Privacy policy
Last updated: 2026-06-07
1. Data controller
The data controller is {{COMPANY_NAME}}, contactable at {{CONTACT_EMAIL}}. See the legal notice for full contact details.
2. Data collected and purposes
Diagnostic
- Questionnaire answers: calculation of the EORI, VAT, IOSS or GPSR diagnostic. Legal basis: legitimate interests.
- Email address: sending and saving the result when requested by the user. Legal basis: consent.
Account, applications and catalogue
- Business data: company name, tax and customs identifiers, address, contact details and supporting documents required for the service.
- Product data: descriptions, manufacturers, materials, documents, images and data synced from a connected store.
- Legal basis: performance of the contract or pre-contractual steps requested by the user.
Payment
We retain transaction identifiers, the plan or service purchased, the amount and payment status. Card data is processed exclusively by Stripe and never passes through our servers. Legal basis: performance of the contract and accounting obligations.
Usage measurement
We record technical and functional events (for example, a completed diagnostic, created application or generated PDF) to operate, secure and improve the service. Legal basis: legitimate interests.
3. Retention periods
- Accounts, diagnostics and applications: 3 years after the last activity, unless a legal obligation or valid deletion request applies.
- Invoices and accounting data: 10 years.
- Documents retained under the GPSR: for the applicable statutory period, which may be up to 10 years.
- Technical and security logs: up to 12 months, unless an incident requires longer retention.
4. Recipients and processors
- {{HOSTING_PROVIDER}} — hosting of the service and database.
- Stripe Payments Europe Ltd. — payment processing. Certain transfers may be covered by the EU-US Data Privacy Framework.
- {{SMTP_PROVIDER}} — sending transactional emails.
- OpenAI, only when artificial-intelligence features are enabled: processing data submitted to those features to produce the requested result.
We do not sell personal data.
5. Your rights
Subject to the conditions of the GDPR, you may request access, rectification, erasure, restriction, objection or portability of your data, and withdraw consent at any time. Contact {{CONTACT_EMAIL}}. You may also lodge a complaint with the CNIL.
6. Cookies
The service does not use advertising cookies. It may use cookies strictly necessary for sign-in, security and remembering preferences, including language.
7. Security
We apply appropriate technical and organisational measures, including encrypted communications, access controls and protection of integration secrets and credentials.
8. Updates
This policy may change to reflect legal, technical or functional developments. The update date appears at the top of the page.