Legal

Privacy Policy

Last updated: 2026-04-25

1. Who we are (data controller)

  • Company name: SODADI
  • Legal form: EURL, incorporated under French law
  • Registered office: 7 avenue Jacques Cartier, 77600 Bussy Saint Georges, France
  • RCS: Meaux 914 818 802
  • SIRET: 914 818 802 00011
  • Intra-EU VAT: FR13914818802
  • Contact: legal@sodadi.fr

SODADI is the data controller within the meaning of the GDPR for the personal data described in this Policy. SODADI publishes the macOS application pepito (the "App").

Data Protection Officer: SODADI has not appointed a Data Protection Officer, as the conditions of Article 37 GDPR are not met (no large-scale processing of sensitive data, no systematic monitoring of individuals at scale). Privacy enquiries are handled directly by SODADI at legal@sodadi.fr.

2. Privacy at a glance

pepito processes your audio and transcripts locally on your Mac. To generate summaries, you choose between two options:

  • (a) Local LLM — runs entirely on your machine; no data leaves your Mac.
  • (b) Remote LLM endpoint — you configure the URL yourself (e.g. OpenAI, Anthropic, your corporate server). The transcript is sent directly to that endpoint; SODADI is never in the data path.

Only option (b) sends data outside your Mac, and only to the endpoint you chose. We do not run any analytics, telemetry or crash reporter, and the App does not phone home on launch — license validation is entirely on-device via a cryptographic signature.

3. Information we collect

3.1 On the website (pepito.sodadi.fr)

The website is statically served and does not load third-party analytics or tracking cookies. If you submit the newsletter form, your email address is sent to our newsletter provider (Brevo) for the sole purpose of sending you product updates; you can unsubscribe at any time from any email.

3.2 When you purchase pepito

Purchases are processed by Paddle (see section 5). After your purchase, Paddle shares with us your name, email address and transaction reference so that we can deliver your license, provide support and meet our accounting obligations.

3.3 When you use the App

The App processes audio and transcripts locally on your Mac. None of this data is transmitted to SODADI's servers. Specifically:

  • Recording & transcription: audio recordings stay in the folder you choose; transcription runs on the Apple Neural Engine via the bundled Parakeet TDT v3 model. Nothing leaves your Mac at this stage.
  • Summary generation — local LLM (option a): if you configure a local LLM (e.g. Ollama, LM Studio), the transcript stays on your Mac. No data is sent anywhere.
  • Summary generation — remote LLM (option b): if you configure a remote endpoint (e.g. OpenAI, Anthropic, a corporate server), the transcript is sent directly from your Mac to that endpoint. When you do so:
    • the App acts as a transmission tool only;
    • SODADI does not access, store or process the transmitted data;
    • you are the sole data controller vis-à-vis the participants of your meetings, and the remote LLM provider is your processor under your direct contractual relationship with them;
    • you are responsible for selecting a provider compatible with your own legal obligations (GDPR, sectoral confidentiality, professional secrecy);
    • you are responsible for informing meeting participants and obtaining their consent where applicable.
  • License validation: performed entirely on-device using a cryptographic signature embedded in the license key. The App does not contact SODADI or Paddle servers to validate your license at launch.
  • Telemetry & analytics: the App collects no telemetry, analytics or crash reports.

3.4 When you contact support

If you email us, we receive your email address and the content of your message. We use that information solely to respond to your request.

4. Cookies and similar technologies

The pepito website uses the following cookies and trackers:

  • Paddle.js (checkout): strictly necessary cookies set during the purchase process by our payment provider Paddle. These cookies enable the checkout, prevent fraud, and remember your cart during the transaction. They qualify as strictly necessary under Article 82 of the French Data Protection Act and the CNIL guidelines on cookies (Délibération 2020-091); no prior consent is required, but they are disclosed here for transparency.
  • Newsletter (Brevo): no cookies are set on our website by Brevo. The newsletter form is a native HTML form; only the email address you submit is transmitted to Brevo via API for the sole purpose of sending you product updates.

We do not use any analytics, advertising or tracking cookies. There is no Google Analytics, Meta Pixel, Hotjar, or similar tool on this site.

5. Payments and Paddle

All purchases are processed by Paddle.com, our Merchant of Record. Paddle collects and processes your payment information, billing details and email address in accordance with their Privacy Policy. We receive only your name, email and transaction metadata; we never receive or store credit-card or full payment information.

For questions or rights related to billing data held by Paddle, contact Paddle directly via paddle.net.

6. Legal basis (GDPR)

  • Performance of the contract (Art. 6(1)(b) GDPR): processing your order, delivering your license, providing support.
  • Legal obligation (Art. 6(1)(c) GDPR): keeping accounting and tax records as required by French law.
  • Legitimate interest (Art. 6(1)(f) GDPR): responding to support requests.
  • Consent (Art. 6(1)(a) GDPR): newsletter subscription, withdrawable at any time.

7. Data sharing

We share personal data only with:

  • Paddle (payment processor and Merchant of Record).
  • Brevo (newsletter provider, only if you subscribe).
  • Netlify (website host, processes server logs to keep the site online).

We never sell your data, never share it for advertising and never disclose it to third parties for marketing purposes.

Note on remote LLM endpoints: remote LLM endpoints configured by users (see section 3.3) are not SODADI's processors and are not listed here. The user manages these relationships directly with the chosen provider.

8. Hosting provider (LCEN art. 6-III)

The website pepito.sodadi.fr is hosted by Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, California 94104, United States — phone: +1 (415) 691-2375 — www.netlify.com. Netlify processes server access logs to operate and secure the site; see section 7 above for data-sharing details.

9. International transfers

Some of our processors (Paddle, Brevo, Netlify) may process data outside the European Economic Area. They rely on the European Commission's Standard Contractual Clauses (SCCs) and other GDPR-compliant transfer mechanisms.

10. Data retention

  • License and transaction data: kept for the duration of the customer relationship and for the legally required accounting period (10 years under French Commercial Code).
  • Support emails: kept for the duration of the exchange and up to 1 year afterwards.
  • Newsletter subscription: until you unsubscribe.

11. Your rights

Under the GDPR, you have the right to:

  • access your personal data (Art. 15);
  • rectify inaccurate or incomplete data (Art. 16);
  • erase your data (Art. 17);
  • restrict processing (Art. 18);
  • portability of your data (Art. 20);
  • object to processing based on legitimate interest (Art. 21);
  • withdraw consent at any time, without affecting the lawfulness of past processing.

To exercise these rights, email us. We respond within one month at the latest.

You also have the right to lodge a complaint with the French Data Protection Authority, the CNIL (www.cnil.fr), or the supervisory authority of your country of residence.

12. Security

We apply reasonable technical and organisational measures to protect personal data against loss, misuse and unauthorised access. Because the App processes audio locally on your Mac, the security of the recordings stored on your device depends on your own device security (full-disk encryption, account password, etc.).

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new "Last updated" date.

14. Contact

Data controller: SODADI (full identification in section 1). Contact: legal@sodadi.fr.

Valere JEANTET — SODADI

Our order process is conducted by our online reseller Paddle.com, Merchant of Record for all our orders.