Privacy Policy / GDPR
Data processing, confidentiality, and GDPR rights.
Last updated : 08/06/2026

This English version is provided for information purposes only. In the event of any discrepancy, the French version of this document prevails.

1. Data controller

Publisher: Michaël Hecht

Address: 29 rue des Boulets, 75011 Paris, France

GDPR contact: rgpd@interval.care

2. Nature of the data processed

We process the following categories of data:

  • Professional data: identity and contact details of the therapist user.
  • Clinical data: notes entered by the professional (anonymized before any external processing).
  • Technical data: connection logs, IP addresses (anonymized after 30 days).
3. Purposes of processing
PurposeLegal basisRetention period
Clinical writing assistancePerformance of the contract10 years (legal obligation)
Session structuringPatient consent10 years
Longitudinal analysis (follow-up)Public interest (health)10 years
Technical improvementLegitimate interest1 year (anonymized data)
4. Data security
  • Encryption: data in transit (TLS 1.3) and at rest (AES-256).
  • Infrastructure: HDS-certified hosting (Health Data Host) in France.
  • Restricted access: strong authentication (2FA) and access logging.
  • Backups: daily encrypted backups, tested monthly.
5. Subprocessing & AI APIs
Contractual framework
  • Mistral AI and OpenAI act as subprocessors for handling requests via their respective APIs.
  • Data processing agreements (DPAs) prohibit reusing the data to train models.
  • The contract provides for deletion of the data within 24h after processing.
  • The contract requires the reporting of any security breach.
Data anonymization

Process: any clinical data transmitted to the Mistral AI and OpenAI APIs is anonymized beforehand via:

o Removal of direct identifiers (names, dates of birth, etc.).

o Replacement with generic placeholders (e.g. Patient X).

o Automatic checking for sensitive patterns (regex).

Example:

Input data: "Marie Martin, 35, is seeking help for an anxiety disorder."

Transmitted data: "[First name] [Last name], [Age], is seeking help for an anxiety disorder."

Retention period at the AI providers
  • Anonymized data is deleted within 24h and is never stored in the databases of Mistral AI or OpenAI.
6. Individuals’ rights
RightTerms
AccessRequest by email to rgpd@interval.care (response within 30 days).
RectificationCorrection via the interface or on request.
ErasureDeletion within 72h (except where retention is legally required).
PortabilityExport of structured data (JSON/PDF format).
ObjectionPossibility to refuse processing on legitimate grounds.
7. Cookies & technical data
  • Purpose: service improvement and security.
  • Duration: 1 year maximum (anonymized after 30 days).
  • Objection: can be disabled via the browser settings.
8. Changes & contact
  • Any change to this policy will be notified to you by email.
  • For any question: rgpd@interval.care.