Indris Studio
Privacy Policy
Data protection information for the indris.studio service and platform.
Version: 19/03/2026
French Version Prevails
This English version is provided for convenience only. In the event of any discrepancy between the French and English versions, the French version shall prevail.
French version1. Who Are We?
The indris.studio service is operated by Indris Studio, an EURL with share capital of EUR 1,000, whose registered office is located at 200 rue de la Croix Nivert, 75015 Paris, France, registered with the Paris Trade and Companies Register under number 101 367 274, and reachable at bonjour@indris.studio. For any question relating to personal data protection, you may contact us at privacy@indris.studio.
This Privacy Policy describes how Indris Studio processes personal data in connection with its architectural visualization business for professional clients, as well as in connection with the use of the platform accessible via indris.studio.
2. Scope and Role of Indris Studio
This policy covers processing operations for which Indris Studio acts as data controller, including:
- management of the pre-contractual and contractual relationship;
- creation and management of client accounts;
- management of orders, invoicing, and payments;
- application security and access management;
- support, request management, and defense of its rights.
Conversely, where personal data appears in files, documents, plans, comments, attachments, or other project content transmitted by the Client through the service, Indris Studio generally acts as the Client's processor, while the Client remains the data controller. Those processing operations are then primarily governed by the DPA concluded with the Client.
3. What Data Do We Process?
Depending on the circumstances, we may process the following categories of data:
3.1. Data relating to professional contacts
Surname, first name, role, company, professional email address, professional telephone number, professional contact details, and contractual and commercial exchanges.
3.2. Account and access data
User identifier, login email address, authorization information, login history, technical logs, authentication data, and security data.
3.3. Data relating to projects and submitted content
Documents, plans, facade drawings, sections, elevations, 3D files, PDFs, comments, annotations, instructions, validations, attachments, messages, and associated metadata. Depending on the circumstances, this data may contain personal data. For this project content, Indris Studio most often acts as processor.
4. Why Do We Process Your Data and on What Legal Bases?
When we act as data controller, we process data for the following purposes:
4.1. Management of the commercial relationship and performance of services
Account creation, pre-contractual exchanges, order validation, project follow-up, communication with the Client, provision of deliverables, and support.
Legal basis: performance of the contract or pre-contractual measures.
4.2. Administrative, accounting, and tax management
Issuing quotes and invoices, payment follow-up, accounting, evidentiary archiving, and compliance with legal obligations.
Legal basis: legal obligation and, where applicable, performance of the contract.
4.3. Application security and incident prevention
Access management, logging, traceability, security of technical environments, and prevention of fraud or unlawful use.
Legal basis: legitimate interest.
4.4. Request management and defense of our rights
Handling complaints, managing pre-litigation and litigation matters, and retaining evidence.
Legal basis: legitimate interest and, where applicable, legal obligation.
4.5. Indris Studio's own B2B commercial prospecting
Where applicable, sending commercial information about our services to professional contacts, in compliance with applicable rules.
Legal basis: legitimate interest.
5. Mandatory or Optional Nature of the Data
Data identified as necessary for account creation, order management, performance of services, invoicing, or service security is necessary for the contractual relationship. Failing this, we may be unable to provide all or part of the service. This information forms part of the notices to be provided under the GDPR.
6. Recipients of the Data
The data is accessible:
- only to authorized persons within Indris Studio;
- to our technical service providers and sub-processors involved in hosting, authentication, storage, application execution, security, or technical support;
- where necessary, to our advisors, administrative service providers, or legally authorized authorities.
Indris Studio relies primarily on Google Cloud / Firebase infrastructure, with its primary hosting and processing location in the European Union, including the europe-west4 region (Netherlands), depending on the components used.
7. Use of Artificial Intelligence Tools
In connection with the performance of certain services, Indris Studio may use generative artificial intelligence tools as technical assistance for producing visual deliverables. These tools are used as aids to creation, under human control, and not as a decision-making system that by itself produces legal effects or similarly significant effects on data subjects.
For this purpose, content transmitted by the Client, such as plans, sections, elevations, models, 3D files, PDF documents, visual references, instructions, or relevant excerpts, may be processed on an occasional basis strictly to the extent necessary for technical performance of the service.
Indris Studio does not use the Client's data, project documents, or deliverables to train, fine-tune, or improve its own artificial intelligence models, unless otherwise agreed in writing in advance by the Client.
Where the artificial intelligence tools used rely on Google Cloud / Vertex AI services, the corresponding processing falls within the contractual framework applicable to those services. Google Cloud documentation indicates that Google does not use Customer Data to train or fine-tune AI/ML models without the customer's prior permission or instruction.
However, certain limited technical processing, including logging or abuse prevention, may exist depending on the service configuration and applicable contractual documentation. Indris Studio does not implement any mechanism for sharing the Client's data with Google for model-improvement purposes, unless instructed by the Client or permitted under the applicable contractual framework.
