Privacy Policy
Rise Up — Last updated: 11 June 2026
Protecting your personal data is a priority for Rise Up. This privacy policy describes how we collect, use and protect your data when you visit our website (the "Site") or use our SaaS learning platform (the "Platform"), in accordance with Regulation (EU) 2016/679 ("GDPR") and French Act No. 78-17 of 6 January 1978, as amended (the "French Data Protection Act").
1. Who are we?
SQUARANCE, a French simplified joint-stock company (SAS) with a share capital of €33,279, whose registered office is located at 20 boulevard Montmartre, 75009 Paris, registered with the Paris Trade and Companies Register under number 802 232 264, operating under the Rise Up brand ("Rise Up", "we"), publishes a SaaS blended-learning platform enabling companies and training organisations to organise, manage and monitor their training programmes.
For any question regarding the protection of your data or to exercise your rights, you may contact our Data Protection Officer (DPO): dpo@riseup.ai.
2. Rise Up: data controller or data processor?
Depending on the context, Rise Up acts in two distinct capacities within the meaning of the GDPR:
- Rise Up acts as data controller for: the operation of the Site and the handling of requests submitted through it (contact, demo, documentation), the management of its client and prospect relationships (commercial information, invoicing, debt collection), the supervision and maintenance of its services (including security and fraud prevention), the provision of support to its clients, and compliance with its legal obligations.
- Rise Up acts as data processor for all data processed on the Platform on behalf of its clients (your employer or training organisation), which act as data controllers. Rise Up processes such data solely on its clients' instructions, in accordance with Article 28 of the GDPR.
Are you using the Platform as a learner through your organisation? In that case, your organisation determines the purposes of the processing and is your primary point of contact. We invite you to consult its own privacy policy and to address your requests to it. Any request received directly by Rise Up will be forwarded to the relevant client without delay.
3. What data do we collect?
3.1 On the Site
- Identification and contact data submitted through our forms: first name, last name, business email address, company, job title, phone number, content of your message. This data is processed through HubSpot, the tool we use to manage the Site and our customer relationships (CRM).
- Browsing data: IP address, connection logs, data collected through cookies (see section 10).
3.2 On the Platform
- Data essential to operation: username, IP address, learning data (paths, progress, results).
- Optional data improving the experience: first name, last name, email address, job title, organisation, data used for filters and reporting.
The Platform is not intended for the processing of sensitive data. Rise Up expressly advises against entering health data or data relating to family circumstances.
4. Why do we process your data?
|
Purpose |
Legal basis |
|
Provision of the services (access to the Platform, hosting, maintenance, support) |
Performance of the contract |
|
Client relationship management: information, sales administration, invoicing, debt collection |
Performance of the contract / legal obligation |
|
Handling of requests submitted through the Site (contact, demo) |
Pre-contractual measures / legitimate interest |
|
Commercial prospecting and communications (newsletters, events) |
Legitimate interest / consent |
|
Supervision, security of the services and fraud prevention |
Legitimate interest |
|
Compliance with our legal and regulatory obligations |
Legal obligation |
5. Who has access to your data?
Your data is accessible only to authorised Rise Up personnel, within the scope of their duties: our level 1 and level 2 support teams only access anonymised data; only level 3 support has access to identifying data, and such data is exported only at the client's request. Rise Up does not sell or rent your data to third parties.
