It's a strong declaration, we admit. Dive into our user terms to see the foundation of our confidence.
Version: 🔧 22 December 2025
Effective date: 🔧 22 December 2025
Publisher: Humanlinker, SAS, 7 rue Meyerbeer, 75009 Paris, France
Contact: contact@humanlinker.com
Services: the Humanlinker SaaS platform, Chrome extension and APIs.
Customer / User: any legal entity (and its authorized users) accessing the Services for professional purposes.
Customer Content: data, prompts and generated outputs (including AI-generated outputs) created by or for the Customer.
Personal Data: as defined under the GDPR.
Documentation: functional/technical documentation published by Humanlinker.
DPA: Data Processing Addendum, incorporated by reference.
Privacy Policy: 🔧 [URL].
PAS / SIP: Humanlinker’s Security Assurance Plan, available upon request.
These Terms govern access to and use of the Services. Order of precedence: (i) specific terms (quote/purchase order), (ii) these Terms, (iii) the Documentation.
The Services are strictly reserved for professional B2B use and are prohibited for minors/consumers. The Customer warrants the capacity and authority of its Users.
Information must be accurate and kept up to date. Credentials are personal and non-transferable. The Customer must promptly notify Humanlinker of any unauthorized access. Humanlinker may require supporting evidence before restoring access.
Humanlinker provides features for analysis/enrichment, AI-assisted generation, team management and reporting. Humanlinker may modify or evolve the Services without materially altering their primary purpose, while ensuring reasonable continuity.
Plans and pricing are published at https://www.humanlinker.com/fr/tarifs. Paid plans are annual subscriptions, payable in advance (prices excluding taxes).
Payment is processed by a payment service provider; Humanlinker does not store any bank card details. Invoices are provided by any appropriate means.
Retries: in case of payment failure on the due date of an annual subscription (including upon renewal), Humanlinker will attempt up to 4 additional charges during the first week following the due date.
Downgrade: after these 4 unsuccessful attempts, the account is automatically downgraded to the “Free” plan, which immediately stops all ongoing campaigns.
Re-subscription: to resume ongoing campaigns and run future ones, the Customer must re-subscribe via “Account settings > Billing & Usage”.
Related suspension: Humanlinker may also suspend access to paid features until payment is regularized (see Section 15).
Without prejudice to the measures above, any late payment may result in: (i) immediate payment of all amounts due, and (ii) suspension of the Services after reasonable notice.
30 days’ notice by email. If the Customer refuses, it may terminate before the effective date (Section 8). Otherwise, new prices apply at the next annual term.
Paid Services are provided as an annual subscription for an initial term of twelve (12) months from the subscription date (or the date specified in the purchase order/quote, as applicable).
Unless terminated in accordance with Section 8.2, the subscription renews automatically for successive twelve (12) month periods.
The Customer may terminate its annual subscription at any time, effective at the end of the current annual period, via “Settings / Billing” (or any other method made available by Humanlinker).
To avoid automatic renewal, termination must be completed no later than two (2) days before the annual renewal date. Termination is deemed effective at the date and time of the confirmation displayed in the Customer space (or, where applicable, in the confirmation email).
In the event of a proven technical issue preventing termination via the Customer space, the Customer may submit its request to Support at the address indicated on the website; in such case, only the date and time Humanlinker receives the complete request will be used to determine whether termination occurred within the above deadline.
Unless otherwise provided in specific terms, no refund or pro rata reimbursement will be due for the current annual period.
Effective thirty (30) days after written notice remains uncured. Immediate termination in case of fraud, serious security breach, manifest violation of laws/these Terms, or persistent non-payment.
Access is closed; all amounts already due remain payable; no refunds for any started periods.
Upon request made before the effective termination date, Humanlinker will provide a secure export (encrypted archive). After that date, deletion occurs in accordance with the DPA.
Humanlinker has no obligation to assist with integrating exported data into another system.
The Customer is responsible for its data, outbound communications and compliance (prospecting, e-privacy, GDPR, IP). Prohibited: unauthorized access, penetration testing, unlawful/counterfeit content, sending without a legal basis, reselling/sharing accounts outside the team, API abuse. Humanlinker may suspend in case of proven risk or material breach.
