← Back to ApreshAI

Privacy Policy

Last updated: December 2024

SASU BLOWBACK CIE ("we", "us", "ApreshAI") respects your privacy. This policy explains how we collect, use, and protect your personal data in compliance with the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

🏒 Data Controller

SASU BLOWBACK CIE

10 rue de Penthièvre, 75008 Paris, France

Contact: contact form

πŸ“‹ Data We Collect

Information you provide:

  • Email address (account creation)
  • Business profile information (website URL, business model, goals)
  • Chat conversations with the AI
  • Payment information (processed by Stripe, we don't store card details)

Information collected automatically:

  • IP address and browser type
  • Usage data (features used, session duration)
  • Device information

🎯 How We Use Your Data

  • Service delivery: Provide personalized SEO recommendations
  • Account management: Authentication, subscription management
  • Communication: Service updates, support responses
  • Improvement: Analyze usage to improve our AI and features
  • Legal compliance: Fraud prevention, legal obligations

βš–οΈ Legal Basis (GDPR)

  • Contract: Processing necessary to provide the service you subscribed to
  • Legitimate interest: Service improvement, fraud prevention
  • Legal obligation: Tax and accounting requirements
  • Consent: Marketing communications (if opted-in)

πŸ”— Third-Party Services

We share data with trusted service providers:

  • Stripe (USA) - Payment processing
  • Supabase (USA) - Database and authentication
  • Vercel (USA) - Hosting
  • Mistral AI (France) - AI processing

These providers are contractually bound to protect your data. Data transfers to the USA are covered by Standard Contractual Clauses (SCCs).

πŸ—“οΈ Data Retention

  • Account data: Duration of your account + 3 years
  • Conversation history: Until you delete it or close your account
  • Payment records: 10 years (French legal requirement)
  • Usage logs: 12 months

βœ‹ Your Rights

GDPR Rights (EU residents):

  • Access: Request a copy of your data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a portable format
  • Restriction: Limit how we use your data
  • Objection: Object to certain processing

CCPA Rights (California residents):

  • Know what personal information is collected
  • Request deletion of personal information
  • Opt-out of the sale of personal information (we do not sell data)
  • Non-discrimination for exercising your rights

To exercise your rights, contact us. We will respond within 30 days.

πŸͺ Cookies

We use essential cookies for:

  • Authentication (keeping you logged in)
  • Security (preventing fraud)
  • Preferences (storing your settings)

We do not use advertising or tracking cookies.

πŸ”’ Security

We implement industry-standard security measures including encryption in transit (HTTPS), secure authentication, and regular security audits. Payment data is handled entirely by Stripe (PCI-DSS certified).

πŸ‘Ά Children's Privacy

ApreshAI is not intended for users under 16 years of age. We do not knowingly collect data from children.

πŸ“ Policy Changes

We may update this policy periodically. Material changes will be notified via email. The "last updated" date will reflect the latest revision.

πŸ“§ Contact & Complaints

For privacy-related questions or to exercise your rights:

Email: contact form

EU residents may also lodge a complaint with your local data protection authority. In France: CNIL.