miriad

Privacy Policy

Last updated on April 30, 2026

Preamble

This Privacy Policy describes how MIRIAD SAS (hereinafter "MIRIAD") collects, uses, shares and protects the personal data of Users and visitors of its website miriad.studio (hereinafter the "Site") and of the services offered (hereinafter the "Services").

MIRIAD undertakes to protect the privacy of the persons concerned and to process their personal data in accordance with Regulation (EU) 2016/679 of April 27, 2016 ("GDPR") and French Law n° 78-17 of January 6, 1978 on Data Processing, Data Files and Individual Liberties, as amended.

Capitalized terms not defined in this Policy have the meaning given to them in the General Terms of Service accessible on the Site.

1. Data controller

The controller of the personal data is:

MIRIAD SAS Simplified joint-stock company with a share capital of 10,000 euros Registered office: 38, rue Réaumur - 75003 Paris Paris Trade and Companies Register: 994 192 433 Contact: contact@miriad.studio

2. Data collected

MIRIAD collects personal data concerning Users either directly from them or automatically when they use the Services.

2.1 Data collected directly

When the User registers, takes out a Subscription, uses the Services or contacts MIRIAD, the following data may be collected:

  • identity: first and last name;
  • contact details: email address, phone number, postal address;
  • professional information: name of the organization, job title;
  • billing data: billing address, transaction data, order history;
  • Content imported, shared or annotated by the User via the Services;
  • any information voluntarily communicated by the User in the course of their exchanges with MIRIAD.

Banking data: MIRIAD does not store Users' credit card data. Payments are processed by a PCI DSS-certified payment provider, which collects and retains this information directly in accordance with its own terms and privacy policy.

2.2 Data collected automatically

When using the Site and the Services, certain data are collected automatically:

  • IP address;
  • technical device identifiers;
  • information about the web browser and operating system;
  • page-view statistics and usage data;
  • transaction information;
  • approximate location information (derived from the IP address);
  • log data (technical logs);
  • cookies and other tracking technologies (see Article 8).

3. Purposes and legal bases for processing

MIRIAD processes Users' personal data for the following purposes, on the corresponding legal bases:

| Purpose | Legal basis | | --- | --- | | Creation and management of the User Account, provision and operation of the Services | Performance of the contract (art. 6.1.b GDPR) | | Management of billing and debt collection | Performance of the contract and legal obligation (art. 6.1.b and 6.1.c GDPR) | | Retention of accounting records | Legal obligation (art. 6.1.c GDPR) | | Transactional communications (notifications, alerts, updates) | Performance of the contract (art. 6.1.b GDPR) | | Improvement and personalization of the Services, audience measurement | Legitimate interest of MIRIAD (art. 6.1.f GDPR) | | Site security, fraud prevention and abuse mitigation | Legitimate interest of MIRIAD (art. 6.1.f GDPR) | | Marketing communications and prospecting | User's consent (art. 6.1.a GDPR) | | Response to User requests and customer support | Performance of the contract or legitimate interest (art. 6.1.b and 6.1.f GDPR) | | Compliance with legal obligations and requests from competent authorities | Legal obligation (art. 6.1.c GDPR) |

4. Data recipients

Users' personal data are exclusively intended for MIRIAD for the operation of the Services. They are never sold or rented to third parties for commercial purposes.

4.1 MIRIAD personnel

The data may be accessed by authorized MIRIAD employees, within the limits of their respective duties and subject to a confidentiality obligation.

4.2 Technical subcontractors

MIRIAD relies on technical service providers acting as subcontractors within the meaning of Article 28 of the GDPR for the provision of the Services. These subcontractors are involved in particular in the following areas:

  • hosting and cloud infrastructure;
  • payment processing and billing;
  • transactional emails and communications;
  • audience measurement and statistical analysis;
  • customer support and User relationship management;
  • monitoring, security and logging.

Each subcontractor is bound to MIRIAD by a contract governing the processing of personal data, in accordance with Article 28 of the GDPR. These subcontractors only use the data for the purposes strictly necessary for the provision of their services to MIRIAD.

The up-to-date list of main subcontractors is available upon simple request at contact@miriad.studio.

4.3 Authorized third parties

MIRIAD may communicate personal data to administrative or judicial authorities where required by law or in response to a legally binding request.

5. Transfers outside the European Union

Some of MIRIAD's subcontractors may be located or operate outside the European Economic Area, in particular in the United States. In such cases, MIRIAD ensures that these transfers are framed by appropriate safeguards within the meaning of Articles 44 et seq. of the GDPR, such as:

  • an adequacy decision of the European Commission;
  • the conclusion of standard contractual clauses adopted by the European Commission;
  • the subcontractor's adherence to a recognized transfer framework, such as the Data Privacy Framework for the United States.

The User may obtain a copy of the safeguards implemented by sending a request to contact@miriad.studio.

