Legal

Privacy Policy

This policy explains how Caugia handles personal data in a minimal, GDPR aligned way. Caugia operates on a B2B basis and collects only the information required to deliver diagnostics and operate the website.

1. Data controller

The data controller is:

Caugia SASU
RCS Compiègne 100 887 082
17 Chemin des Chataigniers, 60580 Coye-la-Forêt, France
Email: [email protected]

This privacy policy applies to individuals acting on behalf of a professional entity, including founders, executives and employees.

2. Data we collect

We collect only the minimum data required to operate the website and deliver our diagnostics:

  • Business contact data: name, company name, business email address, and any information you include in messages you send to us
  • Assessment inputs: responses you submit through the GTM Score or GTM Intelligence Report assessments
  • GRIP OS data: if you use GRIP OS, we store workspace data including constraint status, action progress, gate evidence, decision records, and weekly briefings. This data is derived from your GTM Intelligence Report and any connected integrations
  • Integration data: if you connect third-party tools (such as HubSpot, Salesforce, Gong, or other supported integrations) to GRIP OS, we receive and store signals and metrics from those tools to refine your constraint analysis. We only access data strictly necessary for GTM diagnostics
  • Technical data: limited information required for security, website functionality and performance
  • Payment confirmation: high level payment identifiers needed to confirm a purchase and deliver access

We do not request sensitive personal data. If you voluntarily include personal data in free text fields, you remain responsible for the content you provide.

3. How we use your data

We use personal data for the following purposes:

  • Service delivery: generate and deliver your GTM Score, GTM Intelligence Report, and GRIP OS workspace
  • GRIP OS execution governance: manage your constraint execution workflow, generate weekly briefings, track decision history, and calculate financial impact
  • Integration syncing: if you connect third-party tools, we periodically sync data to produce signals that refine your constraint analysis. Signals inform but never override the deterministic GRIP scoring model
  • Access delivery: send your access link or access code by email after purchase
  • Support: respond to inquiries and troubleshoot issues
  • Security and integrity: protect the website and prevent abuse
  • Product improvement: improve scoring models and intervention ontology using anonymized and aggregated diagnostics data

We do not sell personal data. We do not use personal data for advertising.

4. Legal basis

Under GDPR, we process personal data on the following legal bases:

  • Contract: to deliver paid services you purchase
  • Legitimate interest: to operate, secure and improve the website and service
  • Consent: where required, for example when you submit information through a form

5. Storage and retention

We aim to store as little as possible.

  • Assessment inputs: not retained longer than technically necessary to generate and deliver the report, except where needed for service integrity or support
  • Report copy: we may retain the rendered report payload for internal record keeping, service integrity and support
  • GRIP OS workspace data: retained for the duration of your active subscription. Decision records are append-only and retained for audit purposes. Upon subscription cancellation, workspace data is retained for 90 days before deletion unless you request earlier removal
  • Integration credentials: API keys and access tokens for connected third-party tools are stored encrypted and deleted immediately when you disconnect an integration
  • Payments: payment details are processed by Stripe and are not stored by Caugia

If you request deletion, we will delete personal data unless retention is required to comply with legal obligations or to establish, exercise or defend legal claims.

6. Sharing and processors

We share personal data only with service providers strictly required to operate the service. These providers act as processors under GDPR.

  • Stripe: payment processing and payment confirmation
  • Supabase: database hosting for GRIP OS workspace data (EU region)
  • Vercel: application hosting and delivery for GRIP OS
  • Anthropic (Claude API): optional AI-powered language polish for executive briefings. No personal data is sent to AI models; only anonymized constraint summaries are processed
  • Third-party integrations: when you connect tools like HubSpot, Salesforce, Gong, G2, or other supported platforms, data flows between those services and Caugia. We act as processor for this data and only access it for GTM diagnostic purposes
  • Hosting and infrastructure providers: to host and deliver the website and service
  • Operational tooling: email delivery (Brevo) and technical automation (Make.com) strictly needed for report and workspace delivery

We do not share personal data with third parties for marketing purposes.

7. Benchmarking and model improvement

Caugia may use anonymized and aggregated diagnostic data for benchmarking, statistical analysis and model improvement. This data is processed in a way that is intended not to identify an individual or a company.

If you do not want your data to be used for benchmarking in anonymized and aggregated form, you can contact us at [email protected].

8. International transfers

Some of our service providers may process data outside the European Economic Area. Where applicable, transfers are protected using appropriate safeguards such as Standard Contractual Clauses.

9. Your rights

You may have the following rights under GDPR, subject to applicable conditions:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your personal data
  • Object to certain processing based on legitimate interest
  • Request restriction of processing
  • Request a copy of your data in a portable format where applicable

To exercise your rights, contact us at [email protected].

10. Cookies

We use minimal cookies required for security and basic site functionality. We do not use advertising cookies.

If analytics are enabled, they are used for basic performance measurement and service improvement. Where required, we will present a consent mechanism.

11. Changes to this policy

We may update this policy from time to time. The latest version will always be available on this page.

12. Contact

For privacy questions or requests, contact:

[email protected]