Get in touch

Privacy policy

Updated on 11 April 2026.

Personal data protection and cookies policy (privacy policy)

SquareMind is committed to protecting the personal information and privacy of website visitors and anyone using its services in general.

The purpose of this Personal Data Protection and Cookies Policy (Privacy Policy) is to inform you about:

  • The types of personal data we collect
  • How your personal data is processed by SquareMind and its potential partners and subcontractors
  • The terms and conditions of use of your personal data and your rights in this regard, in compliance with applicable European and French legislation (and, to the extent applicable, any applicable national legislation related to privacy or data protection in the country where you are located).

All operations involving your personal data are carried out in compliance with the regulations in force, notably Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”), and any applicable national legislation related to data protection.

If you are located outside of France or the European Union, please refer to Article 10 (Country-specific Information) at the end of this Privacy Policy for important additional information.

Article 1 - Definition

The “website” refers to the infrastructure developed by SquareMind in Internet-compatible computer formats, comprising data of various types, including texts, sounds, still or moving images, videos, databases;

  • ‍"SquareMind Solutions" means SquareMind's solutions;
  • "SquareMind Users" means professionals and organizations using SquareMind Solutions;
    “Internet” refers to various networks of servers located in different places around the world, interconnected through communication networks and communicating using a specific protocol known as TCP/IP;
  • “File” refers to any structured and stable set of personal data accessible based on specific criteria;
  • “Personal data”, “special categories of data”, “processing / processing” have the same meaning as in Directive 95/46/EC;
  • The “Data Controller” is the entity that collects and processes personal information and determines the purposes and means for processing;
  • The “Processor” refers to any person who agrees to process personal data on behalf of the Data Controller;
  • The “Recipients” refer to any person authorized to receive communication of data;
  • The “Authorized Third Parties”: authorities legally empowered to request personal data;
  • “Data Subject”: an individual to whom Personal Data pertains;
  • A “processing of personal data” means any operation performed upon personal data.

Article 2 - Scope

This Personal Data Protection and Cookies Policy applies to all Personal Data processed by SquareMind.

Article 3 - Identity of the data controller

Personal Data is collected by SquareMind, whose registered office is located at 15 rue Yves Toudic, 75010 Paris, registered with the RCS under the number 845228303.

Article 4 - Processing of personal data

Personal Data collected, purposes, and legal bases

SquareMind may collect Personal Data about you as part of the operation of its website. These data are processed for the following purposes:

Contact data

  • Purpose: management of information and contact requests
  • Legal basis: legitimate interest
  • Retention: duration necessary

Demo requests

  • Data: name, first name, email
  • Purpose: management of demo requests and commercial prospecting
  • Legal basis: legitimate interest and consent
  • Retention: 3 years

Cookies and trackers

Purpose: audience measurement

Legal basis: consent

Retention: 13 months

Furthermore, SquareMind may collect Personal Data for other purposes, subject to obtaining the prior consent of the individuals concerned (where required by law). In particular, SquareMind may collect the following data:

  • Identity: name, first name, email address;
  • Personal life data: client’s company;
  • Contact data: messages sent on the site via contact forms, correspondence that might be sent to us.

SquareMind Users also provide SquareMind with access to certain Personal Data for the purpose of using the SquareMind Solutions. This may include Personal Data of the SquareMind Users themselves, and of patients cared for by the SquareMind Users, such as:

  • Patient administrative data;
  • Patient health data;
  • Administrative data of the SquareMind User;
  • Pseudonymized patient health data, including but not limited to medical imaging and reports;
  • Pseudonymized patient administrative data necessary for SquareMind Users to access and use the SquareMind Solutions.

Where SquareMind receives Personal Data in this context, the SquareMind User is the Data Controller and SquareMind is the Processor. SquareMind processes the Personal Data for the following purposes:

  • Installation, support, updating and maintenance of the SquareMind Solutions, including anonymization;
  • Hosting; 
  • Data destruction.

