Privacy policy
Last updated: 12 June 2026.
Who we are
Alliage SAS (“Alliage”, “we”, “us”), a French simplified joint-stock company registered in Paris under SIREN 104 220 736, with its registered office at 88 rue Philippe de Girard, 75018 Paris, France, is the data controller for the processing described in this policy. You can reach us at founders@alliage.ai.
Alliage is a business-to-business document-management platform: organisations (“tenants”) import their documents into a private workspace where they are indexed and made searchable for that organisation only.
Data we collect
- Account data
- Name, email address, and role of the users an organisation's administrator creates, used to authenticate and operate the service.
- Contact data
- The email address you submit through the contact form on alliage.ai, used solely to respond to your enquiry.
- Imported documents
- Files an organisation's administrator chooses to import into their workspace, including files imported from Google Drive (see the dedicated section below).
- Technical logs
- Operational logs and metrics needed to run, secure, and debug the service.
Google user data
Alliage offers an optional Google Drive connector. When an
organisation's administrator explicitly connects their Google
account, Alliage requests read-only access to Google Drive (the drive.readonly scope) so the administrator can select folders with the Google Picker
and import their contents.
- What we access
- The names, types, and contents of the files and folders the administrator selects for import, including the descendants of selected folders. Access is read-only: Alliage never modifies, shares, or deletes anything in your Google Drive.
- How we use it
- Solely to perform the import the administrator initiates: enumerate the selected folders, download the files, extract their text, and index them in the organisation's private workspace. We do not use Google user data for advertising, and no humans read it except with your explicit consent, for security purposes, to comply with applicable law, or as part of aggregated, anonymised internal operations.
- Where it is stored
- Imported documents and OAuth tokens are stored on servers hosted in the European Union (Scaleway, France) and transmitted over encrypted connections (TLS).
- Who we share it with
- No one. Google user data is never sold, never shared with third parties, and never transferred except to the hosting infrastructure listed above acting on our instructions.
- Retention and deletion
- Imported documents are retained for as long as the organisation's workspace exists. An administrator can disconnect Google Drive at any time, which invalidates the stored tokens; you can also revoke Alliage's access from your Google account security settings. Imported documents are deleted upon the organisation's request and when the workspace is deleted.
Alliage's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Legal bases
We process account data and imported documents to perform our contract with the subscribing organisation (article 6(1)(b) GDPR); contact data on the basis of our legitimate interest in responding to enquiries (article 6(1)(f)); and technical logs on the basis of our legitimate interest in securing and operating the service (article 6(1)(f)).
Security
Data is transmitted over encrypted connections (TLS) and stored on infrastructure hosted in the European Union. Each organisation's data is isolated from every other organisation's, enforced at the database level. Access by Alliage personnel is restricted to what is strictly necessary to operate and support the service.
Your rights
In accordance with Regulation (EU) 2016/679 (GDPR) and the French “Informatique et Libertés” Act of 6 January 1978 (as amended), you have the right to access, rectify, erase, port, restrict, and object to the processing of your personal data. To exercise these rights, write to founders@alliage.ai. You may also lodge a complaint with the CNIL (cnil.fr), the French data protection authority.
Cookies
The alliage.ai site sets no analytics, advertising, or profiling cookies and uses no third-party trackers. The application sets only cookies strictly necessary for authentication, which are exempt from consent under article 82 of the French “Informatique et Libertés” Act.
Changes to this policy
We may update this policy from time to time. Material changes will be reflected on this page with an updated “last updated” date, and organisations will be notified of changes that significantly affect how their data is processed.
Contact
For any question about this policy or about how your data is handled, write to founders@alliage.ai or to Alliage SAS, 88 rue Philippe de Girard, 75018 Paris, France.