Privacy Policy

Last update : 17/05/2026

This privacy policy describes how LetsLigo ("we", "our", "us") collects, uses, shares and protects your personal data when you use our contact management service.

Data controller : DONKEYCORP / LetsLigo, represented by its manager.
Contact : [email protected]
Data Protection Officer (DPO) : contact at the same address for any questions regarding the processing of your data.

1. Data we collect

Identification data:
  • Name, first name
  • Email address
  • Password (securely hashed)
  • Language preferences (locale) and time zone
Scanned contact data:
  • Name, company, job title
  • Contact details (email, phone, address)
  • Professional information (website, LinkedIn)
  • Scanned business card images
  • Notes and meeting context
  • Enriched data (company size, sector, etc.)
Third-party data:

This information concerns people whose business cards you scan. It comes from you (during scanning or manual entry) or from public sources used for enrichment. When you import or scan this data, you act as the data controller for these people; LetsLigo acts only as a processor (see section "Third-party data and LetsLigo's role").

Usage data and logs:
  • Action history on contacts
  • Anonymised usage statistics
  • Technical logs and errors (via Sentry, only after your consent)
Payment data:
  • Subscription information (managed by Stripe)
  • Transaction history
Workspace/team data:
  • Workspace and team member information
  • Roles and permissions

2. Legal basis and purposes

Each category of data is processed on a legal basis and for specific purposes:

  • Identification data: contract performance (account creation and management).
  • Scanned third-party data: processing based on legitimate interest (facilitating professional networking). The user guarantees having obtained the data subject's consent or basing this collection on a legitimate interest compliant with the GDPR.
  • Usage data and logs: legitimate interest (service improvement, security).
  • Payment data: legal obligation (accounting) and contract performance.
  • Profiling and AI enrichment: automatic enrichment and email generation rely on semi-automated processing. Data subjects are informed of their right to object to these processing operations and to request human intervention.

3. Third-party data and LetsLigo's role

When you import or scan data concerning third parties (business cards), you act as the data controller for this data. LetsLigo acts only as a processor for technical operations: storage, organisation, enrichment and synchronisation.

Responsibility for GDPR compliance (purposes, legal bases, informing data subjects, exercising rights) for this third-party data rests with you as the user. We recommend that you inform your contacts about the processing of their data and how to exercise their rights (see "Your rights" and "Scanned persons" sections).

4. Processing by artificial intelligence (OpenAI / ChatGPT)

Certain LetsLigo features rely on artificial intelligence models provided by OpenAI (ChatGPT). It is essential that you are informed that data is sent to OpenAI for processing and enrichment. The rest of your data (storage, organisation, CRM synchronisation, etc.) is hosted and processed exclusively on our servers.

Data sent to OpenAI (for AI processing only):

  • Business card images: for OCR extraction of information (name, company, contact details)
  • Contact and company data: for enrichment (sector, company size, description)
  • Website content: to extract company information from the card URL
  • Meeting context and notes: for personalised email generation
  • Conversation history: for the email writing assistant (chat wizard)

Data retained on our servers (without sending to OpenAI):

  • Storage of contacts, companies, workspaces and history
  • Synchronisation with Google Contacts, HubSpot, Odoo and other CRMs (data sent directly to the relevant connector)
  • Account data, authentication, subscription
  • Payment data (via Stripe, without passing through OpenAI)

We rely on OpenAI's privacy rules and terms of use to ensure compliance of our processing. We verify that our use is compatible with OpenAI's privacy policy (openai.com/policies/privacy-policy) and the commitments OpenAI offers us (including non-training of models on our users' data, where applicable).

By using the enrichment and email generation features, you accept that the relevant data will be transmitted to OpenAI for this processing. You may exercise your rights (access, rectification, erasure, opposition) as indicated in the "Your rights" section.

5. Data sharing

We never sell your personal data.

We may share your data with:

  • OpenAI: For contact enrichment, information extraction (OCR, websites) and email generation (see section 4 above)
  • Stripe: For payment processing (in accordance with their privacy policy)
  • Google Contacts: Only if you enable synchronisation (contact data only)
  • HubSpot: Only if you enable synchronisation (contact data only)
  • Crisp: For customer support (email, name, user ID), only after your cookie consent
  • Sentry: For monitoring and error detection (technical data), only after your consent
  • Technical providers: Hosting and cloud services necessary for the operation of the service

All our partners are subject to strict contractual obligations regarding the protection of your data.

6. Retention period

  • Account data: Retained for the duration of your account, then 3 years after deletion to comply with legal obligations
  • Contacts: Retained until deletion by you or account deletion
  • Payment data: Retained in accordance with legal obligations (10 years)
  • Technical logs: Retained for a maximum of 12 months

7. Data security

We implement appropriate technical and organisational measures:

  • Encryption of sensitive data (passwords, OAuth tokens)
  • Secure connections (HTTPS/TLS)
  • Strong authentication
  • Restricted access to personal data
  • Intrusion monitoring and detection
  • Regular and secure backups

8. Your rights

In accordance with the GDPR, you have the following rights:

  • Right of access: Obtain a copy of your personal data
  • Right to rectification: Correct your inaccurate data
  • Right to erasure: Request the deletion of your data
  • Right to restriction: Limit the processing of your data
  • Right to data portability: Retrieve your data in a structured format (export available from your account)
  • Right to object: Object to the processing of your data
  • Right to withdraw your consent: At any time for processing based on consent
  • Right to define post-mortem directives: You may indicate how your data should be processed after your death

To exercise these rights, contact us at [email protected].

You have the right to lodge a complaint with the supervisory authority: www.cnil.fr.

Persons whose card was scanned:

If your contact details have been recorded by a LetsLigo user (scanned business card), you may request access, rectification or deletion of your data by contacting us at [email protected] stating your identity and the nature of your request. We will process your request within the timeframes provided by the GDPR.

9. Cookies and similar technologies

We use cookies necessary for the operation of the site and optional cookies (audience analysis, customer support, marketing). No non-essential cookie is placed without your consent. You can at any time choose to accept, refuse or customise these cookies via our consent banner.

A detailed cookie policy lists each cookie, its purpose, duration and legal basis.

10. Modifications to this policy

We may modify this privacy policy. Significant changes will be notified to you by email and an archived version will be available on request. The date of last update is indicated at the bottom of the page.

11. Contact

For any questions regarding this privacy policy or to exercise your rights, contact us at:

Email : [email protected]
Support : [email protected]

GDPR Compliance : We comply with the General Data Protection Regulation (GDPR) and applicable data protection laws.