Privacy Policy

This Privacy Policy explains how SPHYNX SASU, operating under the commercial name Samix Technology ("we", "us", "our"), collects, uses, stores, and protects your personal data when you use our websites, applications, and services, including but not limited to NeuroCommand and any services that access financial data through third-party providers such as Enable Banking.

We are committed to protecting your privacy and ensuring that your personal data is handled in compliance with the General Data Protection Regulation (GDPR) and applicable French and European data protection laws.

The data controller responsible for your personal data is:

SPHYNX SASU (operating as Samix Technology)

Email: contact@samix-technology.com

We may collect and process the following categories of personal data:

• Identity data: name, email address, company name
• Contact data: email address, phone number
• Technical data: IP address, browser type, device information, usage data
• Communication data: messages you send through our contact forms
• Account data: credentials and profile information when you create an account with any of our products
• Financial data: bank account information, transaction data, and account balances accessed through authorized third-party providers (see Section 4)

Certain services, including NeuroCommand, may access your financial data through regulated third-party account information service providers (AISPs) such as Enable Banking.

When you use these services:

• You explicitly consent to the retrieval of your bank account data, including account details, balances, and transaction history
• Financial data is accessed via secure APIs provided by licensed and regulated third-party providers in compliance with PSD2 (Payment Services Directive 2)
• We do not have access to your banking credentials — authentication is handled directly between you and your bank through the third-party provider
• Financial data is processed solely for the purposes you have authorized, such as account aggregation, financial analysis, or transaction categorization
• Financial data is encrypted in transit and at rest using industry-standard encryption protocols
• You may revoke access to your financial data at any time through the application settings or by contacting us

Enable Banking acts as a regulated data processor. Their processing of your data is governed by their own privacy policy and is subject to European financial regulations.

We process your personal data for the following purposes:

• To provide and maintain our services and products
• To process and respond to your inquiries and requests
• To aggregate and analyze financial data you have authorized us to access
• To improve our products, services, and user experience
• To send you service-related communications
• To comply with legal obligations
• To detect and prevent fraud or unauthorized access

We process your personal data based on the following legal grounds under the GDPR:

• Consent: when you explicitly authorize us to access your financial data or subscribe to communications
• Contract performance: when processing is necessary to provide services you have requested
• Legitimate interest: for improving our services, ensuring security, and preventing fraud
• Legal obligation: when required to comply with applicable laws and regulations

We do not sell your personal data. We may share data with:

• Regulated financial data providers (e.g., Enable Banking) to facilitate access to your authorized financial data under PSD2
• Infrastructure providers who host and support our services, bound by data processing agreements
• Legal authorities when required by law, regulation, or legal proceedings

All third-party processors are contractually bound to process data only on our instructions and in compliance with GDPR.

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS) and at rest (AES-256)
• Access controls and authentication mechanisms
• Regular security assessments and monitoring
• Secure development practices

While we take every reasonable precaution, no system is entirely immune to security risks. We will notify you and the relevant authorities promptly in the event of a data breach as required by GDPR.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Account data: retained for the duration of your account and up to 12 months after account deletion
• Financial data: retained only as long as necessary for the authorized purpose, and deleted within 90 days of access revocation
• Contact form data: retained for up to 24 months
• Technical/log data: retained for up to 12 months

Data may be retained longer if required by law or for the establishment, exercise, or defense of legal claims.

Under the GDPR, you have the following rights regarding your personal data:

• Right of access: request a copy of your personal data
• Right to rectification: request correction of inaccurate data
• Right to erasure: request deletion of your data ("right to be forgotten")
• Right to restrict processing: request limitation of how we process your data
• Right to data portability: receive your data in a structured, machine-readable format
• Right to object: object to processing based on legitimate interests
• Right to withdraw consent: withdraw consent at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at contact@samix-technology.com. We will respond within 30 days. You also have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertes), the French data protection authority.

Our websites may use cookies and similar technologies for analytics and functionality purposes. We use Google Analytics to understand how visitors interact with our sites. You can manage cookie preferences through your browser settings.

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately so we can delete it.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website with a revised "Last updated" date. We encourage you to review this page periodically.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

SPHYNX SASU (operating as Samix Technology)

Email: contact@samix-technology.com

Website: samix-technology.com