Privacy Policy for Antidoteʼs Sites and Applications

Last update: October 16, 2024

1. Introduction

This privacy policy is meant for those who use one of the Antidote Applications or one of the Websites, as these expressions are defined below:

  • Antidote 12 and prior editions for installation on a computer, Antidote Web for access through a browser on antidote.app, as well as Antidote Mobile for iPhone and iPad (the “Applications”);
  • the websites www.antidote.info and www.druide.com as well as the services which they allow you to access, such as your Client Portal from services.druide.com and the Help Center from assistance.druide.com (the “Websites”).

This document uses clear and simple terms to describe the practices and procedures adopted by our company, Druide informatique inc. (“Druide”), to protect your personal information.

2. What Information Do We Collect and Why?

2.1. Information Provided by Users

2.1.1. Primary User

Contact information — Account creation by primary users (over 16 years of age) requires their full name, email address and the language selected for the interface of the chosen Applications and correspondence from Druide. Other information, such as their telephone number and mailing address, is optional. The same applies for the choice of avatar. Sometimes, when it is necessary or advisable, we may use the information provided by the primary user for service-related communication and technical support requests or announcements.

Credit card information — Anyone who creates an account to pay for the Applications must provide their credit card details (card number, expiration date, security code) and billing address. The transaction is secured by Stripe, a platform with PCI/DSS level 1 certification (the highest level of security for online payments). Information relating to your credit card is encrypted and is never transmitted over the Internet in unencrypted form. Additionally, it is processed exclusively by Stripe and never comes into our possession.

For more information on Stripe’s practices in terms of the protection of personal information, please read its Privacy Policy.

Username and password — When creating an account, the primary user chooses a personal password. The username is the same as their email address. The username and password are required for signing into the Applications and for certain services offered by the Websites, as well as for submitting a request for technical support online.

2.1.2. Invited Users Aged 16 and Over

Contact information — When creating an account for an invited user aged 16 years and older as part of a family subscription to the Applications, only the invited user’s email address is required. When an invited user receives an invitation from the primary user, the invited user will then be required to provide their full name. Other information, such as their telephone number and mailing address, is optional. The same applies for the choice of avatar. Sometimes, when it is necessary or advisable, we may use this information for service-related communication and technical support requests or announcements.

Username and password — When signing in for the first time, the invited user aged 16 years or older chooses their personal password. The username is the same as their email address. The username and password are required for signing into the Applications and for certain services offered by the Websites, as well as for submitting a request for technical support online.

2.1.3. Invited User Under 16 Years of Age

Contact information — When an account is created for an invited user under 16 years of age as part of a family subscription to the Applications, only the invited user’s full name is required. No email address is linked to the account. Unlike with other users, we never communicate with invited users under 16 years of age, not even for service-related communications or technical support. You can provide the date of birth of an invited user under 16 years of age. This way, the status of the invited user’s account will change on their 16th birthday.

Username and password — The primary user also chooses a username and password when creating the account. Users under 16 years of age cannot change their username or password; only the primary user can make these changes.

2.1.4 Customizations

When using one of the Applications, it is possible to add a word that is not recognized by Antidote to a personal dictionary, to add a custom rule for a word or a string, to create your own settings or to create lists of favourites for quick access to dictionary entries or guide articles. The Applications’ interfaces allow you to edit or remove customizations. You can export this content in a structured, commonly used, machine-readable and interoperable format. If your subscription grants you the right to use the Applications on more than one device, a service allows you to synchronize this data across all your devices.

2.1.5. Communication

Support requests — The Assistance section of our Websites contains a form allowing you to describe a problem, leave a comment or share a suggestion. You must then provide any information that will help us process your request.

Comments and suggestions — You may send us comments and suggestions regarding the Applications or Websites. You acknowledge that Druide may use them in the development, improvement and marketing of its products or services without any restriction or obligation to provide remuneration.

Newsletters — Your Client Portal allows you to manage your subscription to our newsletters. We strongly recommend that you remain subscribed to our newsletters, as we use them to transmit important information concerning the use of our products and services. In general, we will only write to you personally regarding matters related to your account (to remind you that a subscription is about to expire, for example).

2.2. Information Collected Automatically

2.2.1. Usage Data

As a provider of web-based services, Druide automatically collects certain information for its web server logs. The information collected may be related to the device used (operating system, type of hardware, browser name, etc.) or the nature of the use of the Websites and Applications (session frequency and length, activated options, display settings, word searches, etc.). We only use this information in aggregate for users as a whole without the possibility of identifying users individually. This information helps us in making decisions for the improvement of our products and services. For example, we may decide to improve the integration of Antidote Web with the most popular browsers or to add certain words to the dictionaries that are frequently searched for by users.

2.2.2 Anonymized Data

For the sole purpose of improving the performance of Antidote’s analyzers, we might store an anonymized version of texts submitted to its corrector. In the anonymized texts, the following elements are replaced with completely different words: the names of any natural or legal persons, place names, demonyms, dates and times, numbers, addresses, postal codes, telephone numbers, email addresses, URLs, brand names, acronyms, etc. Following the anonymization, the original text will be destroyed and no link will be saved between an anonymized text and the person who submitted it. Consequently, the anonymized data no longer allows for the direct or indirect identification of a particular person. This process cannot be reversed.

