Skip to main content
Back to home
GDPR Compliant

Privacy Policy

In accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act.

Section 1

Data controller

CompanyRGPDScan
Section 2

Data collected

We only collect data necessary for our service to function:

Identification data

Name, surname, email address, company name

Connection data

IP address, connection logs, browser type

Usage data

Analyzed sites, scan results, generated documents

Payment data

Processed by Stripe (we do not store your bank details)

Section 3

Purposes and legal bases

Your data is processed for the following purposes:

PurposeLegal basis
Creating and managing your accountContract performance (Art. 6.1.b)
Providing GDPR analysis serviceContract performance (Art. 6.1.b)
Payment and billing managementLegal obligation (Art. 6.1.c)
Improving our servicesLegitimate interest (Art. 6.1.f)
Commercial communicationConsent (Art. 6.1.a)
Section 4

Retention periods

Your data is retained for the following periods:

Account dataSubscription duration + 3 years
Scan results1 year (free) / subscription duration
Generated documentsSubscription duration + 1 year
Billing data10 years (legal obligation)
Connection logs1 year
Section 5

Data recipients

Authorized staff

Technical and support team only

Subcontractors
CloudflareStripe
Authorities

Upon legal request only

Section 6

Transfers outside the European Union

Some of our subcontractors (Cloudflare, Stripe) may process data in the United States. These transfers are governed by:

EU-US Data Privacy Framework
Standard Contractual Clauses (SCC)
Section 7

Your rights

In accordance with the GDPR, you have the following rights over your personal data:

Right of access

Obtain a copy of your data (Art. 15)

Right to rectification

Correct inaccurate data (Art. 16)

Right to erasure

Request deletion (Art. 17)

Right to restriction

Limit processing (Art. 18)

Right to portability

Retrieve your data (Art. 20)

Right to object

Object to processing (Art. 21)

To exercise your rights: [email protected]

You can also export or delete your data from the Settings page of your account.

Section 8

Data security

We implement the following security measures:

HTTPS/TLS encryption
Hashed passwords (PBKDF2)
Secure JWT authentication
Restricted data access
Cloudflare hosting
Section 9

Complaint

If you believe that the processing of your personal data constitutes a violation of the GDPR, you have the right to lodge a complaint with the CNIL.

Commission Nationale de l'Informatique et des Libertés

3 Place de Fontenoy, TSA 80715 - 75334 Paris Cedex 07

www.cnil.fr

Last updatedMarch 6, 2026
$