Last updated: September 22, 2023
- Antidote 11 and prior editions for installation on a computer, Antidote Web for access through a browser on antidote.app, as well as Antidote Mobile for iPhone and iPad (the “Applications”);
- the websites www.antidote.info and www.druide.com as well as the services which they allow you to access, such as your Client Portal from services.druide.com and the Help Center from assistance.druide.com (the “Websites”).
This document uses clear and simple terms to describe the practices and procedures adopted by our company, Druide informatique inc. (“Druide”), to protect your personal information.
2. What Information Do We Collect and Why?
2.1. Information Provided by Users
2.1.1. Primary User
Contact information — Account creation by primary users (over 16 years of age) requires their full name, email address and the language selected for the interface of the chosen Applications and correspondence from Druide. Other information, such as their telephone number and mailing address, is optional. The same applies for the choice of avatar. Sometimes, when it is necessary or advisable, we may use the information provided by the primary user for service-related communication and technical support requests or announcements.
Credit card information — Anyone who creates an account to pay for Applications must provide their credit card details (card number, expiration date, security code) and billing address. The transaction is secured by Stripe, a platform with PCI/DSS level 1 certification (the highest level of security for online payments). Information relating to your credit card is encrypted and is never transmitted over the Internet in unencrypted form. Additionally, it is processed exclusively by Stripe and never comes into our possession.
Username and password — When creating an account, the primary user chooses a personal password. The username is the same as their email address. The username and password are required for signing into the Applications and certain services offered by the Websites, as well as for submitting a request for technical support online.
2.1.2. Invited Users Aged 16 and Over
Contact information — When creating an account for an invited user aged 16 years and older as part of a family subscription to the Applications, only the invited user’s email address is required. When an invited user receives an invitation from the primary user, the invited user will then be required to provide their full name. Other information, such as their phone number and mailing address, is optional. The same applies for the choice of avatar. Sometimes, when it is necessary or advisable, we may use this information for service-related communication and technical support requests or announcements.
Username and password — When signing in for the first time, the invited user aged 16 years and older chooses their personal password. The username is the same as their email address. The username and password are required for signing into the Applications and certain services offered by the Websites, as well as for submitting a request for technical support online.
2.1.3. Invited User Under 16 Years of Age
Contact information — When an account is created for an invited user under 16 years of age as part of a family subscription to the Applications, only the invited user’s full name is required. No email address is linked to the account. Unlike with other users, we never communicate with invited users under 16 years of age, not even for service-related communications or technical support. You can provide the date of birth of an invited user under 16 years of age. This way, the status of the invited user’s account will change on their 16th birthday.
Username and password — The primary user also chooses a username and password when creating the account. Users under 16 years of age cannot change their username or password; only the primary user can make these changes.
2.1.4 Personal Dictionaries, Word Lists and Favourites Lists
When using one of the Applications, it is possible to add a word that is not recognized by Antidote to a personal dictionary, to create personalized word lists, or to create lists of favourites for quick access to dictionary entries or guide articles. The interface of the Applications allows you to edit or remove the entries added to one of these lists. You can export their content in a structured, commonly used, machine-readable and interoperable format. If your subscription grants you the right to use the Applications on more than one device, a service allows you to synchronize this data across all your devices.
Support requests — The Assistance section of our Websites contains a form allowing you to describe a problem, leave a comment or share a suggestion. You must then provide any information that will help us process your request.
Comments and suggestions — You may send us comments and suggestions regarding the Applications or Websites. You acknowledge that Druide may use them in the development, improvement and marketing of its products or services without any restriction or obligation to provide remuneration.
Newsletters — Your Client Portal allows you to manage your subscription to our newsletters. We strongly recommend that you remain subscribed to our newsletters, as we use them to transmit important information concerning the use of our products and services. In general, we will only write to you personally regarding matters related to your account (to remind you that a subscription is about to expire, for example).
2.2. Information Collected Automatically
2.2.1. Usage Data
As a provider of web-based services, Druide automatically collects certain information for its web server logs. The information collected may be related to the device used (operating system, type of hardware, browser name, etc.) or the nature of the use of the Websites and Applications (session frequency and length, activated options, display settings, word searches, etc.). We only use this information in aggregate for the users as a whole, without the possibility of identifying users individually. This information helps us in making decisions for the improvement of our products and services. For example, we may decide to improve the integration of Antidote Web in the most popular browsers or to add certain words to the dictionaries that are frequently searched for by users.