The Customer acknowledges that it is solely responsible for compliance with applicable regulations on electronic commercial prospecting, including consent, opt-out and information obligations.
This protects Humanlinker in case of non-compliant sending (prospecting without consent, spam, etc.).
Services: exclusive property of Humanlinker and/or its licensors; any unauthorized reproduction/reverse engineering is prohibited.
Customer Content & AI outputs:
Ownership: the Customer remains the sole owner, subject to third-party rights in source materials. Humanlinker claims no ownership rights in AI-generated outputs produced on behalf of the Customer. The Customer is solely responsible for the use of such outputs and their legal compliance.
License to Humanlinker: a non-exclusive, worldwide, non-transferable, royalty-free license, limited to the duration of the Services, to host, process, transmit, store and operationally improve the Services (including aggregated/anonymized statistics).
The Parties undertake to comply with applicable data protection laws and, in particular, French Law No. 78-17 of 6 January 1978 as amended (“Informatique et Libertés”) and Regulation (EU) 2016/679 of 27 April 2016 (“GDPR”).
The Parties agree that HUMANLINKER is a processor within the meaning of Article 28 GDPR and the Customer is the controller. In no event shall the Parties be considered joint controllers in the context of the Service. The processor obligations are described in the data protection agreement appended hereto. If an error in the Parties’ qualification is established, the Parties shall meet to amend this clause and take all measures necessary to comply with applicable requirements.
In addition, HUMANLINKER may process Customer data (e.g., employee data) in connection with the implementation of the Service. For more information, the Customer may consult HUMANLINKER’s Privacy Policy available at all times on its website: https://www.humanlinker.com/fr/privacy-policy. The Customer undertakes to inform its users of this Privacy Policy.
Support is provided by email and in-app chat for designated administrators, from 9:00 a.m. to 6:00 p.m., Monday to Friday, excluding public holidays. Unless otherwise specified, Humanlinker is subject to a best-efforts obligation. SLAs (uptime, RTO/RPO) may be agreed in specific terms.
Unless otherwise stated, the response and restoration times mentioned in the SLAs are best-efforts targets and not result obligations.
Humanlinker uses reasonable efforts to provide Services compliant with the Documentation and free of known vulnerabilities at the time of deployment. Exclusions: misuse, unapproved third-party integrations, unauthorized modifications, unavailability attributable to third parties/networks/force majeure.
Humanlinker’s total aggregate liability is capped at the total amounts paid by the Customer for the Services during the previous twelve (12) months. This cap is expressly accepted as proportionate given the price and standardized nature of the Services. The limitation also applies to breaches of the DPA, except in cases of gross negligence or willful misconduct.
Humanlinker does not warrant the accuracy, truthfulness or lawfulness of content generated by the AI modules.
Indirect damages are excluded (loss of profit/revenue, data, reputation, business interruption). The cap does not apply in case of bodily injury, gross negligence/willful misconduct, or final judgment for infringement directly attributable to the Services (excluding Customer Content).
Humanlinker may suspend all or part of the Services in case of (i) security threat/incident, (ii) non-payment (Sections 6.1/6.2), (iii) unlawful use/material breach, or (iv) request by an authority. Suspension is limited to what is strictly necessary; the Customer will be informed where possible.
Suspension does not give rise to any liability or compensation to the Customer. Humanlinker will inform the Customer as soon as possible after suspension where it is not imposed by an authority.
Humanlinker will respond in good faith to reasonable information requests strictly necessary to demonstrate GDPR/DPA compliance (written questionnaires, documented exchanges). On-site audits are governed by the DPA.
The Customer may not assign without prior written consent (except intra-group reorganization with notice). Humanlinker may subcontract while remaining responsible toward the Customer.
Obligations impacted by a force majeure event (as defined under French law) are suspended for the duration of the event.