6. Retention periods

Users' personal data are retained for the period strictly necessary for the purpose of the processing, according to the following durations:

| Data category | Retention period | | --- | --- | | User Account data and Content | For the entire duration of the contract, then deleted within a maximum of 30 days following termination | | Prospect data (without contractualization) | 3 years from the last active contact | | Billing data and accounting records | 10 years from the close of the financial year (art. L. 123-22 of the French Commercial Code) | | Data necessary to evidence a right or contract | 5 years (art. 2224 of the French Civil Code) | | Connection data and technical logs | 12 months maximum | | Marketing cookies (Meta Pixel) | 180 days maximum | | Strictly necessary cookies | Duration of the session |

Upon expiry of the indicated periods, the data are deleted or irreversibly anonymized.

7. Users' rights

In accordance with the GDPR and the French Data Protection Act, Users have the following rights over their personal data:

  • Right of access: obtain confirmation that data concerning them are processed and obtain a copy thereof.
  • Right of rectification: request the correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): request the deletion of their data, subject to MIRIAD's legal retention obligations.
  • Right to restriction of processing: request the temporary freezing of processing in certain cases.
  • Right to data portability: receive the data provided in a structured, commonly used and machine-readable format, or request its transmission to another data controller.
  • Right to object: object at any time, for reasons relating to their particular situation, to processing based on legitimate interest, as well as to commercial prospecting.
  • Right to withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing carried out previously.
  • Right to provide directives regarding the fate of their personal data after their death.
  • Right to lodge a complaint with the French Data Protection Authority (CNIL): www.cnil.fr.

How to exercise these rights

Users may exercise their rights by sending a request to contact@miriad.studio.

Proof of identity may be requested in the event of reasonable doubt as to the identity of the requester. MIRIAD will respond within one (1) month from receipt of the request, which may be extended by two (2) months in the case of complex requests or large volumes, in accordance with Article 12 of the GDPR.

8. Cookies

The Site uses two categories of cookies:

  • Strictly necessary cookies: essential for the proper operation of the Site (authentication, security, technical preferences). They do not require consent and are kept for the duration of the session.
  • Marketing cookies: placed via the Meta Pixel by Meta Platforms Inc. They make it possible to measure the Site's audience and the effectiveness of advertising campaigns. They are only placed after the User's explicit consent and are kept for a maximum period of 180 days.

On the User's first visit, a banner allows them to accept or refuse non-essential cookies. The User may change their preferences at any time via the "Manage cookies" link available at the bottom of every page of the Site.

For more information, the User is invited to consult the Cookie Policy accessible on the Site.

9. Data security

MIRIAD implements appropriate technical and organizational measures to ensure the security, confidentiality and integrity of Users' personal data, including:

  • encryption of communications via the TLS/SSL protocol;
  • hosting with recognized providers offering high security guarantees (certified data centers);
  • access controls based on the principle of least privilege;
  • access logging and continuous monitoring;
  • regular backups and business continuity plans;
  • training and awareness of employees on data protection issues.

Any unauthorized intrusion or attempted intrusion into an IT system is liable to criminal prosecution in accordance with Articles 323-1 to 323-7 of the French Penal Code.

In the event of a personal data breach likely to result in a risk to the rights and freedoms of the persons concerned, MIRIAD will notify the CNIL within 72 hours and will inform, where applicable, the Users concerned in accordance with Articles 33 and 34 of the GDPR.

10. Sharing of Content and visibility of annotations

The User may control access to their Content by limiting it to authenticated Users with whom they wish to share it explicitly. They may also share Content with guests, in accordance with the methods offered by the Services.

The comments and annotations provided when reviewing Content, including the author's first and last name and a timestamp, are visible to all persons with whom the Content is shared. Notifications may be sent to other reviewers to inform them of comments and actions taken by other participants.

The User is invited to exercise caution when sharing Content containing personal or sensitive information, and to invite only trusted persons.

11. Minors

MIRIAD's Services are not intended for persons under the age of sixteen (16). MIRIAD does not knowingly collect personal data concerning minors under the age of 16. If a parent or legal guardian becomes aware that a minor under the age of 16 has provided personal data to MIRIAD, they are invited to contact MIRIAD at contact@miriad.studio so that the appropriate measures may be taken, including the deletion of the relevant data.

12. Modifications to the Policy

MIRIAD may modify this Privacy Policy at any time, in particular in the event of changes to the Services, applicable regulations or data protection practices.

The date of the latest update appears at the top of this document. In the event of a substantial modification, MIRIAD will inform Users by any appropriate means, including by email or by notification on the Site.

13. Contact

For any question relating to this Privacy Policy or to the processing of their personal data, Users may contact MIRIAD:

Users also have the right to lodge a complaint with the CNIL: www.cnil.fr.

THIS VERSION IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. ONLY THE FRENCH VERSION SHALL PREVAIL.