Rise Up uses the following sub-processors, all of which provide GDPR-compliant safeguards:
|
Sub-processor |
Activity |
Data location |
|
Amazon Web Services (AWS) |
Hosting (depending on the infrastructure assigned to the client) |
European Union (Ireland) |
|
Scaleway |
Hosting (depending on the infrastructure assigned to the client) |
France |
|
HubSpot |
Site management and CRM (forms, contacts, marketing communications) |
European Union / United States (safeguarded transfer, see section 6) |
|
AWS (Ireland) |
Email sending |
European Union (Ireland) |
|
H5P |
Interactive content |
European Union (Ireland) |
|
Datadog |
Log management |
European Union |
|
Zendesk |
Support tool |
European Union |
6. Is your data transferred outside the European Union?
Data processed on the Platform is hosted exclusively within the European Union and is not transferred outside the European Union. Data collected through the Site and our CRM (HubSpot) may, however, be processed by HubSpot, Inc. in the United States; this transfer is safeguarded by HubSpot's certification under the EU-U.S. Data Privacy Framework and by standard contractual clauses. Any other transfer could only take place in strict compliance with GDPR requirements and, where Rise Up acts as a processor, with the express prior consent of the client concerned.
7. How long do we keep your data?
- Data processed on the Platform: for the duration of the contract with the client. At the end of the contract, data is deleted by default within three (3) months, or returned to the client according to its instructions.
- Client data (invoicing, contractual documents): for the duration of the contractual relationship, then for the applicable statutory limitation periods.
- Prospect data: three (3) years from the last contact.
- Anonymisation: the Platform also allows automatic deletion and anonymisation of user data to be configured based on their last login date. Where an erasure request is made, data is irreversibly anonymised in order to preserve aggregated statistics.
8. How do we protect your data?
Rise Up implements appropriate technical and organisational measures to ensure the security, integrity and confidentiality of your data, including:
- encryption of databases and backups;
- HTTPS-only traffic (TLS);
- salted and hashed passwords (never stored in plain text);
- web application firewall, anti-DDoS service and intrusion detection;
- centralised log management and analysis;
- daily database backups;
- hosting with certified providers (including ISO 27001, ISO 27017, ISO 27018, SOC 1/2/3).
Our security measures are detailed in our Security Assurance Plan, available at https://riseup.legal/pas. In the event of a data breach likely to result in a risk to your rights and freedoms, Rise Up will notify the affected clients without undue delay and, where applicable, the competent supervisory authority, in accordance with Articles 33 and 34 of the GDPR.
9. What are your rights?
In accordance with the GDPR and the French Data Protection Act, you have the following rights over your data:
- Right of access: obtain confirmation that your data is being processed and receive a copy of it.
- Right to rectification: have inaccurate or incomplete data corrected.
- Right to erasure: request the deletion of your data, within the limits set by applicable law.
- Right to restriction of processing: request the temporary freezing of the processing of your data.
- Right to data portability: receive your data in a structured, machine-readable format.
- Right to object: object at any time to processing based on legitimate interest, as well as to commercial prospecting.
- Right to withdraw your consent at any time, where processing is based on consent.
- Right to issue directives regarding the fate of your data after your death (under French law).
To exercise your rights, contact us at dpo@riseup.ai. We will respond as soon as possible and at the latest within one month. Where Rise Up acts as a processor, your request will be forwarded to the relevant data controller (your organisation) so that it can respond directly. Where an erasure request is approved, the data is anonymised and a certificate can be provided to the data controller.
If you believe your rights are not being respected, you may lodge a complaint with the French supervisory authority, the Commission Nationale de l'Informatique et des Libertés (CNIL): www.cnil.fr — 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France — or with the supervisory authority of your country of residence.
10. Cookies
On the Platform, Rise Up only uses cookies that are strictly necessary for its operation. Upon first login, an information banner directs users to our cookie policy, which is accessible at any time in the application footer.
On the Site, audience-measurement and tracking cookies may be set, in particular via HubSpot, subject to your consent. You can set your preferences at any time via the cookie management banner or your browser settings. Refusing certain cookies may limit access to certain features.
11. Changes to this policy
Rise Up may amend this policy to reflect legal, technical or functional developments. The current version, identified by its update date, is published on this page. In the event of a substantial change, you will be informed by any appropriate means.
12. Contact us
For any question relating to this policy or to the processing of your data: dpo@riseup.ai or by post: Rise Up — DPO, 20 boulevard Montmartre, 75009 Paris, France.