8. Data Transfers Outside the European Economic Area
The data is intended to be hosted and processed primarily within the European Union. However, certain technical processing operations, support or maintenance operations, or features associated with some technical providers may, depending on the circumstances, involve the transfer of personal data outside the European Economic Area.
In that case, Indris Studio ensures that such transfers are governed in accordance with Chapter V of the GDPR, using a transfer mechanism recognized as valid by applicable regulations, such as standard contractual clauses of the European Commission, an adequacy decision, or any other legally appropriate mechanism depending on the case.
The data subject may request additional information about the transfer mechanism applicable to their situation and, where possible, obtain a copy of the appropriate safeguards or be informed where they have been made available.
Any request relating to these transfers may be sent to privacy@indris.studio.
9. How Long Do We Retain the Data?
Depending on our role, we apply the following retention principles:
9.1. Commercial relationship and client account data
Retention for the duration of the contractual relationship, then archiving for the period necessary to manage claims, preserve evidence, and comply with applicable legal obligations.
9.2. Data used for commercial prospecting
Retention during the commercial relationship and then, unless an exception applies, for three (3) years from the end of the commercial relationship or from the last contact initiated by the data subject, in accordance with CNIL recommendations.
9.3. Accounting data and supporting documents
Retention for the period required by applicable regulations, including up to 10 years for accounting documents and supporting records.
9.4. Project data processed on behalf of the Client
Project source data processed by Indris Studio on behalf of the Client, including plans, sections, elevations, models, 3D files, PDF documents, attachments, visual references, comments, annotations, and project exchanges, is deleted from active environments no later than fifteen (15) calendar days after the later of final project delivery and full payment, unless a contrary legal obligation applies, defense of Indris Studio's rights requires retention, a competent authority requests it, or a different written instruction from the Client is accepted by Indris Studio.
Where the contract or service ends without any final delivery remaining due, this data is deleted from active environments no later than fifteen (15) calendar days from the effective termination of the relevant contract or service, unless there is a valid written request from the Client or a legal ground for retention.
Some data deleted from active environments may temporarily remain in backups, recovery systems, technical logs, or other technical residues that cannot be immediately modified. In that case, it remains protected by the applicable security and confidentiality measures, is not reused for other purposes, and is deleted or made permanently inaccessible according to the normal applicable retention cycle, without exceeding ninety (90) days after its deletion from active environments, unless a duly justified legal or technical constraint applies.
10. Your Rights
In accordance with applicable regulations, and subject to the applicable legal conditions, you have the following rights: access, rectification, erasure, restriction of processing, objection, and data portability where applicable.
You may exercise your rights at privacy@indris.studio. We may ask you for proof of identity where necessary to secure the processing of your request. You also have the right to lodge a complaint with the CNIL.
Where your request concerns data processed by Indris Studio on behalf of a Client, we may forward your request to the relevant Client, who remains the data controller for that data.
11. Security
Indris Studio implements appropriate technical and organizational measures to ensure a level of security appropriate to the risks affecting the personal data processed in connection with the service.
These measures are intended to protect data against any unauthorized access, use, disclosure, modification, loss, destruction, or alteration, and to appropriately preserve the confidentiality, integrity, availability, and resilience of the systems and services concerned.
Access to personal data is strictly limited to authorized persons, within the limits of what is necessary to perform their duties and under a confidentiality obligation.
Indris Studio takes care to adapt these measures where necessary in order to account for the evolution of risks, the nature of the processing operations implemented, and the state of technical knowledge.
However, as no security measure can guarantee absolute protection, any person who believes that their data has been processed irregularly or that a security incident affects their exchanges with Indris Studio may contact us at privacy@indris.studio.
12. Sensitive Data
The service is not intended to receive special categories of personal data within the meaning of Article 9 of the GDPR, nor data relating to criminal convictions and offenses, unless such processing is exceptionally required, duly justified, and subject to prior written agreement.
13. Cookies and Trackers
The site and platform may use technical cookies or trackers that are strictly necessary for their operation, security, authentication, and continuity of service.
If non-strictly necessary cookies or trackers are used, such as non-exempt audience measurement, third-party services, personalization, or marketing, specific information and, where required, a consent collection mechanism will be implemented. The CNIL requires clear and complete information on processing operations and individuals' rights.
14. Policy Updates
This Privacy Policy may be modified at any time to reflect legal, regulatory, contractual, or technical changes to the service. The applicable version is the version published on the site or communicated to the Client on the relevant date.
15. Contact
For any question relating to this policy or the processing of your personal data, you may write to:
Indris Studio 200 rue de la Croix Nivert 75015 Paris - France privacy@indris.studio