Data Governance

Effective Date: 28/05/2026

Globetrotters.ai is built and operated in Europe, under European law. This page summarizes where we are, where your data lives, and the rules we operate under. For the full legal text, see our Privacy Policy and Terms of Use.

1. A European company

Globetrotters.ai is based in Nantes, France and is operated by founders and contributors based in the European Union. The Service is governed by the laws of France, and any disputes fall under the exclusive jurisdiction of the courts of Nantes.

As a European operation, we are subject to:

• The General Data Protection Regulation (GDPR).
• French data protection law, under the supervision of the CNIL (Commission nationale de l’informatique et des libertés).
• EU consumer and digital services law, including the Digital Services Act (DSA) and Digital Markets Act (DMA) where applicable.

2. Data hosted in Europe

Customer Data and application data are hosted on infrastructure located in the European Union. We select cloud and infrastructure providers with EU regions and EU-based data centers as the default, and we configure our services to keep data within the EU wherever feasible.

When a feature requires interaction with a provider that processes data outside the EU (for example, certain large language model APIs), we rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards required by GDPR. The current list of sub-processors and the categories of data they receive is described in our Privacy Policy.

3. AI and model providers

The Service uses large language models and other AI components, some of which are operated by third parties. We choose providers that contractually commit to:

• Not training their general-purpose models on our customers’ content.
• Not retaining prompts and responses beyond the period required to deliver the Service and meet legal obligations.
• Operating in regions and under terms compatible with GDPR.

4. Your rights

Under GDPR, you have rights of access, rectification, erasure, restriction, portability, and objection over your personal data. You can exercise these rights — and lodge complaints with the CNIL or your local supervisory authority — at any time. Details are in our Privacy Policy.

5. Security

We implement technical and organizational measures designed to protect personal data, including encryption in transit, access controls, audit logging, and least-privilege access for our team. Security incident response and breach notification follow GDPR Article 33–34 timelines.

6. Contact

For questions about data governance, sub-processors, or compliance, contact us at privacy@globetrotters.ai.