift beyond the active session; only the resulting text transcriptions are kept in the conversation history.

c) Data related to appointment booking

When a visitor submits an appointment request through the website, the following data is collected:

  • Name
  • Email address
  • Phone number (if provided or required depending on the chosen contact mode)
  • Free-text message (if provided)
  • Chosen contact mode (video call or phone call)
  • Appointment type and selected time slot

Technical data is also generated as part of processing the request: confirmation, management and cancellation tokens, request status, and, for video call appointments, a meeting link and event identifier hosted by Google (Calendar and Meet). If the appointment is cancelled by the publisher, a cancellation reason may be associated with the request.

Transactional emails are sent as part of the process: confirmation request (double opt-in), appointment confirmation with a calendar file (ICS), a reminder 24 hours before the appointment, and, where applicable, a cancellation notification.

Booking an appointment does not require a user account on the website.

d) Data related to the "Enrich your support" questionnaire

When a user fills in the questionnaire offered as part of the support process, the following data is collected:

  • Responses to the questionnaire (which may include information relating to the user's personal situation, experiences or feelings)
  • Explicit consent from the user (checkbox)

This data is transmitted securely to the Focal Shift internal processing engine, which relies on the technical processor (OpenAI) to generate a personalised perspective report. Questionnaire data is processed solely for this purpose.

e) Payment data

Payments for credits, gift cards and services are processed by Stripe.
No banking data, such as card numbers or security codes, is stored on the website or on its servers.

f) User account data

  • Email address, password (hashed)
  • Login sessions (session cookie)
  • Email verification token, password reset token
  • Two-factor authentication data (TOTP secret, where applicable)

g) Technical and security data

Technical data, including IP addresses, may be collected temporarily for the following purposes:

  • security
  • abuse prevention
  • website protection

Attempts to manipulate, circumvent or misuse the AI Advisor or the welcome chatbot are automatically detected. When detected, the following data is logged: user identifier, triggering message, event type and date. This data is retained indefinitely for traceability and service protection purposes. This processing is based on the legitimate interest of the publisher (GDPR, Article 6(1)(f)).

3. Purposes and Legal Bases

Data is used for the following purposes:

  • Providing the services offered (the AI Advisor in text and voice mode, support, credits) — legal basis: performance of the contract
  • Managing appointment requests (processing, confirmation, reminder, cancellation) — legal basis: performance of the user's request (pre-contractual measures)
  • Generating perspective reports from the questionnaire — legal basis: explicit consent of the user
  • Guiding visitors through the welcome chatbot and improving the service based on retained conversations — legal basis: legitimate interest (facilitating access to services and continuous improvement)
  • Responding to requests sent through the contact form — legal basis: legitimate interest (management of enquiries)
  • Managing user accounts and authentication — legal basis: performance of the contract
  • Processing payments and billing — legal basis: performance of the contract and legal obligations
  • Security, abuse prevention and website protection — legal basis: legitimate interest
  • Compliance with legal obligations — legal basis: legal obligation

No data is used for advertising purposes or sold to third parties.

4. Retention Period

AI Advisor conversations

Exchanges made through the AI Advisor are retained in order to allow the user to access their conversation history and to ensure continuity of service.

  • Active conversations are retained for as long as they are used by the user.
  • The user may delete a conversation at any time. This deletion is final and the conversation can no longer be recovered.
  • An inactive conversation is automatically deleted after 365 days.
  • Deleted data is retained on our servers for a maximum period of 180 days for legal compliance purposes, then permanently erased.
  • If a conversation remains inactive for more than 30 days, the conversational context hosted by our technical processor (OpenAI) automatically expires. The conversation remains accessible, but the AI Advisor may lose some of the accuracy linked to previous exchanges.

This data is used only for the operation of the service and is never used for commercial or advertising purposes.

Welcome chatbot conversations

  • Conversations are stored in encrypted form for a maximum period of 12 months, then automatically deleted.
  • Situation summaries generated for pre-filling the booking form are encrypted, expire after 24 hours and are automatically deleted.

