Privacy Policy

1Subject

This privacy policy describes how Argus Labs (hereinafter "we", "us", "Argus Labs") collects, uses, and protects the personal data of users (hereinafter "you", "the user") of its sites and services.

1.1Distinction between Account Data and Investigation Data

In the context of using our sites and services, Argus Labs may collect the following data:

• Email address
• Username chosen by the user
• Information related to licenses and subscriptions
• Activity logs and action history
• Referral information
• Information related to roles and teams (for Enterprise subscriptions)

Payment data is processed directly by our provider Lemon Squeezy and is not stored by Argus Labs.

2.1Cookies and Tracking

Argus Labs prioritizes user privacy and minimizes data collection.

• Functional Cookies: We use essential cookies solely for authentication (session management) and security (CSRF protection). These do not require user consent.
• Analytics: We use a self-hosted instance of Umami Analytics (hosted on our own servers in France) to measure website performance. This solution is configured to anonymize IP addresses and does not use tracking cookies across websites. It is compliant with GDPR recommendations for exemption from consent banners.
• No Third-Party Tracking: We do not use Google Analytics, Facebook Pixel, or other third-party advertising trackers.

3Purposes of processing

The collected data is used for:

• Providing subscribed services (account management, licenses, subscriptions)
• Managing access to specific features (Support, private channels)
• Improving service functionality and ensuring platform security
• Informing users of important updates
• Facilitating referral program management

4Legal basis for processing

Data processing is based on:

• Contract execution (acceptance of Terms of Sale and Service)
• Argus Lab's legitimate interest (service improvement, security)
• Compliance with legal obligations

5Data recipients

The collected data is strictly intended for Argus Labs and its technical subcontractors:

• Cloudflare (hosting)
• OVH Cloud / Scaleway (Storage & Compute): Hosting of the application and databases.
  • Location: France (European Union).
  • Specificity: All Investigation Data (graphs, notes, enriched profiles) is stored exclusively on these servers and is encrypted at rest.
• Lemon Squeezy (payment)
• Artificial Intelligence Providers (Mistral AI):
  • Purpose: Used for data enrichment features and graph analysis.
  • Privacy Note: We use the enterprise/API versions of these services which guarantee that your Investigation Data is NOT used to train their models and is not retained longer than necessary for the generation (Zero Retention Policy).
• Brevo (Sendinblue SAS): Management of transactional emails (login magic links, notifications) and marketing communications.
  • Data shared: Email address, Name (optional), technical logs (opens/clicks).
  • Location: European Union
  • Security: Brevo is a French company strictly compliant with GDPR. Important Note: Brevo has absolutely no access to your operational investigation data (graphs, case files), which remain isolated on our sovereign servers.
  • Marketing Communication: Sending newsletters and product updates via Brevo. Users may opt-out at any time via the unsubscribe link included in every email.

Argus Labs does not sell or rent your data to third parties.

6Data retention period

Data is retained:

• As long as the user account is active
• Then archived for a maximum period of 5 years after account closure for evidence and legal compliance purposes

Technical logs are retained for 12 months.

7Data security

Argus Labs implements all appropriate technical and organizational measures to protect personal data against any destruction, loss, alteration, disclosure, or unauthorized access.

7.1Confidentiality of Investigation Data

Argus Labs personnel have no operational access to your Investigation Data (graphs, search history). Your data is logically isolated. Administrative access is strictly limited to technical maintenance operations or legal requirements (e.g., court order).

Investigation Data is encrypted at rest on our servers in France. We enforce strict logical segregation ensuring that no user can access another user's data. Argus Labs employees do not access the content of your investigations unless required by law or explicitly requested by you for support debugging.

8Transfers outside the European Union

Some providers are located outside the European Union (notably Cloudflare). Argus Labs ensures that appropriate safeguards are in place, such as adherence to the Data Privacy Framework or standard contractual clauses approved by the European Commission.

9Browser Extension Privacy

When using our browser extension, we collect and process the following specific data categories to provide the service:

• Personally Identifiable Information:We process your email address for user authentication and account management purposes, ensuring captured data is correctly linked to your workspace.
• Authentication Information:We handle secure session tokens to maintain the connection between the extension and the Argus Labs API.
• Web History (Active Tab URL):We capture the URL of the active page only when you trigger an action. This is strictly used to associate the source URL with the evidence (snapshot/screenshot) you are collecting. We do not track your browsing history passively.
• Website Content:We capture website content (text, images, HTML) at your explicit request to facilitate the Web Snapshot and evidence collection features.

10User rights

In accordance with applicable regulations, users have the following rights:

• Right of access
• Right to rectification
• Right to erasure
• Right to object
• Right to restriction of processing
• Right to data portability

To exercise these rights, users can send a request to: [email protected]

10Data breach notification

In the event of a personal data breach (as defined by the GDPR), Argus Labs commits to:

• Notify the relevant supervisory authority (CNIL in France) within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to individuals' rights and freedoms
• Assess the potential impact and risk level for affected users
• Directly notify affected users without undue delay when the breach is likely to result in a high risk to their rights and freedoms
• Provide affected users with information about:
  • The nature of the breach
  • Categories of personal data affected
  • Likely consequences
  • Measures taken to address the breach and mitigate potential adverse effects
  • Contact information for further inquiries
• Document all breaches, their effects, and remedial actions taken

We will communicate through email, account notifications, or other direct means as appropriate, depending on the circumstances of the breach.

11GDPR compliance

Argus Labs processes personal data in accordance with the General Data Protection Regulation (GDPR - Regulation (EU) 2016/679). Users also have the right to lodge a complaint with the competent supervisory authority, the CNIL (Commission Nationale de l'Informatique et des Libertés), accessible via the website www.cnil.fr.

12Modifications

Argus Labs reserves the right to modify this privacy policy at any time. Any substantial modification will be communicated to users through appropriate means, including notification in their personal space.