Privacy Policy

Effective date: April 13, 2026.

This Privacy Policy explains how Quack Labs SAS, operating Rimward, processes personal data in connection with the rimward.ai website, pilot and sales discussions, recruiting, and the Rimward service.

Quack Labs SAS is a French simplified joint-stock company registered with the Bobigny Trade and Companies Register under number 948 793 641, with its registered office at 5 rue Pleyel, 93200 Saint-Denis, France.

For privacy questions or rights requests relating to this Privacy Policy, you can contact us at contact@rimward.ai.

Scope and Roles

For personal data relating to website visitors, leads, candidates, customer administrators, billing contacts, and support contacts processed for our own business purposes, Quack Labs SAS acts as the data controller.

For customer video streams, snapshots, alert clips, incident material, and related metadata processed to provide the Rimward service, Quack Labs SAS acts as a data processor on the customer's documented instructions. In that context, the customer remains responsible for determining the lawful basis for monitoring, providing any required notices or signage, and meeting its obligations under applicable data-protection and video-protection laws.

Personal Data We Process

Depending on how you interact with Rimward, we may process:

• identification and contact data, such as your name, company, role, email address, phone number, and correspondence;
• commercial and relationship data, such as inquiry details, pilot scope information, meeting history, contractual contacts, and support exchanges;
• recruiting data, such as CVs, cover letters, portfolio links, interview notes, and information you choose to provide during an application process;
• account and service-administration data, such as user identifiers, role and permission data, authentication events, configuration history, and customer support records;
• technical and security data, such as device, browser, IP, log, and diagnostic information needed to operate, secure, and troubleshoot the website and service;
• customer camera data and related service outputs, such as video streams, snapshots, alert clips, event metadata, annotations, incident-review material, and operator actions processed on behalf of customers.

If you book a meeting or submit an application through a third-party platform, that platform may also process your data under its own terms in addition to ours.

Rimward is designed for intrusion detection and video verification on high-value outdoor sites. It is not designed for facial recognition or other biometric identification of named individuals.

Why We Process Personal Data and the Legal Bases We Rely On

We process personal data for the following purposes:

• to respond to inquiries, arrange demonstrations, assess pilot fit, and manage pre-contract discussions; legal basis: steps taken at your request before entering into a contract, and where relevant our legitimate interests in developing and managing our business.
• to onboard customers, administer accounts, provide the Rimward service, deliver support, and manage the contractual relationship; legal basis: performance of a contract and our legitimate interests in operating and improving the security, reliability, and supportability of the service.
• to secure our website, systems, and service, prevent misuse, investigate incidents, and maintain appropriate audit trails; legal basis: our legitimate interests in security, fraud prevention, and service integrity, and where applicable compliance with legal obligations.
• to manage billing, accounting, tax, compliance, and the establishment, exercise, or defense of legal claims; legal basis: performance of a contract, compliance with legal obligations, and our legitimate interests in protecting our rights.
• to review applications and manage recruiting processes; legal basis: our legitimate interests in recruiting, and steps taken at the request of a candidate before entering into an employment or contractor relationship.
• to use non-essential cookies or similar trackers where we ask for your permission; legal basis: your consent.
• to process customer camera data and related service outputs strictly to provide the contracted service on behalf of the customer; legal basis: this processing is carried out by Quack Labs as processor on the customer's instructions. The customer determines the lawful basis that applies to its monitored sites.

Unless we separately agree otherwise in writing, we do not use customer video streams, snapshots, alert clips, annotations, or related customer camera data to train or fine-tune machine learning models for Quack Labs' own purposes.

Where we ask you to provide information that is necessary to handle a request, schedule a pilot discussion, create an account, or deliver the service, failure to provide that information may prevent us from doing so.

Cookies and Similar Technologies

We use cookies and similar technologies to operate, secure, and measure the performance of our website.

Where non-essential cookies or similar trackers are used, applicable law may require consent before they are activated. You can also manage certain cookies through your browser settings, although doing so may affect website functionality.

How We Share Personal Data

We may disclose personal data, only where necessary and subject to appropriate safeguards, to:

• our authorized employees and contractors who need access for their responsibilities;
• hosting, infrastructure, security, communications, scheduling, recruiting, and analytics or tag-management providers acting on our behalf;
• professional advisers such as lawyers, auditors, insurers, and accountants;
• competent authorities, courts, regulators, or law-enforcement bodies where disclosure is legally required or necessary to protect rights and safety;
• for customer camera data and related service outputs, the relevant customer and persons the customer authorizes to access the service.

Where relevant, additional information about subprocessors is available in our customer documentation or on request.

International Transfers

Some of our service providers may process personal data outside the European Economic Area.

Where personal data is transferred outside the EEA, we use an adequacy decision, the European Commission's Standard Contractual Clauses, or another lawful transfer mechanism as required by applicable law. You may contact us for more information about the safeguards relevant to a particular transfer.

Retention

We keep personal data only for as long as necessary for the purposes described above, and for any longer period required or permitted by law, contractual commitments, or the establishment, exercise, or defense of legal claims.

As a general rule:

• website inquiries, demo requests, and prospect data are retained for up to three years from collection or the last contact from the relevant person if no contract follows;
• candidate data is retained for the duration of the recruitment process and, unless a shorter deletion is requested, for up to two years after the last contact in order to manage follow-up opportunities;
• customer account, contracting, billing, and support data is retained for the duration of the relationship and then for the period reasonably necessary to meet accounting, tax, audit, legal, and contractual record-keeping requirements;
• security and technical logs are retained for a limited rolling period proportionate to security and operational needs, and for longer only where needed for incident investigation, legal obligations, or legal claims;
• customer camera data, snapshots, alert clips, and incident material are retained according to the customer's documented instructions, service settings, and contractual arrangements. Where specific local video-protection rules apply, retention must remain proportionate to the purpose and comply with applicable legal limits.

Security

We implement technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, loss, or misuse.

If we detect a personal data breach, we will follow the notification and response obligations that apply to us. Where we act as processor, we will assist or notify the relevant customer in accordance with applicable law and our contractual commitments.

Your Rights

Depending on the circumstances and applicable law, you may have the right to request access to your personal data, rectification, erasure, restriction of processing, portability, and to object to certain processing. Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

For personal data processed by Quack Labs as controller, you can exercise your rights by contacting contact@rimward.ai.

For customer camera data or other data that Quack Labs processes on behalf of a customer, requests should generally be addressed to the relevant customer first, because that customer is the controller for that processing. Quack Labs will assist customers in responding to valid requests where required.

If you believe that your rights have not been respected, you may lodge a complaint with the CNIL or with the supervisory authority in the country where you live, work, or where you believe an infringement has occurred.

Automated Decisions

Rimward is designed to support human review of alerts. We do not make solely automated decisions about individuals that produce legal effects or similarly significant effects.

Children

Our website and service are not directed to children.

Contact

Quack Labs SAS
5 rue Pleyel
93200 Saint-Denis
France
contact@rimward.ai