This Privacy Policy explains how RCDevs S.A. collects, uses, stores and protects Personal Data where it acts as controller or independent controller, including in connection with the ManageLM website, account administration, licence administration, billing, communications, analytics and related services.
Where ManageLM processes Personal Data on behalf of a customer as processor, such processing is governed by the applicable Data Processing Agreement or other written data processing agreement between ManageLM and the customer.
Capitalized terms used but not defined in this Privacy Policy have the meanings given to them in the applicable ManageLM terms, software licence terms, SaaS terms, on-premise terms, Data Processing Agreement or other written agreement between ManageLM and the Customer, as applicable.
The controller responsible for the processing described in this Privacy Policy is:
RCDevs S.A.
1 Boulevard du Jazz 4370 Esch-sur-Alzette Luxembourg
Website: https://www.managelm.com Email: [email protected]
For any question about this Privacy Policy or the processing of your Personal Data, you may contact us at: [email protected].
RCDevs S.A. has not appointed a Data Protection Officer unless expressly stated otherwise.
This Privacy Policy applies to Personal Data processed by RCDevs S.A. as controller in connection with:
This Privacy Policy does not replace the Data Processing Addendum. Where ManageLM processes Personal Data on behalf of a customer as processor, the Data Processing Addendum applies.
Depending on your relationship with ManageLM, we may collect and process the following categories of Personal Data.
3.1 Website and email contact data
The ManageLM website may include email links that open your own email client. These links do not collect Personal Data through a website contact form. If you choose to send us an email, we may collect and process the Personal Data included in your email, such as:
3.2 SaaS account data
When a SaaS account is created, we may collect:
first name and last name of the account; system username, if any role description of the user, if any
3.3 Billing, subscription and payment data
For billing, subscription, invoicing, tax, accounting, payment administration and renewal purposes, ManageLM may collect, receive or process:
Payments are processed by Stripe. Payment card details, payment card security codes, bank account credentials and other sensitive payment credentials are collected and processed by Stripe through Stripe-hosted payment flows and are not collected or stored by ManageLM.
ManageLM may receive limited payment, subscription, invoice, tax, fraud-prevention or transaction metadata from Stripe where necessary to manage subscriptions, invoices, payment status, renewals, failed payments, tax compliance, accounting, access rights or licence entitlements.
Stripe may process payment, billing, tax, fraud-prevention and transaction information in accordance with Stripe’s own terms, privacy policy and data processing terms.
3.4 Customer Data and operational content
When using the ManageLM Offering, Customers and users may process, submit, generate, route or store Customer Data and operational content, which may include Personal Data. This may include prompts, commands, task content, task outputs, logs, diagnostic information, configuration information, credentials, secrets, keys, audit materials or similar operational content.
Depending on the ManageLM Offering used and the Customer’s configuration, such Customer Data and operational content may be processed or stored in the ManageLM platform, transmitted to LLMs, Customer-Selected Services or Trial LLMs, or remain within the Customer Environment.
Where ManageLM processes such Customer Data or operational content on behalf of a Customer, ManageLM acts as processor and such processing is governed by the applicable Data Processing Agreement.
ManageLM does not routinely access Customer Data or operational content processed through the ManageLM Offering, except where necessary to provide, protect, troubleshoot or support the ManageLM Offering, where requested or authorized by the Customer, where required by law, or where such content is submitted or made available to ManageLM by the Customer, including through support, SLA, diagnostic, security or incident-related communications.
Customers and users should not submit or make available to ManageLM credentials, secrets, passwords, private keys, regulated data, confidential information or unnecessary Personal Data unless strictly necessary for the relevant support, SLA, diagnostic, security, incident or contractual purpose.
For on-premise deployments, Agents installed and operated locally within the Customer Environment do not cause ManageLM to collect or process Personal Data by default. ManageLM processes Personal Data in connection with Agents only to the extent that Personal Data is transmitted to or through a ManageLM-hosted or online component, made available to ManageLM, or otherwise processed by ManageLM under the applicable agreement.