These Terms (together with the Documentation, Privacy Policy and DPA) constitute the entire agreement. Humanlinker may modify the Terms with 30 days’ notice; continued use after the effective date constitutes acceptance, subject to the termination rights in Section 8. If any provision is held invalid, the remainder remains in effect. Amendments are deemed accepted if the Customer continues to use the Services after the effective date.
In case of translation, the French version prevails. French law applies. Courts of Paris have jurisdiction. In the event of an international dispute, the parties agree to arbitration under the ICC Rules in Paris.
Any AI-generated content (emails, messages, comments) must be reviewed by a human before sending. The Customer is solely responsible for messages sent and for legal compliance. Humanlinker disclaims any liability where messages are sent without prior human review.
Humanlinker does not conduct any prior moderation of content generated or distributed via the Services and shall not be liable for message content or its consequences.
This Data Processing Addendum (the “Addendum”) is intended to govern the use of Customers’ Personal Data (the “Customer”) by Humanlinker (the “Processor” or “Humanlinker”) when they use the Humanlinker service (the “Service”).
The terms “adequacy decision”, “technical and organizational measures”, “data subjects”, “data protection by design”, “data protection by default”, “record”, “joint controller(s)”, “record of processing activities”, “processor”, “processing”, and “personal data breach” used in this Addendum have the meanings set out in Articles 4 et seq. of the GDPR.
Other terms are defined as follows:
“Addendum”: the annex to the Agreement governing the use of the Customer’s Personal Data pursuant to Article 28 GDPR, also referred to as the “Data Processing Addendum” (“DPA”).
“DPIA” (AIPD): a data protection impact assessment used to assess proportionality and mitigate risks related to processing of Personal Data.
“Anonymization”: processing that irreversibly prevents identification of data subjects for processing carried out under the Service.
“Supervisory Authority”: the competent GDPR supervisory authority for the Service provided by the Processor.
“Customer”: the entity that subscribed to the Service provided by the Processor.
“Agreement”: the contract entered into between the Processor and the Customer to use the Service, to which this Addendum is attached.
“Rights Request(s)”: rights under GDPR Articles 15 et seq. (e.g., right of access, erasure, etc.).
“Customer Personal Data”: any data relating to an identified or identifiable natural person transmitted to the Processor and processed by it on behalf of the Customer under the Service, the detailed list of which is provided in an appendix.
“Party(ies)”: the Customer and the Processor together.
“GDPR”: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
“Applicable Data Protection Laws”: French Law No. 78-17 of 6 January 1978 and the GDPR.
“Data Portability / Reversibility”: the operation enabling the transfer and integration, in a usable and recognized format, of the Customer Personal Data from the Processor’s Service to an equivalent service offered by another provider.
“SaaS Service”: software hosted by the Processor and usable simultaneously by an unlimited number of customers.
“Sub-processor”: subcontractors engaged by the Processor to process Customer Personal Data exclusively for the Service.
“End Users”: individuals whose Personal Data is processed by the Processor on behalf of the Customer.
This Addendum is an indivisible annex to the Agreement entered into by the Customer and the Processor for use of the Service.
In the event of conflict between the Agreement and this Addendum, the Addendum prevails with respect to GDPR compliance.
This Addendum applies for the duration of the Agreement and may continue thereafter as long as the obligations herein remain applicable.
The Customer acts as controller and Humanlinker acts as processor within the meaning of Article 28 GDPR.
In no event shall the Parties be considered joint controllers for the Service. However, if an error or change in qualification occurs, the Parties shall meet promptly to amend the Addendum and take all necessary measures to comply with Applicable Data Protection Laws.
This Addendum exclusively governs processing of Customer Personal Data carried out under the Service as processor, excluding processing carried out by Humanlinker as an independent controller, which is governed by the Agreement.
For certain features—particularly those related to data enrichment from public sources, behavioral analysis, prospect recommendations, or content generation using AI models—Humanlinker acts as a separate data controller, in accordance with its Privacy Policy available at https://www.humanlinker.com/fr/privacy-policy.
Such processing is carried out independently, for the purposes and legal bases described in the Privacy Policy, without the Customer having to provide instructions.