Appointment data

  • Appointment requests (whether confirmed, cancelled or expired) are retained for 24 months from the date of the appointment or the cancellation.
  • Technical tokens (confirmation, management, cancellation) are invalidated after use or expiry and are not reused.
  • Visitors without a user account may request the deletion of their appointment data by writing to contact@focalshift.eu.

Questionnaire data

  • Questionnaire responses and the generated report are retained for as long as the user account is active.
  • If the account is deleted, this data is removed under the same conditions as other account data.

Data from the contact form

Messages sent through the contact form are stored in a secure database to ensure proper follow-up and traceability of requests.

  • Data collected: name, email address, subject, phone number (if provided), message
  • No IP address is stored
  • Archived messages are deleted after 24 months
  • You may request the deletion of your messages at any time by writing to contact@focalshift.eu

User account data

  • Account data is retained for as long as the account is active.
  • Session cookies expire after 30 days or upon logout.
  • Email verification and password reset tokens expire after a limited period.
  • If the user deletes their account, associated data is removed in accordance with the conditions described in the Terms of Use and Terms of Sale, subject to applicable legal retention periods.

Security data, including logs and IP addresses

  • Retained for a maximum period of 90 days

Billing data

  • Retained in accordance with applicable legal obligations

5. Processors and Recipients

Personal data may be shared with the following processors, strictly for the purposes described above:

  • Infomaniak (Switzerland) — website and data hosting, sending of transactional emails (appointment confirmation, account verification, password reset, reminders)
  • OpenAI (United States) — processing of exchanges in the AI Advisor (text and audio), generation of perspective reports. Data is transmitted securely in accordance with a Data Processing Addendum (DPA). OpenAI retains data only temporarily (up to 30 days) and does not use it to train its models.
  • Stripe (United States) — payment processing. No banking data is stored by Focal Shift.
  • Google (United States) — creation of calendar events and video conferencing links (Google Calendar and Google Meet) for managing video call appointments. A calendar invitation email may be sent to the visitor by Google.
  • Cloudflare (United States) — anti-spam verification service (Cloudflare Turnstile) used on forms across the website (contact, appointment booking, registration, login, password reset) and on the welcome chatbot. This service may collect technical data (IP address, browser fingerprint, interaction data) in order to distinguish human users from bots.

No data is sold, rented or shared with third parties for commercial or advertising purposes.

6. Users' Rights

In accordance with the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access to your personal data
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to object
  • Right to data portability

You may exercise these rights by writing to:
contact@focalshift.eu

If you booked an appointment without having a user account on the website, you may exercise your rights (access, rectification, erasure) by sending your request to contact@focalshift.eu, indicating the email address used when booking the appointment.

If you experience any difficulty in exercising your rights, you also have the right to lodge a complaint with the French data protection authority (CNIL) — www.cnil.fr.

7. Cookies and Trackers

The website uses only:

  • Technical cookies necessary for its operation (session cookie for authentication of logged-in users)
  • A language preference cookie (site_locale) to remember the language chosen by the visitor

No audience measurement or advertising cookies are used.

The welcome chatbot uses temporary browser storage (sessionStorage) to maintain the ongoing conversation. This storage is cleared when the browser tab is closed and does not constitute a cookie.

The anti-spam service Cloudflare Turnstile, used on certain forms on the website, may collect technical data (see section 5) but does not set any advertising or tracking cookies.

8. Hosting and Security

Data is hosted on servers located in Europe, in particular by Infomaniak (Switzerland). Processors located in the United States (OpenAI, Stripe, Google, Cloudflare) process data in accordance with appropriate safeguards and their respective data processing agreements.

Appropriate technical and organizational measures are implemented to ensure data security:

  • restricted access
  • encryption
  • security and monitoring tools

9. Service Limitations

The services offered on Focal Shift do not constitute a medical act, therapy, or legal or financial advice.
No automated decision-making producing legal effects is carried out on the basis of the data processed.

10. Changes to This Policy

This Privacy Policy may be amended at any time in order to remain compliant with legal or technical developments.
The version in force is the one published on the website.

© Focal Shift™ - All rights reserved

Focal Shift