Privacy Policy

Last updated: Jan 6th, 2026

Controller: Squadra SAS, France, registration number 933 235 087

This Privacy Policy explains how Squadra processes personal data when you use our website and the SquadraOne platform.

When you use SquadraOne for business purposes, some personal data contained in your business content (e.g., Notion pages, calendar items) is processed by Squadra as a processor under our DPA. This Privacy Policy covers processing where Squadra acts as controller.

1) What data we collect

1.1 Account and subscription data

Name, email, authentication identifiers
Plan, subscription status
Billing metadata (payments are processed by Stripe)

1.2 Product usage and security logs

Usage events (features used, timestamps)
Device and browser information
IP address and approximate location derived from IP
Security and abuse-prevention logs

1.3 Communications and support data

Emails exchanged with you (support, product, admin)
Feedback, survey answers, bug reports you provide
Community interactions if you choose to use Discord

1.4 Integrations metadata

Connection status and metadata of integrations (e.g., connected/not connected, timestamps)
OAuth tokens and technical identifiers needed to maintain connections

1.5 Website and in-app analytics

We use Google Analytics on:

our marketing website (hosted on Webflow), and
parts of the SquadraOne app,
to understand usage and improve product experience.

2) Why we use your data (purposes)

We process personal data to:

provide and operate the Services (accounts, authentication, core features);
manage subscriptions and payments;
ensure security, prevent fraud and abuse, and maintain platform integrity;
communicate with you (service messages, support, product updates);
analyze and improve the website and the Services (including product analytics);
comply with legal obligations.

3) Legal bases (GDPR)

Depending on context:

Contract: to provide the Services you request;
Legitimate interests: security, abuse prevention, product improvement, support;
Legal obligation: accounting, compliance;
Consent: where required for cookies/trackers.

4) Sharing and recipients

We share data with:

infrastructure and service providers necessary to operate the Services (see Section 6),
professional advisors under confidentiality,
authorities if legally required.

We do not sell personal data.

‍

5) Retention

We retain personal data as controller:

as long as your account is active and needed to provide the Services;
and thereafter as needed for legal obligations, dispute resolution, and enforcement.

For Customer Data processed as processor, retention/deletion follows the Agreement/DPA (currently up to 90 days after termination unless law requires longer).

‍

6) Service providers (subprocessors / vendors)

See Subprocessor List at: https://www.squadra.ai/onelegal/subprocessors

7) International transfers

Where personal data is transferred outside the EEA/UK, we rely on appropriate safeguards such as SCCs or adequacy decisions as applicable.

8) Cookies and analytics

We use cookies and similar technologies for:

essential functionality, and
analytics (Google Analytics) on the website and parts of the app.

Where required by law, analytics cookies are set only after your consent via our cookie banner / consent manager.

9) Your rights

Subject to applicable law, you may have rights to access, rectification, erasure, restriction, objection, and portability, and to withdraw consent where applicable.

You can exercise rights by contacting: contact@squadra.ai.

If we process data as processor on behalf of a business customer, requests may need to be handled via that customer.

10) Security

We use appropriate technical and organizational measures to protect personal data, including access controls and security monitoring proportionate to our stage and risk profile.

11) Children

The Services are intended for professionals and are not directed to children.

12) Changes

We may update this Privacy Policy. The updated version will be posted and may be notified via email and/or in-app notice.

‍