The Processor undertakes to use the Customer Personal Data under the Service only on documented instructions set out in an appendix to this Addendum. The Processor shall promptly inform the Customer if it believes an instruction is unlawful under Applicable Data Protection Laws. The Processor shall not be liable if, despite such notification, the Customer maintains and applies the instruction via the Service.
The Processor undertakes to comply with the GDPR, including maintaining a record of processing activities specific to the Service and developing the Service in accordance with “data protection by design” and “by default”.
The Processor undertakes never to transfer Customer Personal Data for reasons other than providing the Service and never to use Customer Personal Data for its own purposes as controller.
The Processor represents that all internal or external personnel required to process Customer Personal Data are bound by one or more legally binding instruments and receive regular training and awareness.
The Processor undertakes to ensure the security of Customer Personal Data and to implement all necessary technical and organizational measures for its Service, detailed in an appendix to this Addendum.
However, the Processor is never responsible for the Customer’s failures to comply with Applicable Data Protection Laws when the Customer uses the Service as controller.
DPIAs are to be carried out by the Customer in accordance with the GDPR. However, upon the Customer’s written request, the Processor will provide the necessary information required for the Customer to conduct a DPIA.
The Processor is not required to perform DPIAs on behalf of the Customer. Any request beyond provision of information may be refused.
Rights Requests sent by End Users are forwarded to the Customer as soon as possible. The Processor is not required to keep an inventory of Rights Requests on behalf of the Customer and is not responsible for the Customer’s failures in handling Rights Requests.
Upon the Customer’s written request, the Processor will perform technical actions enabling the Customer to meet its obligation to respond to data subject requests.
The Customer acknowledges that the Processor is not required to manage Rights Requests on behalf of the Customer; any request to do so may be refused. Rights Requests received by the Processor in its capacity as controller are handled exclusively by the Processor and are not transferred to the Customer.
The Processor undertakes to provide all necessary information regarding the technical and organizational security measures required to ensure the security of Customer Personal Data in connection with the Service.
The Processor undertakes to notify the Customer, as soon as possible and no later than forty-eight (48) business hours after becoming aware, of any personal data breach related to the Service that may affect Customer Personal Data, and to provide the information it has to mitigate the effects of the breach. The Customer acknowledges that its 72-hour deadline starts when it becomes aware of the breach and that the 48 business-hour timeframe is compliant with the GDPR.
The Processor is not authorized to handle breach notifications to the Supervisory Authority or to inform End Users on behalf of the Customer. Any such request by the Customer will be refused.
The Customer grants the Processor a general authorization to engage Sub-processors, provided that the Customer is informed of any changes as soon as possible to allow objections. The Customer acknowledges that a specific authorization for each SaaS tool is not applicable and may lead to blocking the Service.
Failing objections from the Customer within eight (8) days of the notice, the new Sub-processor is deemed definitively engaged and the Customer may not object, claim damages or terminate the Agreement on that basis. The notice will include the Sub-processor’s identity, location and the nature of processing concerned. If a timely objection is deemed valid by the Processor, the Processor may propose one of the following solutions: (i) removal of the Sub-processor, (ii) implementation of additional measures to ensure security of Customer Personal Data, or (iii) discontinuation of the Service without the Customer being entitled to damages.
To be considered valid, objections must be objective, serious and duly substantiated. The Parties agree that the following situations are, by default, considered valid: (i) the proposed Sub-processor is a direct competitor of the Customer, (ii) the Sub-processor is in litigation with the Customer, (iii) the Sub-processor has been sanctioned by a Supervisory Authority in the twelve (12) months preceding engagement, and (iv) the Sub-processor does not comply, where applicable, with rules governing transfers outside the EU.
The Processor undertakes to engage only Sub-processors that, after review, provide sufficient guarantees to ensure the security and confidentiality of Customer Personal Data. The relationship between the Processor and the Sub-processor must be governed by an agreement imposing obligations similar to those of this Addendum.
The Processor remains liable, within the limits set out in the Agreement, for GDPR breaches committed by its Sub-processors in the context of the Service.
