E.I.R.L. ROUGER Thomas - OpenVib® attaches great importance to the protection of your personal data and is committed to protecting it in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act.

This privacy policy informs you about how we collect, use, store and protect your personal data when you use our application.

Data Controller

The data controller is:
E.I.R.L. ROUGER Thomas
OpenVib®
SIRET: 813 498 672 00027
33770 Salles
France
Contact: [email protected]

Data Collected

Account data (you)

• Username
• Password (encrypted with bcrypt)
• Email address (for password reset)
• Connected services information
• Account preferences and settings

Connected services users' data (automatic CNIL-compliant collection)

When you use connected services via your account, we automatically record the following data in accordance with CNIL Article 82 (audience measurement):

• Anonymized user IP address (last octet masked: xxx.xxx.xxx.0)
• Country and city (city-level geolocation via IP-API.com)
• City center GPS coordinates (city scale only, no precise address)
• Browser used (user agent)
• Connection date and time
• Service used

This data is displayed in YOUR statistics to allow you to track your account activity. The collection is CNIL-compliant as it is limited to city scale with anonymized IP, without the need for prior consent for statistical audience measurements.

Purpose of Processing

Your personal data is collected and processed for the following purposes:

• Management of your user account
• Authentication and connection to DC&T ecosystem services
• Connected services usage statistics
• Connection geolocation for analytics
• Password reset
• Improvement of our services

Legal Basis for Processing

The processing of your personal data is based on the following legal bases:

• Your consent when creating your account
• Performance of the service you requested
• Our legitimate interest in improving our services and ensuring their security

Data Recipients

Your personal data is intended for the internal services of E.I.R.L. ROUGER Thomas - OpenVib®.

We do not sell or rent your personal data to third parties. Your data may be communicated to technical providers (Hetzner hosting, IP-API geolocation services) only within the scope of their services and subject to confidentiality commitments.

Data Retention Period

Your personal data is kept for the period necessary for the purposes for which it was collected:

• Account data: for the entire duration of service use
• Connection data: 3 years from collection
• Preferences and settings: for the entire duration of account use

Your Rights

In accordance with the GDPR, you have the following rights regarding your personal data:

• Right of access: obtain confirmation that your data is being processed and obtain a copy
• Right to rectification: have your inaccurate or incomplete data corrected
• Right to erasure: request the deletion of your data
• Right to restriction: request the restriction of processing of your data
• Right to object: object to the processing of your data
• Right to portability: receive your data in a structured format

You also have the right to lodge a complaint with the French Data Protection Authority (CNIL): www.cnil.fr

Exercise of the Right to Erasure (GDPR Article 17)

You can request the permanent deletion of your account and all your data at any time from your "My Account" space.

Deletion Process

• Deletion request: From "My Account", click on the permanent deletion button
• Data export: A ZIP file containing all your data is available for secure direct download (GDPR Article 20 - right to portability)
• Effective deletion date: Deletion takes effect at the end of your current billing cycle
• Email confirmation: You receive a deletion confirmation email (without attachment, in accordance with GDPR Article 32 on processing security)

Data Deleted

• User account (name, email, password)
• All your connected services data
• All analytics and connection statistics
• All your files and settings
• All your preferences and associated configurations

Cookies

Strictly necessary cookies (without consent)

• Session cookie (myaccount_session)
• Used for: Authentication and connection maintenance
• Duration: 7 days
• Technology: iron-session (secure encryption)

This cookie is essential for the operation of the site and does not require consent under the GDPR.

Analytics cookies for authenticated users (with consent)

This cookie only concerns authenticated users of the MyAccountCentral service (you, as an account holder).

• Local storage (analytics_consent)
• Used for: Remembering your choice regarding session and analytics cookies
• Duration: 6 months
• Possible values: "true" (accepted) or "false" (refused)

You can change your choice at any time by clearing your browser's local storage. A new consent banner will appear after 6 months or when the data is cleared.

Data Security

We implement all appropriate technical and organizational measures to ensure a level of security appropriate to the risk:

• Passwords encrypted with bcrypt
• Secure sessions with iron-session
• PostgreSQL database (Supabase) hosted in Paris (EU)
• Secure file storage (Supabase Storage) in Paris (EU)
• Automatic antivirus scanning of uploaded files (ClamAV)
• Connection deduplication to prevent abuse
• User data isolation
• Automatic IP anonymization (xxx.xxx.xxx.0)
• CNIL-compliant statistics collection (city scale only)

Data Hosting

Your personal data is hosted exclusively in the European Union.

• Database: Supabase PostgreSQL (Paris - EU, SOC2 Type II)
• File storage: Supabase Storage (Paris - EU, SOC2 Type II)
• Geolocation: IP-API.com (EU, ISO 27001, GDPR)

Approximate geolocation data (country, city) is obtained via the IP-API.com API - EU-based company - Certified GDPR compliance (ISO 27001).

Policy Changes

We reserve the right to modify this privacy policy at any time. The version in force is the one available on this page. We encourage you to regularly consult this page to be aware of any changes.