3.5 Marketing data
Where we send marketing communications, we may process:
Marketing communications may be sent through SendGrid or another email service provider.
3.6 Transactional and service email data
Transactional, account, licence and subscription emails may be sent through Postmark or another transactional email provider.
Payment-related emails may be sent through Stripe.
Such emails may involve processing of email address, name, account identifiers, subscription metadata, billing metadata and message delivery metadata.
We process Personal Data for the following purposes and legal bases.
4.1 Providing the website and responding to requests
Purpose: operate the website and respond to emails, demo requests, questions and business communications sent to ManageLM.
Legal basis: legitimate interests in operating our business and responding to communications, and pre-contractual steps where the communication relates to a potential contract.
4.2 Creating and administering SaaS accounts
Purpose: create SaaS accounts, authenticate users, administer account access, manage user roles where applicable, and protect SaaS account security.
Legal basis: performance of a contract or steps prior to entering into a contract, and legitimate interests in protecting accounts and preventing unauthorized access.
4.3 Providing and operating the ManageLM Offering
Purpose: provide, operate, administer, support and troubleshoot the ManageLM Offering, including licence administration, entitlement management and related customer support.
Legal basis: performance of a contract, legitimate interests in operating, supporting and protecting the ManageLM Offering, and, where ManageLM acts as processor on behalf of a Customer, the applicable Data Processing Agreement.
4.4 Billing, payment and accounting
Purpose: process subscriptions, licences, invoices, payments, renewals, cancellations, tax information and accounting records.
Legal basis: performance of a contract, compliance with legal obligations, and legitimate interests in managing billing, payments, licensing and accounting.
4.5 Security, abuse prevention and fraud prevention
Purpose: protect accounts, billing flows, licences, systems, users, customers, infrastructure and the ManageLM Offering against unauthorized access, misuse, fraud, abuse, attacks and security incidents.
Legal basis: legitimate interests in ensuring security and preventing abuse or fraud, and compliance with legal obligations where applicable.
4.6 Service communications
Purpose: send service messages, account messages, security notices, licence notices, subscription messages, renewal notices, billing notices and important operational communications.
Legal basis: performance of a contract, legitimate interests, and legal obligations where applicable.
4.7 Marketing communications
Purpose: send product news, commercial communications, newsletters, updates or invitations where permitted.
Legal basis: consent where required, or legitimate interests where permitted by applicable law. You may opt out of marketing communications at any time.
4.8 Analytics and website improvement
Purpose: measure website usage, understand traffic sources, improve website performance, understand visitor behavior and improve communications.
Legal basis: consent where required for analytics cookies and similar technologies.
4.9 Legal, compliance and corporate administration
Purpose: comply with legal, tax, accounting, regulatory, contractual and compliance obligations; enforce terms; manage disputes; preserve legal claims; respond to lawful requests.
Legal basis: compliance with legal obligations and legitimate interests in legal protection and corporate administration.
We may use cookies or similar technologies on the ManageLM website where used by Google Analytics, as described in Section 13.
Customers may configure or use third-party or customer-selected services with ManageLM, including AI providers, local LLMs, self-hosted LLMs, cloud-hosted LLMs, model endpoints, inference servers, MCP clients, APIs or integrations selected, configured or operated by the Customer.
Such services are not controlled by ManageLM, and Personal Data processed by them is governed by the Customer’s configuration and by the applicable terms, privacy policies and data processing agreements of those services.
Customer-selected services are not subprocessors of ManageLM unless ManageLM has expressly engaged them to process Personal Data on behalf of the Customer.
ManageLM may make available a Trial LLM for trial, evaluation, demonstration, testing, onboarding or non-production purposes.
Customers must not submit confidential information, production data, credentials, secrets, passwords, private keys, special categories of Personal Data, criminal conviction data, regulated data, sensitive business information or unnecessary Personal Data to a Trial LLM.
Where Personal Data is processed through a Trial LLM on behalf of a Customer, such processing is governed by the applicable Data Processing Agreement, subprocessor list and any applicable subprocessor terms.
