🔒 Privacy Policy
Last updated: November 2024
AmStramGram is committed to protecting your privacy and personal data. This policy explains how we collect, use, and safeguard your information.
1. Data Controller
2. Collected Personal Data
a) Authentication Data
When you create an account, we collect:
- Email address (required for login)
- Password (encrypted and not accessible in plain text)
- Account creation date
- Unique User ID (generated automatically by Firebase)
b) Usage Data
When you use the application, we store:
- Your custom lists (names and content)
- Creation and modification dates of your lists
c) Cookies and Technical Data
- Authentication Cookies (Firebase Auth - necessary for operation)
- Session Data (to maintain your login)
- IP Address (collected automatically by Firebase for security)
3. Purpose of Processing
Your data is used solely to:
- ✅ Create and manage your account
- ✅ Save your custom lists
- ✅ Ensure the security of the application
- ✅ Allow you to log back in
- ✅ Respond to your support requests
4. Legal Basis for Processing
- 📝 Contract Execution: Your registration creates a service usage contract
- 🔒 Legitimate Interest: Security and proper functioning of the application
- ✅ Consent: For non-essential cookies (if applicable)
5. Data Retention Period
- Active Account: As long as your account exists
- Deleted Account: Data erased within 30 days
- Inactive Account: Retained for 3 years after last login, then automatically deleted
- Security Logs: Maximum 12 months
6. Data Sharing and Transfer
⚠️ Important
Your data is hosted on Firebase (Google Cloud), which implies a transfer to the United States.
Recipients:
- 🔵 Google/Firebase: Hosting and technical infrastructure
- ❌ No resale of your data to third parties
- ❌ No advertising based on your data
Google/Firebase complies with GDPR and offers appropriate guarantees (Standard Contractual Clauses of the European Commission).
7. Your GDPR Rights
In accordance with GDPR, you have the following rights:
✅ Right of Access
Obtain a copy of all your data
✏️ Right to Rectification
Correct your inaccurate data
🗑️ Right to Erasure ("Right to be Forgotten")
Delete your account and all your data
🚫 Right to Restriction
Temporarily restrict processing
📦 Right to Portability
Retrieve your data in a structured format
⛔ Right to Object
Object to the processing of your data
📧 How to exercise your rights?
Send an email to contact@amstramgram.app with:
- Your account email address
- The right you wish to exercise
⏱️ Response time: 1 month maximum
8. Data Security
We implement appropriate security measures:
- 🔐 HTTPS Encryption for all communications
- 🔒 Hashed Passwords (never stored in plain text)
- 🛡️ Strict Firebase Security Rules
- 🔍 Secure Authentication via Firebase Auth
- 📊 Access Monitoring and anomaly detection
9. Cookie Policy
Strictly Necessary Cookies
These cookies are essential for the website to function:
- Firebase Authentication Cookies
- Session Tokens
✅ No consent required (necessary for the service)
10. Complaint to the Supervisory Authority
If you believe your rights are not being respected, you may file a complaint with the CNIL (French Data Protection Authority) or your local authority:
📧 CNIL - Commission Nationale de l'Informatique et des Libertés
3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07, France
11. Policy Changes
This policy may be updated to reflect changes in our practices or legislation.
Last modified date: November 2024
Significant changes will be notified to you via email.
12. Contact
For any questions regarding this policy or your data:
📧 Email: contact@amstramgram.app