As the processing of texts submitted to the corrector varies depending on the application used and the agreement governing its use, we present below a summary of the different scenarios.

Antidote 12 and its previous editions under perpetual license (single-user or multi-user) — Texts submitted to the corrector are only processed locally. They are never transmitted to our servers.

Antidote 12 with an Antidote+ subscription — Texts submitted to the corrector also remain on the computer where the application is installed, unless you use the Reformulation mode. To be reformulated, texts are transmitted via the Internet to our servers. Reformulated texts are neither stored nor used to train artificial intelligence models.

Antidote Web with an Antidote+ subscription — Texts submitted to the corrector are kept in their original form for 8 hours to provide the user access to recent texts. After this period, the submitted texts are destroyed unless the user consents to their anonymization and subsequent retention for training artificial intelligence models.

Antidote Web with an organizational subscription — Texts submitted to the corrector are destroyed as soon as the correction is completed. Therefore, they cannot be used to train artificial intelligence models.

2.2.3. Single Sign-On

When an account is linked to a single sign-on service, such as Google Single Sign-On (SSO), we only collect the login information required by that service: the username, email address and avatar URL. The password, however, is not collected.

2.2.4. Cookies

Cookies are small blocks of data stored on your device (computer, smartphone, tablet) by your web browser. They are a standard technology used by all browser software. Like most online services, we use cookies to enable the functionality of our Applications and Websites and to evaluate their performance and usability. Some cookies are required for them to function properly, while others are optional. Cookies can be deleted, but if they are disabled or blocked, it may prevent the Applications and Websites from working correctly.

Learn more about the cookies we use or configure them in your Cookies Settings.

2.2.5. IP Address

We may collect and analyze IP addresses, especially because they can help us find the cause of a technical problem. We do not collect precise geolocation data from users, nor do we store or track any device locations.

2.2.6. Web Analytics

To understand the context of a technical issue, to improve our Applications and Websites or to protect them from attacks carried out by automated applications (bots), we may use third-party web analytics providers such as Matomo or Google reCaptcha. Google may use the data collected to contextualize and customize ads for its own advertising network.

Learn how Google protects your personal information in its privacy policy.

2.2.7. Advertisement Tracking

To follow visitors’ interactions with our Websites when they access them by clicking on a social media advertisement, we may use conversion tracking tools such as Facebook’s “Visitor Action Pixels”. The information collected in this way is anonymized before it reaches us: we cannot see users’ personal information. However, Meta Platforms Inc. stores and processes this information; they can link it to your Facebook account and use it for their own advertising purposes.

Learn how Meta Platforms protects your personal information in its Privacy Policy.

3. What We Do With the Information Collected

We do not collect personal information that is not necessary for the delivery of the products and services that we offer. This means we use your personal information to:

  • provide you with services through the Applications and Sites;
  • provide you with technical assistance;
  • maintain our commercial relationship with you;
  • ensure the proper functioning and improvement of the Applications and Websites;
  • respond to your questions and, if applicable, your job applications.

4. What We Do Not Do With the Information Collected

We do not collect, use or share your personal information in any way that is not disclosed in this Privacy Policy. This also means that we do not do the following:

  • We do not sell, trade, rent or provide the personal information of users of the Applications and Websites to third parties.
  • As our Applications are fee-based, we do not expose users to advertisements.
  • We do not provide any messaging system for users to communicate privately with each other.

5. How Do We Protect Information?

5.1. Security Measures

When it comes to protecting user information, security is our highest concern. We follow industry-recognized standards such as the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework and the Open Worldwide Application Security Project’s (OWASP) Application Security Verification Standard. Here’s what we do to keep the Applications and Websites secure:

5.1.1. — We use SSL (Secure Sockets Layer) to establish an encrypted link between our web server and a browser. This link ensures that all data transferred remains private and secure.

5.1.2. — We use firewall-protected servers stored in a secured location to prevent any unauthorized access.

5.1.3. — We store and transfer passwords using encryption technologies deemed to be secure.

5.1.4. — We control and limit our employees’ access to our user database. The same is true for access to log files containing user and employee interactions with the Applications and Websites, as well as security events. Only employees who require this information to perform their duties have access to it. In such cases, we apply the principle of least privilege: the access granted is the minimum access required for these employees to perform their duties.

5.1.5. — We regularly educate our employees about information security issues and about how important this information is to our customers. The manner in which this information is handled is set out in a written document read and accepted by all relevant members of our staff.

5.1.6. — We implement control measures to ensure that the Applications’ and Websites’ development is secure. These measures include searching for disclosed vulnerabilities in third-party software included in the Applications and Websites, reviewing code, validating changes before deployment, training technical staff in good development practices, etc.

5.1.7. — We test the Applications’ and Websites’ security and fix any detected vulnerabilities presenting a security risk. We periodically appoint external experts to carry out security audits, including vulnerability and penetration testing.

5.1.8. — We use only industry-standard, publisher-supported software and technology infrastructures. We diligently keep them up to date with the latest patches.

