Privacy Policy

Français English

Privacy Policy

Last updated: May 24, 2026

1. Data Controller

2. Data Protection Officer (DPO)

3. Data Collected

In the context of using the Service, we collect the following data:

  • Identification data: email address, last name, first name (if provided);
  • Authentication data: password (securely stored using bcrypt, never in plaintext);
  • Connection data: IP address, user-agent, login date and time;
  • Security data: audit logs, login attempts, trusted devices;
  • OAuth data (if enabled): your account identifier with the third-party provider (Google, etc.), email, name.

4. Processing Purposes

Your data is processed for the following purposes:

  • Creation and management of your account (legal basis: contract performance);
  • Authentication and access security (legal basis: legitimate interest, security);
  • Fraud detection and prevention (legal basis: legitimate interest);
  • Compliance with legal obligations (legal basis: legal obligation).

5. Retention Period

Your data is retained:

  • Active account: throughout the use of the Service;
  • Inactive account: automatically deleted after 5 years of inactivity;
  • Audit logs: 2 years, then purged (anonymized in case of account deletion before this deadline for legal evidence);
  • Expired sessions: 30 days;
  • Consents: retained indefinitely for legal evidence.

6. Data Recipients

Your data is not sold. It may be transmitted to the following processors, under a GDPR-compliant data processing agreement:

  • Brevo (Sendinblue SAS, France): sending transactional emails (password reset, email verification, magic link);
  • Google LLC (United States): if you use Google OAuth login (transfer governed by Standard Contractual Clauses);
  • Our hosting provider: storage of data on servers located in the European Union.

7. Your Rights

In accordance with GDPR, you have the following rights:

  • Right of access (Art. 15): obtain a copy of your data — "Export my data" button in your profile;
  • Right of rectification (Art. 16): correct your data — modifiable from your profile;
  • Right of erasure (Art. 17): delete your account — "Delete my account" button in your profile;
  • Right to data portability (Art. 20): retrieve your data in a structured format (JSON);
  • Right to object (Art. 21): contact us at ;
  • Right to lodge a complaint with the CNPD (Luxembourg Data Protection Authority): cnpd.public.lu.

8. Security

We implement appropriate technical and organizational measures to protect your data:

  • TLS 1.2+ encryption for all communications;
  • bcrypt hashing of passwords (never stored in plaintext);
  • Two-factor authentication (TOTP) available;
  • Complete audit logs;
  • Rate-limiting on login attempts.

9. Cookies

The Service uses only essential cookies (session, security). No advertising tracking cookies are placed.

10. Modifications

We reserve the right to modify this policy. Any substantial modification will be notified to you and new consent will be requested.

11. Contact

To exercise your rights or for any question:

Version : 1.0.0

← Back to login