Privacy Policy (GDPR)
Last updated: 26/11/2025
Data Controller: [Company Name], [form], registered office: [address], RCS [city] [n°], VAT: [●]
Privacy/DPO Contact: [dpo@email] — Site/App: [domain name]
1) Scope
This policy applies to data processing carried out via the [Service Name] Platform (visitors, buyers, creators, affiliates, prospects).
2) Controller & Processors
Controller: [Company Name]. Main processors (to be adapted): hosting [AWS/OVH], payments Stripe (KYC/AML), emailing [SendGrid/Mailjet], analytics [Plausible/Matomo/GA4], CDN/WAF [Cloudflare], support [Intercom/Zendesk]. Updated list upon request: [dpo@email].
3) Data processed, legal bases, retention periods
| Purpose | Data | Legal Basis | Duration |
|---|---|---|---|
| Account creation | email, password hash, name, country, language, avatar | Contract (art. 6-1-b) | Active account + 3 years |
| Guide sales | account ID, purchased guides, price, currency, invoice | Contract | 10 years (accounting) |
| Payments (Stripe) | payment token, amounts, statuses, logs | Contract + Legal obligation (KYC/AML) | According to Stripe (5-10 years) |
| Creator onboarding (Connect) | identity, KYC documents, IBAN | Legal obligation | According to Stripe |
| Affiliation | referrer_id, cookie/ref code | Legitimate interest / Contract | 3 years / cookie 30 d |
| Customer support | message content, metadata | Legitimate interest | 3 years after closure |
| Newsletter | email, preferences | Consent (B2C) / LI (B2B) | Until withdrawal + 3 years |
| Analytics | pages, events, IP (anonymized), device | Consent / CNIL exemption | Cookies 13 months / Reports 25 months |
| Security / anti-fraud | logs, IP, user-agent, risk score | Legitimate interest | 24 months |
4) Cookies & trackers
Management via our CMP (cookie banner) allowing consent or refusal by purpose: audience measurement, advertising, personalization, affiliation. See Cookie Policy. Withdrawal of consent at any time via the "Cookie preferences" link at the bottom of the page.
5) Purposes & legal bases (summary)
- Contract: account, purchases, access to guides, invoices.
- Legal obligations: accounting, taxation, KYC/AML (Stripe Connect).
- Legitimate interest: security, anti-fraud, support, product improvement, affiliation (balanced with your rights).
- Consent: newsletter (B2C), non-essential cookies, certain marketing analyses.
6) Recipients
Access limited to internal teams (least privilege). Transfer to our processors listed above and, where applicable, to competent authorities.
7) Transfers outside EU/EEA
Governed by Standard Contractual Clauses (SCC) and additional measures (encryption, minimization). You can request a copy of the safeguards at [dpo@email].
8) Security
TLS, encryption at rest, RBAC, logs, backups, signed ActiveStorage URLs for PDFs, download limitations, watermark if enabled.
9) Your rights
Rights: access, rectification, erasure, objection, restriction, portability, post-mortem directives. Exercise your rights: [dpo@email]. Response time: 1 month (extendable 2 months).
10) Minors
Service not intended for those under [16/18] years old. Parents/guardians: contact us for deletion if necessary.
11) Retention
Periods: see table above (e.g. accounting documents 10 years, logs 12 months).
12) Automated decisions
No profiling producing significant legal effects. Possible anti-fraud detection with human review.
13) External links
We are not responsible for the privacy policies of linked third-party sites.
14) Modifications
We may modify this policy; the date at the top reflects the last update. Notification in case of major change.
Manage your cookie preferences