The nature of the processing carried out on the Personal Data includes collection, access, recording, use, anonymization where applicable, organization, structuring, hosting, destruction. Generally, this processing is conducted for the purpose of providing SquareMind Users with the functionality of the SquareMind Solutions. SquareMind Users may use the results of this processing to assist them with providing healthcare to the relevant patient.

SquareMind Solutions implement measures to protect patient privacy, including the segregation of data and pseudonymization techniques to limit the amount of personal information SquareMind receives in order to process and analyze the medical images for SquareMind Users. Where authorized, SquareMind may also apply an anonymization procedure to pseudonymized patient data to produce anonymized information within the meaning of the G29 opinion on anonymization techniques. The resulting anonymized information is not Personal Data, and SquareMind may use this anonymized information for SquareMind 's own business purposes (including for the purpose of training or developing SquareMind’s Solutions or any other solutions or software).

SquareMind engages subprocessors to provide technology services that are used to operate the SquareMind Solutions, such as data hosting services and database administration services. If you are a patient of a SquareMind User, SquareMind may receive and process your Personal Data as part of the SquareMind Solutions as described above. 

Recipients of the Collected Data: the database created during the registration for the Services is strictly confidential. SquareMind undertakes to take all necessary precautions, organizational and technical measures appropriate to preserve the security, integrity, and confidentiality of the Data, and in particular, to prevent them from being distorted, damaged, or accessed by unauthorized third parties.

Data transferred to authorities and/or public bodies: in accordance with current regulations, data may be transmitted to competent authorities upon request, particularly to public bodies, exclusively to meet legal obligations, legal auxiliaries, ministerial officers, and organizations responsible for debt collection.

Article 5 - Rights of individuals

In accordance with Regulation (EU) 2016/679 regarding the protection of Personal Data, you have the right to request the controller to access your personal data, as well as the rectification or erasure of such data, and the limitation of the processing of your Personal Data.

You also have the right to object to the processing of your Personal Data for legitimate reasons, as well as the right to object to the use of your data for commercial prospecting purposes.
Finally, you have the right to establish general and specific guidelines defining how you intend your rights to be exercised after your death.

If you believe, after contacting us, that your rights regarding your personal data are not being respected, you can file a complaint with the CNIL or the Supervisory Authority in your place of residence.
To exercise these rights or for any questions regarding the processing of your data in this system, you can contact our Data Protection Officer (DPO), providing proof of your identity by referencing your customer number or any element that can identify you; otherwise, please attach a copy of your identity document.

To exercise your rights, you can contact SquareMind’s Data Protection Officer (DPO) by a simple request via email to the following address: contact@squaremind.io 

SquareMind undertakes that the collected data will be kept in a form allowing the identification of the Data Subjects for a period not exceeding the time necessary for the purposes for which they are collected and processed.

Article 6 - Transfer of personal data

The personal data collected on the website is exclusively reserved for SquareMind. SquareMind is the sole recipient of this data. No transfer is made outside the European Union. However, SquareMind reserves the right to transmit your personal data to fulfill its legal obligations, especially if required by a court order.

Article 7 - Commercial prospecting

SquareMind enables you to receive information via email.

Individuals concerned may, at any time, object to targeted advertising on the website and inform SquareMind that they no longer wish to receive commercial offers or information. You can opt out of receiving these messages at any time by clicking the link at the end of each email message.

Article 8 - Security

SquareMind implements all necessary technical and organizational measures to ensure the security and confidentiality of the personal data collected and processed. This includes preventing data from being distorted, damaged, or disclosed to unauthorized third parties, ensuring a level of security appropriate to the risks associated with the processing and the nature of the data to be protected, considering the technological state of the art and the cost of implementation. 

SquareMind has established a policy for the protection of personal data and informs all individuals acting under its authority who access this information about its confidential nature. Furthermore, SquareMind ensures that its technical service providers who may have access to personal data adhere to the same confidentiality standards. However, it is the responsibility of each user to ensure the security of personal data transmissions over the internet. SquareMind cannot be held responsible for personal data transmissions over the internet.

Article 9 - Update

To check for updates to our Policy, it is advisable to regularly visit this page.

Article 10 – Country-specific provisions

For users outside the EU, local laws may apply.