Our Privacy Policy

Atrium places particular importance on the protection of your personal data.

Last Updated on August, 25, 2025

This policy aims to inform you about how we collect, use, share, and protect your data in compliance with the General Data Protection Regulation (GDPR) and applicable French legislation (notably the Data Protection Act).

Data Controller

The data controller is:

Atrium Technologies SAS, 17 rue de la Citadelle, 95300 Pontoise
Email: contact@atriumcrm.com


SIRET Number: [to be announced]

What data is collected?

We may use the information we collect from you for various purposes, including:

  • Identification data: name, first name, professional email, phone number.

  • Professional data: job title, company name, industry.

  • Connection data: IP address, logs, date and time of connection, cookies.

  • Behavioral data: interactions with our site or application, preferences.

  • Commercial data: CRM usage history, customer interactions.

How is your data collected?

Data may be collected:

  • Through registration or contact forms on our site.

  • When using our services (CRM web app, API, embedded AI).

  • Through cookies and similar technologies.

  • During business exchanges (emails, meetings, events).

Why do we collect your data?

We process your data for the following purposes:

  • To provide, manage, and improve our CRM services.

  • To personalize the user experience (AI recommendations, interface, etc.).

  • To ensure customer support and contractual relationships.

  • To comply with our legal and regulatory obligations.

  • To conduct commercial, marketing, and prospecting activities (with consent).

Legal Bases for Processing

In accordance with Article 6 of the GDPR, the processing carried out by Atrium is based on:

  • The performance of the contract (access to the CRM platform).

  • Explicit consent (commercial prospecting, non-essential cookies).

  • Legitimate interest (improving our services, security).

  • Compliance with legal obligations (archiving, fraud prevention).

How long do we retain your data?

We retain your personal data only for the period strictly necessary for the purposes for which it was collected, in accordance with applicable regulations. Retention periods may vary depending on the nature of the data, applicable legal obligations, and associated risks. Here are the main retention periods:

  • User account: retained for 3 years after the last activity on the platform, then deleted or anonymized.

  • Browsing data (cookies): retained for a maximum of 13 months after collection.

  • Contractual data: archived for 5 years from the end of the contract, in accordance with legal obligations.

  • Commercial prospecting data: retained for up to 3 years after the last active contact with you.

  • Technical data (logs, errors, activity): retained for up to 12 months for security and service improvement reasons.

Once these periods expire, the data is securely deleted or anonymized.

We retain your personal data only for the period strictly necessary for the purposes for which it was collected, in accordance with applicable regulations. Retention periods may vary depending on the nature of the data, applicable legal obligations, and associated risks. Here are the main retention periods:

  • User account: retained for 3 years after the last activity on the platform, then deleted or anonymized.

  • Browsing data (cookies): retained for a maximum of 13 months after collection.

  • Contractual data: archived for 5 years from the end of the contract, in accordance with legal obligations.

  • Commercial prospecting data: retained for up to 3 years after the last active contact with you.

  • Technical data (logs, errors, activity): retained for up to 12 months for security and service improvement reasons.

Once these periods expire, the data is securely deleted or anonymized.

We retain your personal data only for the period strictly necessary for the purposes for which it was collected, in accordance with applicable regulations. Retention periods may vary depending on the nature of the data, applicable legal obligations, and associated risks. Here are the main retention periods:

  • User account: retained for 3 years after the last activity on the platform, then deleted or anonymized.

  • Browsing data (cookies): retained for a maximum of 13 months after collection.

  • Contractual data: archived for 5 years from the end of the contract, in accordance with legal obligations.

  • Commercial prospecting data: retained for up to 3 years after the last active contact with you.

  • Technical data (logs, errors, activity): retained for up to 12 months for security and service improvement reasons.

Once these periods expire, the data is securely deleted or anonymized.

Is your data shared?

Your data may be shared with:

  • Our technical service providers (hosting, maintenance, emailing).

  • Our subcontractors strictly necessary for service provision.

