PRIVACY POLICY

Last updated : 24/11/2025

1. Preamble and Data Controller

This policy aims to inform you about how your personal data is collected and processed when using our web application. The Data Controller is Maryem DBAICH.

Technical management, security and data processing are delegated to Velmios SAS (hereinafter the "Subcontractor"), acting in compliance with GDPR and CCPA.

2. Data Collected

As part of the use of the service, we collect the following categories of data:

  • Identity data : Name, first name, email address.
  • Technical and connection data : IP address, activity logs, browsing data.
  • Usage data : Platform usage statistics.

3. Purposes and Legal Basis

Your data is processed for the following reasons:

  • Ensure secure access to the service (Legal basis : Contract execution).
  • User management and technical support (Legal basis : Contract execution).
  • Usage statistics and traceability (Legal basis : Legitimate interest).
  • Security and fraud prevention (Legal basis : Legitimate interest).

4. Recipients and Subcontractors

Your data is strictly confidential. They may be transmitted to our technical service providers (subsequent subcontractors) for the sole needs of the service:

  • Velmios (France) : Global management, IT management and external DPO.
  • Cloudflare (World) : Hosting, security (WAF) and content delivery.
  • Atlassian (World) : Customer support management.
  • Google Analytics (World) : Audience analysis.
  • Mailchimp / Mandrill (World) : Transaction email routing.

5. Data Transfer (EU & Outside EU)

Since the Data Controller is located in the United States, data may be transferred outside the European Union. These transfers are governed by adequate protection mechanisms (Standard Contractual Clauses or DPF framework - Data Privacy Framework).

6. Retention Period

Your data is kept for the duration of the contractual relationship, increased by a period of 360 days for backup and reversibility purposes, unless a longer legal retention obligation.

7. Your Rights (GDPR - Europe)

In accordance with the GDPR, you have the following rights over your data:

  • Right of access, rectification and erasure ("right to be forgotten").
  • Right to limitation of processing and right to object.
  • Right to data portability.
  • Right to withdraw consent at any time.

8. Your Rights (CCPA/CPRA - California)

If you are a California resident, the law (CCPA/CPRA) gives you specific rights:

  • Right to know : You can request what personal data is collected, used or shared.
  • Right to deletion : You can request the deletion of your personal data.
  • Right to object ("Do Not Sell or Share My Personal Information"): We certify that we do not sell your personal data.
  • Non-discrimination : Exercising your rights will not affect the service provided.

9. Contact and Data Protection Officer (DPO)

To exercise your rights (GDPR or CCPA) or for any question relating to your data, you can contact our data protection contact point:

By email : privacy@velmios.io

In case of unsatisfactory response, you have the right to file a complaint with the competent supervisory authority (e.g. CNIL in France).

Cookie Preferences

We use cookies to analyze site usage and improve your experience. You can choose to accept or decline analytics cookies.