The Processor undertakes to use reasonable efforts to host Customer Personal Data exclusively within an EU Member State. The Customer authorizes the Processor to choose any EU Member State. If Customer Personal Data is hosted outside the EU, the Processor undertakes to obtain the Customer’s prior authorization and implement all required mechanisms to govern the transfer, such as Standard Contractual Clauses and, where applicable, additional technical security measures.
The Customer grants the Processor a general authorization to transfer data outside the EU provided that, cumulatively: (i) transfers are made exclusively to Sub-processors compliant with the GDPR, and (ii) transfers are made exclusively to a country benefiting from an adequacy decision or otherwise governed by appropriate safeguards such as Standard Contractual Clauses. If these conditions are not met, transfers outside the EU are permitted only with the Customer’s prior consent. Additional technical security measures must be implemented where Personal Data would be transferred to a non-democratic country.
The Processor undertakes to retain Customer Personal Data only for the duration of the Service, in accordance with instructions detailed in an appendix, and to delete it at the end of the Agreement. Upon written request, the Processor will certify deletion of Customer Personal Data and all existing copies.
The Customer is informed that it must retrieve its Customer Personal Data before the end of the Addendum. Failing that, the Customer can no longer retrieve it, as deletion is irreversible and final. The Processor shall not be liable for loss of Customer Personal Data after deletion, which remains the Customer’s sole responsibility. The Customer agrees that total, irreversible anonymization may be used as a deletion method and that the Processor may retain anonymized data to improve the Service, as accepted by supervisory authorities. Anonymization is carried out irreversibly in accordance with applicable standards. In case of doubt regarding anonymization, Humanlinker undertakes to process such data in compliance with the GDPR.
The Processor informs the Customer that the GDPR obligation to return data does not constitute “Data Portability / Reversibility” to a new provider and that any such request will always be refused.
The Customer may conduct an audit by written questionnaire once per year to verify compliance with this Addendum. The questionnaire constitutes an honor-based commitment binding the Processor. The questionnaire may be provided in any form, and the Processor undertakes to respond as soon as possible after receipt.
The Customer may also conduct, once per year and at its own expense, an on-site audit—where applicable at the Processor’s premises—in the event of a data breach due to a proven and demonstrated failure by the Processor causing duly justified harm to the Customer. An on-site audit must be notified in writing at least thirty (30) days in advance. The Processor may refuse the Customer’s chosen independent third party if it is (i) a direct or indirect competitor, (ii) in a conflict of interest (e.g., advising a competitor), or (iii) in pre-litigation or litigation with the Processor. In such case, the Customer shall appoint another independent third party. The Processor may deny access to certain areas for confidentiality or security reasons; in such case, the Processor will perform the audit in those areas and provide the results to the Customer.
If any gap is identified, the Processor undertakes to implement without delay and at its own expense the measures necessary to comply with this Addendum. Gaps may concern only Applicable Data Protection Laws regarding Customer Personal Data and may not relate to procedures or measures implemented by the Customer for its own specific purposes. Gaps must be duly demonstrated, justified and documented.
If the Processor disputes the identified gaps, the Processor may, at its discretion and subject to the Customer’s prior written consent: (i) meet to find an amicable solution/compromise, (ii) refer the matter to the Supervisory Authority for an opinion, or (iii) appoint an independent expert to arbitrate the dispute.
The Processor undertakes to cooperate with the CNIL (or other competent Supervisory Authority) in case of an audit concerning processing under the Service and to notify the Customer as soon as possible of any requests relating to its Customer Personal Data made by a Supervisory Authority or an administrative, judicial or law enforcement authority.
Each Party designates a contact person for this Addendum who will receive notifications and communications.
The Processor informs the Customer that it has appointed Dipeeo SAS as Data Protection Officer (DPO), reachable at:
• Email: dpo@humanlinker.com
• Postal address: Dipeeo SAS, 95 avenue du Président Wilson, 93100 Montreuil, France
• Phone: +33 1 59 06 81 85
The Processor may modify this Addendum in the event of changes in Applicable Data Protection Laws or changes to the Service that would modify any provision hereof.
Certified compliant by Dipeeo ®