  • Administrative or judicial authorities, within the legal framework.

We never sell your data to third parties.

Where is your data stored?

Atrium places great importance on data sovereignty and security. We use European service providers compliant with the GDPR, ensuring hosting exclusively located within the European Union.


  • Application and website servers: hosted in France via Scaleway, a sovereign cloud provider known for its security, resilience, and GDPR compliance.

  • Database: hosted in Germany (Frankfurt) via Neon, a modern, highly secure PostgreSQL infrastructure located in the EU.

All data is stored within the European Economic Area (EEA), with no transfer to third countries, except for justified and regulated exceptions.

Data is encrypted in transit and at rest, and our providers apply best practices in cloud security.

This technological choice guarantees data sovereignty, compliance with GDPR requirements, and great transparency towards our European users.

Atrium places great importance on data sovereignty and security. We use European service providers compliant with the GDPR, ensuring hosting exclusively located within the European Union.

  • Application and website servers: hosted in France via Scaleway, a sovereign cloud provider known for its security, resilience, and GDPR compliance.

  • Database: hosted in Germany (Frankfurt) via Neon, a modern, highly secure PostgreSQL infrastructure located in the EU.

All data is stored within the European Economic Area (EEA), with no transfer to third countries, except for justified and regulated exceptions.

Data is encrypted in transit and at rest, and our providers apply best practices in cloud security.

This technological choice guarantees data sovereignty, compliance with GDPR requirements, and great transparency towards our European users.

Atrium places great importance on data sovereignty and security. We use European service providers compliant with the GDPR, ensuring hosting exclusively located within the European Union.

  • Application and website servers: hosted in France via Scaleway, a sovereign cloud provider known for its security, resilience, and GDPR compliance.

  • Database: hosted in Germany (Frankfurt) via Neon, a modern, highly secure PostgreSQL infrastructure located in the EU.

All data is stored within the European Economic Area (EEA), with no transfer to third countries, except for justified and regulated exceptions.

Data is encrypted in transit and at rest, and our providers apply best practices in cloud security.

This technological choice guarantees data sovereignty, compliance with GDPR requirements, and great transparency towards our European users.

What are your rights?

In accordance with the GDPR, you have the following rights:

  • Right of access to your personal data.

  • Right to rectification if the data is inaccurate.

  • Right to erasure (right to be forgotten).

  • Right to restrict processing.

  • Right to data portability.

  • Right to object, particularly to processing for prospecting purposes.

  • Right to withdraw your consent at any time.

  • You can exercise your rights by contacting our DPO at: contact@atriumcrm.com.

  • You also have the right to lodge a complaint with the CNIL (www.cnil.fr).

Cookies

Our site uses cookies to:

  • Facilitate navigation (technical cookies).

  • Measure audience (Amplitude, Google Analytics with IP anonymization).

  • Measure interactions in the application (PostHog).

  • Personalize content.

You can set your preferences at any time from our cookie banner or from your personal space in the application.

Security and compliance

We implement robust technical and organizational measures to protect your data:

  • Encryption of data in transit (HTTPS/TLS).

  • Regular backups.

  • Enhanced authentication.

  • Access management policy.

  • Security logging and auditing.


Check our Security and Compliance page for more insights.

We implement robust technical and organizational measures to protect your data:

  • Encryption of data in transit (HTTPS/TLS).

  • Regular backups.

  • Enhanced authentication.

  • Access management policy.

  • Security logging and auditing.


Check our Security and Compliance page for more insights.

We implement robust technical and organizational measures to protect your data:

  • Encryption of data in transit (HTTPS/TLS).

  • Regular backups.

  • Enhanced authentication.

  • Access management policy.

  • Security logging and auditing.


Check our Security and Compliance page for more insights.

Changes to this Privacy Policy

We reserve the right to update or change this Privacy Policy at any time. Any changes will be posted on this page, and the effective date will be updated accordingly. We encourage you to review this Privacy Policy periodically for any updates.