Privacy Policy
Last Updated January 24, 2025
Privacy Commitment
Presetmator, operated by Valentin Le Dandec (sole proprietor registered under SIRET 84160994400019), is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This policy details our practices regarding the collection, use, and protection of the information you share with us.
Data Collected
We collect only the data necessary for our commercial service operations. This includes contact information (email address) for processing orders and delivering digital products, transaction data processed by Stripe (masked card number, expiration date), and technical metadata (IP address, browser type) for security and legal compliance. No sensitive data as defined by Article 9 of the GDPR is collected.
Purpose of Data Processing
Data is used strictly for contractual execution and legal obligations. Specifically, this includes delivering purchased presets, handling customer inquiries, fraud prevention in accordance with financial regulations, and archiving transaction records as required by commercial law. Email addresses are used for marketing only with explicit double opt-in consent.
Subprocessors and Transfers
We collaborate with carefully selected service providers that comply with GDPR. Stripe acts as a data controller for payment processing (PCI DSS Level 1 certification). Our website is hosted by Vercel, which applies the EU Standard Contractual Clauses for data transfers. Full details of our subprocessors are available upon request at valentin.ledandec@gmail.com.
Data Retention
In compliance with legal requirements, customer data is retained for 10 years from the last commercial interaction for accounting obligations. Access logs are anonymized after 6 months. Raw payment data is never stored on our systems and is processed exclusively by Stripe via secure APIs.
User Rights
Under GDPR (Articles 15-22), you have the right to access, rectify, port, and erase your data. Requests should be sent in writing to our Data Protection Officer (DPO) at the address listed below, accompanied by proof of identity. We commit to responding within 30 working days. In case of disputes, you may file a complaint with the CNIL (www.cnil.fr).
Security Measures
We implement industry-standard technical and organizational protections: AES-256 encryption for stored data, two-factor authentication for administrative access, biannual security audits by an accredited firm, and geographically replicated encrypted backups within the European Economic Area. No SSH or FTP access is allowed without a prior VPN tunnel.
Cookies and Tracking
Our site only uses strictly necessary cookies exempt from consent under CNIL guidelines. The PHP session cookie (PHPSESSID) maintains shopping cart functionality and is deleted upon browser closure. A language preference cookie (lang) persists for 30 days to remember your language choice. We do not use analytics tools (Google Analytics, Matomo) or tracking pixels.
International Data Transfers
While we prioritize European hosting providers, some subprocessors, such as Vercel Inc., operate in the United States. These transfers are conducted under the EU Standard Contractual Clauses (SCCs) 2021/914, with end-to-end encryption and data minimization. Transfer Impact Assessments (TIAs) are available upon motivated request.
Policy Updates
Any substantial changes to this policy will be notified via email 30 days before taking effect, in compliance with GDPR Article 12. The current version is always accessible through a permanent footer link, with a change history available since January 2023.