Privacy Policy

This Privacy Policy ("Policy") describes how Airvue SAS ("Airvue", "we", "us", or "our") collects, uses, discloses, and protects your personal information when you access or use the Airvue platform at airvue.io (the "Service").

By accessing or using the Service, you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, please do not use the Service.

We are committed to protecting your privacy in accordance with Regulation (EU) 2016/679 ("GDPR"), the French Data Protection Act (Loi Informatique et Libertés), and all other applicable data protection legislation.

Airvue SAS is the data controller responsible for your personal data processed through the Service.

For any questions or requests regarding this Policy or your personal data, contact us at: support@airvue.io

3.1 Information You Provide Directly - Account registration data: name, email address, and authentication credentials managed through our identity provider - Payment and billing information: subscription plan selection, billing address, and payment method details processed through our payment processor - Communications: any correspondence you send to us, including support requests and feedback - Preferences: language selection, notification settings, and dashboard configurations

3.2 Information Collected Automatically - Device and browser information: IP address, browser type and version, operating system, device identifiers, and screen resolution - Usage data: pages and features accessed, search queries, filters applied, session duration, click patterns, and navigation paths - Log data: server logs including access times, referring URLs, and error logs - Authentication events: login timestamps, session tokens, and authentication method used

3.3 Information From Third Parties - Identity verification data from our authentication provider (Clerk) - Payment confirmation and subscription status from our payment processor (Stripe) - We do not purchase personal data from data brokers or third-party sources

We process your personal data for the following purposes: - Service Delivery: to create and manage your account, provide access to platform features, process subscriptions, and deliver the analytics service you have subscribed to - Service Improvement: to analyze usage patterns, identify technical issues, optimize platform performance, and develop new features - Communication: to send transactional emails (account confirmation, password reset, subscription receipts), service announcements, and critical security notifications - Security and Fraud Prevention: to detect and prevent unauthorized access, abuse, or fraudulent activity on the platform - Legal Compliance: to comply with applicable laws, regulations, legal processes, or enforceable governmental requests - Billing and Accounting: to process payments, manage subscriptions, issue invoices, and maintain financial records as required by law

Under the GDPR, we process your personal data on the following legal bases:

Contract Performance (Article 6(1)(b) GDPR): Processing necessary to provide the Service, manage your account, and fulfill our contractual obligations to you, including processing your subscription and delivering platform access.

Legitimate Interest (Article 6(1)(f) GDPR): Processing necessary for our legitimate business interests, including service improvement, analytics, security monitoring, and fraud prevention. We balance these interests against your rights and freedoms.

Consent (Article 6(1)(a) GDPR): Where we rely on your consent for specific processing activities, such as optional marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.

Legal Obligation (Article 6(1)(c) GDPR): Processing necessary to comply with legal obligations, including tax reporting, accounting requirements, and responding to lawful requests from public authorities.

We do not sell, rent, or trade your personal data. We share your information only in the following circumstances:

6.1 Service Providers (Sub-Processors) We engage trusted third-party service providers who process data on our behalf under strict contractual obligations: - Clerk (authentication and identity management) - Stripe (payment processing and subscription management) - Neon (cloud database hosting within the EU) - Vercel (application hosting and content delivery) Each sub-processor is contractually bound to process your data only as instructed by us and to maintain appropriate security measures.

6.2 Legal Requirements We may disclose your information when required by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

6.3 Business Transfers In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the successor entity. We will notify you of any such change and any choices you may have regarding your data.

We retain your personal data only for as long as necessary to fulfill the purposes described in this Policy:

Active Account Data: retained for the duration of your active account and subscription.

Post-Termination: upon account deletion, we will erase or anonymize your personal data within thirty (30) days, except where longer retention is required by law.

Financial Records: billing and transaction records are retained for the period required by applicable tax and accounting laws (typically 10 years under French law).

Usage Analytics: aggregated and anonymized usage data may be retained indefinitely for statistical and service improvement purposes.

Security Logs: access and security logs are retained for up to twelve (12) months for security monitoring and incident investigation purposes.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Technical Safeguards: - Encryption of data in transit (TLS 1.2+) and at rest - Secure authentication with multi-factor options - Regular security assessments and vulnerability monitoring - Automated threat detection and prevention - Access controls and least-privilege principles

Organizational Safeguards: - Data processing agreements with all sub-processors - Regular review of security policies and procedures - Incident response procedures for data breach notification

While we strive to protect your personal data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

Airvue uses only essential cookies strictly necessary for the operation of the Service:

Authentication Cookies: to maintain your logged-in session and verify your identity across requests.

Session Cookies: to ensure proper functionality and security of the platform.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not participate in cross-site tracking or behavioral advertising.

Your personal data is primarily processed and stored on servers located within the European Union (EU) and the European Economic Area (EEA).

Where data is transferred to sub-processors outside the EU/EEA (for example, certain Vercel edge functions), we ensure that appropriate safeguards are in place, including: - Standard Contractual Clauses (SCCs) approved by the European Commission - Adequacy decisions by the European Commission - Other legally recognized transfer mechanisms under Chapter V of the GDPR

Under the GDPR, you have the following rights regarding your personal data:

Right of Access (Article 15): You may request a copy of the personal data we hold about you.

Right to Rectification (Article 16): You may request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17): You may request deletion of your personal data, subject to legal retention obligations.

Right to Restrict Processing (Article 18): You may request that we limit how we process your data in certain circumstances.

Right to Data Portability (Article 20): You may request to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object (Article 21): You may object to processing based on legitimate interests, including profiling.

Right to Withdraw Consent (Article 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. The lead supervisory authority for Airvue is the Commission Nationale de l'Informatique et des Libertés (CNIL), 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France.

To exercise any of these rights, please contact us at support@airvue.io. We will respond to your request within thirty (30) days. We may request verification of your identity before processing your request.

Airvue does not engage in automated decision-making or profiling that produces legal effects or similarly significant effects on individuals. The analytics and market data provided through the Service are informational tools only and do not constitute automated decisions about you.

The Service is not directed at individuals under the age of sixteen (16). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such data promptly.

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party service you access through links on our platform.

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated to you via email to the address associated with your account or through a prominent notice on the platform at least thirty (30) days before they take effect.

Your continued use of the Service after the effective date of a revised Policy constitutes your acceptance of the changes.

This Policy is governed by and construed in accordance with the laws of France and applicable EU regulations. Any disputes arising from or relating to this Policy shall be subject to the exclusive jurisdiction of the competent courts of France, without prejudice to your right to lodge a complaint with the CNIL or another competent supervisory authority.

For any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at:

Email: support@airvue.io Data Controller: Airvue SAS

We will make every effort to resolve your concerns promptly and in accordance with applicable data protection law.