Privacy Policy

Last updated: February 2026

Allsead ("we", "us", "the Platform") is operated by AUTELLI JEAN-MICHEL (Entrepreneur individuel), trading as Autelli Productions — SIREN 102 544 616, 19 rue Arthur Croquette, 94220 Charenton-le-Pont, France. This Privacy Policy explains how we collect, use, and protect your personal data when you use allsead.com.

By using Allsead, you agree to the practices described here. If you do not agree, please do not use the Platform.

1. Who can access Allsead?

Allsead is an invite-only, identity-verified platform. Access requires a valid @insead.edu email address or explicit pre-approval. Your affiliation with INSEAD is a prerequisite for membership, and we may verify or revoke access at any time.

2. What data we collect

Data you provide

Email address (required for registration)
Password (stored as a one-way cryptographic hash — we cannot read it)
Name, campus, promotion, programme (provided during onboarding)
Biography (optional)
Profile photo (optional, stored in our private file storage)
Listings you create (Market, Housing)
Posts, comments, and messages you send

Data we collect automatically

IP address (used for rate limiting and security only)
Session information (stored securely server-side)
Last seen timestamp (for active session management)
Salamander AI query count (for daily usage limits)

3. How we use your data

To operate the Platform and enable its core features
To verify your INSEAD affiliation
To send transactional emails (verification, password reset)
To enforce platform rules and prevent abuse
To personalise your experience (campus-specific content)

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as strictly required to operate the Platform (email delivery via Resend, hosting via Cloudflare).

4. Data storage and security

Your data is stored on Cloudflare's infrastructure (D1 database, R2 file storage) in the European Union. Passwords are hashed using PBKDF2-SHA256 with 150,000 iterations. Sessions are stored server-side and expire after 30 days. We use HTTPS, secure cookies (HttpOnly, Secure, SameSite), and bot protection (Cloudflare Turnstile) on all sensitive forms.

5. Cookies

We use a single essential cookie (allsead_session) to keep you signed in. This cookie is strictly necessary for the Platform to function and does not track you across other websites. We do not use advertising or analytics cookies.

6. Your rights (GDPR)

Access: Request a copy of all data we hold about you
Rectification: Correct inaccurate data in your profile settings
Erasure: Request deletion of your account and all associated data
Portability: Request your data in a machine-readable format
Objection: Object to certain processing activities

To exercise any of these rights, contact us at support@allsead.com. We will respond within 30 days.

7. Data retention

We retain your data for as long as your account is active. If you request deletion, we will remove your personal data within 30 days, except where retention is required by law. Some anonymised aggregate data may be retained for platform improvement.

8. AI / Salamander

Salamander, our campus AI, processes your queries using a language model hosted by Cloudflare (Meta LLaMA). Your queries are processed in real-time and are not used to train AI models. We log query counts for rate limiting only — query content is not stored.

9. Changes to this policy

We may update this policy from time to time. Significant changes will be communicated via the Platform. Continued use of the Platform after changes constitutes acceptance of the updated policy.

10. Contact

For any privacy-related questions, contact: support@allsead.com

Allsead is the intellectual property of Jean-Michel Autelli. Unauthorised reproduction or distribution of any part of the Platform is strictly prohibited.