2.2.2 Anonymized Data
For the sole purpose of improving the performance of its analyzers, we store an anonymized version of texts submitted to Antidote Web’s corrector. In the anonymized texts, the following elements will be replaced with completely different words: the names of any natural or legal persons, place names, demonyms, dates and times, numbers, addresses, postal codes, telephone numbers, email addresses, URLs, brand names, acronyms, etc. The original text submitted to Antidote Web will be destroyed in the 24 hours following its correction and no link will be saved between an anonymized text and the person who submitted it.
Following this process, and after the destruction of the original text, the anonymized data no longer allows for the direct or indirect identification of a particular person. This process cannot be reversed.
2.2.3. Single Sign-On
When an account is linked to a single sign-on service, such as Google Single Sign-On (SSO), we only collect the login information required by that service: the username, email address and avatar URL. The password, however, is not collected.
To learn more about the cookies we use or to configure them, see the Cookies Settings panel.
2.2.5. IP Address
We may collect and analyze IP addresses, especially because they can help us find the cause of a technical problem. We do not collect precise geolocation data from users, nor do we store or track any device locations.
2.2.6. Web Analytics
To understand the context of a technical issue, to improve the Applications and Websites or to protect them from attacks carried out by automated programs (bots), we may use third-party web analytics providers such as Matomo or Google reCaptacha. Google may use the data collected to contextualize and customize the advertisements of its own advertising network.
For more information on Google’s practices in terms of the protection of personal information, please view the page describing its privacy rules.
2.2.7. Advertisement Tracking
To follow the interactions of visitors with the Websites when they are directed to them by clicking on a social media advertisement, we can use conversion tracking mechanisms such as Facebook’s “Visitor Action Pixels”. The information collected in this way is anonymous for us: we cannot see the personal information of users. However, it is stored and processed by Meta Platforms inc., which can link it to your Facebook account and use it for its own advertising purposes.
For more information on Meta Platforms’s practices in terms of the protection of personal information, please view its Data Use Policy.
3. What We Do with the Information Collected
We do not collect personal information that is not necessary for the delivery of the products and services that we offer. This means we use your personal information to:
- provide you with services through the Applications and Sites
- provide you with technical assistance
- maintain our commercial relationship with you
- ensure the proper functioning and improvement of the Applications and Websites
- respond to your questions and, if applicable, your job applications.
4. What we Do Not Do with the Information Collected
- We do not sell, trade, rent or provide the personal information of users of the Applications and Websites to third parties.
- As our Applications are fee-based, we do not expose users to advertisements.
- We do not provide any messaging system for users to communicate privately with each other.
5. How Do We Protect Information?
5.1. Security Measures
When it comes to protecting user information, security is our highest concern. We follow industry-recognized standards such as the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework and the Open Worldwide Application Security Project’s (OWASP) Application Security Verification Standard. Here’s what we do to keep the Applications and Websites secure:
5.1.1. — We use SSL (Secure Sockets Layer) to establish an encrypted link between our web server and a browser. This link ensures that all data transferred remains private and secure.
5.1.2. — We use firewall-protected servers stored in a secured location to prevent any unauthorized access.
5.1.3. — We store and transfer passwords using encryption technologies deemed to be safe.
5.1.4. — We control and limit our employees’ access to our user database. The same is true for access to log files containing user and employee interactions with the Applications and Websites, as well as security events. Only employees who require this information to perform their duties have access to it. In such cases, we apply the principle of least privilege: the access granted is the minimum access required for these employees to perform their duties.
5.1.5. — We regularly educate our employees about information security issues and about how important this information is to our customers. The manner in which this information is handled is set out in a written document read and accepted by all relevant members of our staff.
5.1.6. — We implement control measures to ensure that the Applications and Websites development is secure. These measures include searching for disclosed vulnerabilities in third-party software included in the Applications and Websites, reviewing code, validating changes before deployment, training technical staff in good development practices, etc.
5.1.7. — We test the Applications and Websites security and fix any detected vulnerabilities presenting a security risk. We periodically appoint external experts to carry out security audits, including vulnerability and penetration testing.
5.1.8. — We use only industry-standard, publisher-supported software and technology infrastructures. We diligently keep them up to date with the latest patches.
