Legal Notice & Privacy Policy

Last updated: April 22, 2026

Welcome to the eXperience Hacking website. We apply a “Privacy by Design” philosophy: we minimize data collection to maximize your security and the fluidity of your experience.

1. Legal Notice

Publisher

The website www.experiencehacking.eu is published by:

  • Name / Company Name: XH Consulting
  • Legal Status: SARL
  • Head Office: 26 rue Damrémont – 75018 Paris – France
  • SIREN / SIRET: 504 048 117
  • Publication Director: Xavier HERMAN
  • Contact: gdpr@experiencehacking.eu

Hosting

The website and our AI Ops Engine platform are hosted by:

  • Host Name: Infomaniak Network SA
  • Address: Rue Eugène-Marziano 25, 1227 Genève – Switzerland
  • Server Location: Switzerland – Guaranteeing that your data does not leave European soil.

2. Privacy Policy (GDPR)

No Tracking Commitment

True to our mission of reducing friction, we have removed all intrusive trackers.

Our website www.experiencehacking.eu uses no third-party cookies and stores no information on your device for advertising profiling purposes. We use an anonymous audience measurement solution (Plausible Analytics), hosted in Europe, which does not require prior consent because it does not process any identifiable personal data.

Data Processing

We only process data strictly necessary to deliver your requested service.

When you submit data as part of the “Friction Scanner” and “AI Blueprint” audit services:

  • Purpose: User experience analysis and generation of strategic reports.
  • Use of APIs: Data transits via Mistral AI APIs (EU Sovereignty).
  • No-Training Guarantee: We exclusively use Mistral AI professional API access that contractually guarantees that your data is never used to train or improve third-party AI models.
  • Confidentiality: Your industrial secrets and business processes remain your exclusive property. We guarantee that we never resell your data to third parties.
  • Retention: Data is kept for the duration of the analysis, then securely stored in our infrastructure (AI Ops Engine hosted on Infomaniak Network Data Centers in Switzerland ) for the production of your report.

When you submit data to contact us:

  • Purpose: Intelligent qualification of your need and routing to the relevant employee for a personalized response.
  • Use of APIs: Data transits via Mistral AI APIs (EU Sovereignty).
  • No-Training Guarantee: We exclusively use Mistral AI professional API access that contractually guarantees that your data is never used to train or improve third-party AI models.
  • Confidentiality: We guarantee that we never resell your data to third parties.
  • Retention: Data is securely stored in our commercial information system.

Subcontractors and Data Flows

To ensure our services, we use the following services, all selected for their GDPR compliance:

  1. Typebot SASU (Paris, France): For interactive requirements gathering (Data hosted in Europe).
  2. Celonis SE (Munich, Germany): Make platform for orchestrating our data flows (Servers based in Europe).
  3. Brevo (Paris, France): For sending messages (email, SMS, WhatsApp, Push notifications, etc.) (Strict GDPR compliance).
  4. Mistral AI (Paris, France): Use of European artificial intelligence models (Mistral Large for complex analyses and other specialized models).
  5. Infomaniak Network SA (Geneva, Switzerland): Secure runtime environment and storage for our AI Ops engine and production data.
  6. Google Ireland Limited (Dublin, Ireland): Google Workspace – Business-related information.
  7. Apify Technologies s.r.o. (Prague, Czech Republic): Automation of web data extraction.
  8. Stripe Payments Europe, Ltd. (Dublin, Ireland): Securing and processing payment transactions.
  9. Pennylane (Paris, France): Billing and accounting management.

Retention Period

  • Contact Data: Kept for 3 years after the last commercial contact or deleted upon request.
  • Audit Data: Kept for the duration of the mission, then securely archived for 2 years or deleted upon request.
  • HR application data: Kept for 2 years after the last active contact or deleted upon request.

3. Your Rights

In accordance with European regulations, you have the following rights:

  • Right of access and rectification.
  • Right to erasure (“right to be forgotten”).
  • Right to data portability.
  • Right to object to processing.

To exercise these rights, a simple request is sufficient to the following address: gdpr@experiencehacking.eu
We commit to responding to you within 30 days.

4. Security

We implement all technical measures (SSL encryption, secure API protocols) to protect your data against any unauthorized access or data leak.

architect of your transformations for 15+ years

Home

Friction Scanner

AI Blueprint

AI Ops Engine

Resources


We are the architects of seamless moments. We are the guardians of your technical autonomy. We are eXperienceHacking.