5.1.9. — We implement measures for managing all Applications’ and Websites’ updates, whether or not they are required for security reasons. We take swift and appropriate action to prevent any vulnerability from being exploited, from the moment one is identified to the deployment of the update required to address the situation.

5.1.10. — We periodically review all above security measures and practices.

5.2. General Measures

We comply with laws and regulations on privacy and data protection in multiple jurisdictions, notably: the Act Respecting the Protection of Personal Information in the Private Sector (ARPPIPS—Government of Quebec), the Personal Information Protection and Electronic Documents Act (PIPEDA—Government of Canada) and the Children’s Online Privacy Protection Act (COPPA—United States of America). We have also adopted a decisive, comprehensive and systematic approach to complying with the principles set out in the General Data Protection Regulation (GDPR—European Union). Here are the measures we take to comply with these laws and regulations:

5.2.1. Information From Children Under 16 Years of Age

We are committed to protecting the information of all users—notably children under the age of 16. We will not require them to disclose more personal information than necessary.

Should you become aware that we have inadvertently collected personal information from a child—for example, if a child has created an Antidote subscription—we will take action to promptly delete such information. To report to us that a child’s personal information has been inadvertently collected or provided without the consent of a parent or legal guardian, please contact us at privacy@druide.com.

5.2.2. Deletion and the Right to Be Forgotten

In your Client Portal, you can remove the account of any invited users aged 16 or older from a family subscription. You can also delete the account of any invited users under 16 years of age, along with all their information. In addition, all accounts are automatically deleted one year after the account’s expiry, or at any time at the user’s request. Upon deletion, personal information is permanently erased and cannot be restored. You can also exercise your right to be forgotten by submitting a request to this effect to privacy@druide.com.

5.2.3. Right to Correction

Personal information can be found in your Client Portal; you can view and edit it at any time. However, users under 16 years of age cannot edit their personal information; only the primary user can do so. You can also submit a request to amend the incorrect information to privacy@druide.com.

5.2.4. Data Ownership, Control and Portability

Depending on the Applications, users can add a word to a personal dictionary along with any relevant lexicographic information, create personalized word lists or create lists of favourites for quick access to dictionary entries and guide articles. The content of personal dictionaries, word lists and favourites lists belongs to users. We do not claim any right of ownership or control over the content added. The interface of our Applications allows users to edit or remove entries added to one of these types of lists. They can also export their content in a structured, commonly used, machine-readable and interoperable format.

5.2.5. Parental Consent

COPPA mandates obtaining parents’ verifiable consent before collecting information from their children and describes different accepted ways to do so. By inviting a child under the age of 16 to join your subscription, you certify that you are the child’s parent or legal guardian and consent to the collection of information described in this policy.

5.2.6. Transfer of Your Personal Information

In order to comply with the GDPR, we must inform you that your personal information will be transferred outside the European Union (EU) to Canada. The GDPR allows for the transfer of data to certain countries whose legal system affords a level of protection deemed “adequate” with regard to personal information. Under an adequacy decision rendered by the European Commission, Canada is one of the countries to which the transfer of personal information from the EU is authorized.

5.2.7. Legal Requirements

We may disclose personal information in good faith in the following circumstances: when required to do so by law or by a court; to investigate or defend against third-party claims or allegations; to protect the security and integrity of our services; and to protect our rights and those of our users.

5.3. In Case of Failure

We strive to protect our users against unauthorized use, disclosure, or access to their personal information. Although we adhere to the best industry standards, we cannot claim that our security system is 100% immune to failure. If we identify a privacy incident affecting user accounts and determine that there is a risk of serious harm, we will contact the affected users by email within 24 hours. As we do not have the email addresses of invited users under 16 years of age, the parent or legal guardian who subscribed to the family plan will be contacted instead.

6. About This Privacy Policy

6.1. Modifications

This document will occasionally be updated to keep pace with improvements to the Applications and Websites, security technology and changes to privacy legislation. We expect that such updates will be minor amendments. However, if any modification significantly reduces the protections outlined in this policy, we will seek consent by email from all users of the Applications who have a Druide account, provided that they are aged 16 or older.

6.2. General Consent

Your use of one of the Applications or Websites implies your consent to the terms of this Privacy Policy. Should you disagree with any of its terms, you should immediately cease using the Applications and Websites.

6.3. Contact

We strive to make our Privacy Policy as easy to understand as possible. If you have any questions about it or would like to make a request relating to the protection of your personal information, please send an email to privacy@druide.com or write to us at:

Druide informatique inc.
Data Protection Officer
1435 Saint-Alexandre Street, Suite 1040
Montreal (Quebec) H3A 2G4
Canada

6.4. Recourse

If you are not satisfied with the way in which we use your personal information, you can appeal to the supervisory authority with jurisdiction over such matters in your country. For example, the Office of the Privacy Commissioner of Canada is authorized to oversee matters relating to the handling of personal information in Canada, while the Commission nationale de l’informatique et des libertés (CNIL) has jurisdiction in France. If you reside in a European Union country, please visit the site of the European Data Protection Supervisor to find the relevant authority in your country.