5.1.9. — We implement measures for managing all Applications and Websites updates, whether or not they are required for security reasons. We take swift and appropriate action to prevent any vulnerability from being exploited, from the moment one is identified to the deployment of the update required to address the situation.
5.1.10. — We periodically review all above security measures and practices.
5.2. General Measures
We comply with the laws and regulations regarding privacy and data protection in multiple jurisdictions, notably the Act respecting the protection of personal information in the private sector (ARPPIPS - Government of Quebec), the Personal Information Protection and Electronic Documents Act (PIPEDA - Government of Canada) and the Children’s Online Privacy Protection Act (COPPA - United States of America). We are also deeply committed to a global and methodical approach in respecting the principles laid out in the General Data Protection Regulation (GDPR - European Union). Here is what we do to comply with them.
5.2.1. Information for Children Under 16 Years of Age
We are committed to protecting the information of all users—notably children under the age of 16. We will not require them to disclose more personal information than necessary.
Should you become aware that we have inadvertently collected personal information from a child—for example, a child has created an Antidote subscription—we will take action to promptly delete such information. To report to us that a child’s personal information has been inadvertently collected or provided without the consent of a parent or legal guardian, please contact us at firstname.lastname@example.org.
5.2.2. Deletion and the Right to Be Forgotten
In your Client Portal, you can remove the account of any invited users aged 16 or older from a family subscription. You can also delete the account of any invited users under 16 years of age, along with all their details. In addition, all accounts are automatically deleted one year after the account’s expiry, or at any time at the user’s request. Upon deletion, personal details are permanently erased and cannot be restored. You can also exercise your right to be forgotten by submitting a request to us to this effect at email@example.com.
5.2.3. Right to Rectification
Personal information can be found in your Client Portal; you can view and edit it at any time. However, users under 16 years of age cannot edit their personal information, only the primary user can do so. You can also submit a request to amend the incorrect information at firstname.lastname@example.org.
5.2.4. Property, Control and Data Portability
Depending on the applications, users can add a word to a personal dictionary along with any relevant lexicographic information, create personalized word lists, or create lists of favourites for quick access to dictionary entries and guide articles. The content of personal dictionaries, word lists, and favourites lists belongs to users. We do not claim any right of ownership or control over the content added. The interface of our Applications allows users to edit or remove entries added to one of these types of lists. They can also export their content in a structured, commonly used, machine-readable and interoperable format.
5.2.5. Parental Consent
COPPA mandates obtaining parents’ verifiable consent before collecting information from their children, and describes different accepted ways to do so. By inviting a child under the age of 16 to join your subscription, you certify that you are the child’s parent or legal guardian and consent to the collection of information described in this policy.
5.2.6. Transfer of Your Personal Information
In order to comply with the GDPR, we must inform you that your personal information will be transferred outside the European Union (EU) to Canada. The GDPR allows for the transfer of data to certain countries whose legal system affords a level of protection deemed “adequate” with regard to personal information. Under an adequacy decision rendered by the European Commission, Canada is one of the countries to which the transfer of personal information from the EU is authorized.
5.2.7. Legal Requirements
We may disclose personal information in good faith in the following circumstances: when required to do so by law or by a court; to investigate or defend against third-party claims or allegations; to protect the security and integrity of our services; and to protect our rights and those of our users.
5.3. In Case of Failure
We strive to protect our users against unauthorized use, disclosure, or access to their personal information. Although we adhere to the best industry standards, we cannot claim that our security system is 100% immune to failure. In the event that we discover a security breach affecting our users’ accounts, we will send an email within 24 hours to all users (over 16 years of age).
This document will occasionally be updated to keep pace with improvements to the Applications and Websites, security technology and changes to privacy legislation. We expect that such updates will be minor amendments. However, if any modification significantly reduces the protections outlined in this policy, we will seek consent by email from all users of the Applications who have a Druide account, provided that they are aged 16 or older.
6.2. General Consent
Druide informatique inc.
Data Protection Officer
1435 Saint-Alexandre Street, Suite 1040
Montreal (Quebec) H3A 2G4
If you are not satisfied with the way in which we use your personal information, you can appeal to the supervisory authority with jurisdiction over such matters in your country. For example, the Office of the Privacy Commissioner of Canada is authorized to supervise matters relating to the management of personal information in Canada, while the Commission nationale de l’informatique et des libertés (CNIL) has jurisdiction in France. If you reside in a European Union country, please visit the site of the European Data Protection Supervisor to find the competent authority in your country.