We may share Personal Data with service providers and recipients where necessary for the purposes described in this Privacy Policy.
Such recipients may include:
We do not sell Personal Data.
We aim to process and host ManageLM data primarily in the European Economic Area where practicable. The ManageLM SaaS Offering is hosted with OVHcloud in the European Union, currently France.
Some service providers, including payment, email, analytics or Trial LLM providers, may process Personal Data outside the European Economic Area.
Where Personal Data is transferred outside the European Economic Area to a country that has not been recognized as providing an adequate level of protection, we rely on appropriate safeguards where required, such as standard contractual clauses, data processing agreements, supplementary measures or other lawful transfer mechanisms.
Additional information about international transfers relating to Personal Data processed by ManageLM as processor is provided in the applicable Data Processing Addendum or subprocessor list.
We retain Personal Data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
In particular:
The ManageLM Offering only stores data that are accessible to the account owners. There is no hidden data retention that the user cannot access with his own account.
We may retain limited information where necessary to comply with legal obligations, resolve disputes, enforce agreements, prevent abuse, maintain security or preserve evidence.
We implement technical and organizational measures designed to protect Personal Data against unauthorized access, loss, misuse, disclosure, alteration or destruction.
Such measures may include, as applicable:
incident response procedures.
Credentials, secrets and authentication materials stored in fields specifically designed for secret or credential storage are protected using encryption or equivalent technical safeguards.
Not all data processed by the ManageLM Offering is encrypted at application level. In particular, logs, prompts, commands, outputs, task metadata, API request metadata, MCP request metadata, diagnostic information and other operational records may be stored or processed in readable form where necessary to provide, secure, administer, audit, troubleshoot or operate the ManageLM Offering.
The Customer is responsible for ensuring that credentials, secrets, passwords, private keys, regulated data, confidential information or unnecessary Personal Data are not placed in logs, prompts, commands, outputs, metadata, diagnostic information or other non-secret fields.
However, no system, service or transmission method is completely secure. We cannot guarantee absolute security.
Subject to the conditions and limits under applicable law, you may have the following rights in relation to your Personal Data:
To exercise your rights, contact us at: [email protected].
We may need to verify your identity before responding to a request.
If your request concerns Personal Data processed by ManageLM on behalf of a customer, we may redirect the request to the relevant customer or handle it in accordance with the applicable Data Processing Addendum.
We use Google Analytics to measure and understand website usage.
Google Analytics may use cookies or similar technologies to collect information about your device, browser, interactions with the website and use of the website.
You can manage cookies through your browser settings.
Google may process information collected through Google Analytics in accordance with Google’s own privacy policy and terms.
The ManageLM website and ManageLM Offering are intended for professional and business use and are not intended for children.
We do not use Personal Data processed under this Privacy Policy to make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you.
The ManageLM Offering may include AI-assisted or LLM-assisted functionality in a business infrastructure context. Such functionality is governed by the applicable ManageLM terms and, where Personal Data is processed on behalf of a Customer, the applicable Data Processing Agreement.
The website or ManageLM Offering may contain links to third-party websites, services, integrations or providers.
We are not responsible for the privacy practices, content or security of third-party websites or services. You should review the privacy notices and terms of those third parties.
We may update this Privacy Policy from time to time.
When we make material changes, we will use reasonable efforts to notify users by publication on the website, account notice, email or other appropriate means.
The updated Privacy Policy will apply from the effective date stated at the top of the document.
If you are located in Luxembourg, you may contact the Luxembourg supervisory authority:
Commission nationale pour la protection des données 15, Boulevard du Jazz L-4370 Belvaux Luxembourg Website: https://cnpd.public.lu
You may also have the right to lodge a complaint with another competent data protection authority in your country of residence, place of work or place of the alleged infringement.
For questions about this Privacy Policy or the processing of your Personal Data, contact:
RCDevs S.A.
1 Boulevard du Jazz
4370 Esch-sur-Alzette
Luxembourg
Email: [email protected]
Website: https://www.managelm.com