Privacy Policy
Last updated: July 2026
1. Data Controller
KICK Guillaume — sole trader (entrepreneur individuel, EI) 10 rue des Varennes, 71640 Mercurey, France SIREN: 414 859 926 — registered with the Chalon-sur-Saône Trade and Companies Register (RCS) Contact: hello@guillaumekick.com This policy describes how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR).
2. Data Collected
- Account data: name, email address, password (hashed and salted — never stored in plain text).
- Session data: IP address and user agent (collected automatically during authentication).
3. Legal Basis for Processing
- Performance of a contract (Art. 6.1.b GDPR): creating and managing your user account, authentication.
- Legitimate interest (Art. 6.1.f GDPR): error tracking via Sentry to ensure service stability and security.
4. Cookies and Local Storage
We only use cookies and local storage that are strictly necessary for the service to function. No consent is required for these items (ePrivacy Directive, Art. 5.3).
| Name | Type | Purpose | Duration |
|---|---|---|---|
| better-auth.session_token | Cookie | Authentication and session management | 7 days |
| sidebar:state | localStorage | Remember sidebar state (open/closed) | Persistent |
| theme | localStorage | Remember theme preference (light/dark/system) | Persistent |
No third-party cookies, no advertising cookies, no tracking cookies.
5. Error Tracking (Sentry)
We use Sentry to detect and fix technical errors. Sentry does not set any cookies. Personal information (email addresses, IP addresses) is automatically masked before transmission through our PII scrubbing system. Data is anonymized and retained for a maximum of 30 days. Legal basis: legitimate interest (Art. 6.1.f GDPR) — maintaining a stable and secure service.
6. Hosting and Sub-processors
The application is hosted by Vercel, Inc. and the database in the European Union by Neon, Inc. Transactional emails are sent through Resend, image storage (avatars, alliance logos) is provided by Cloudflare R2, and error tracking by Sentry. Screenshots you submit for automatic extraction are transmitted to Google (Gemini API) solely for analysis purposes. Some of these providers are located outside the European Union; data is only transmitted to them for the purposes described above, with appropriate safeguards (standard contractual clauses).
7. Data Retention
Authentication sessions: 7 days (automatically renewed). Account data: retained until you delete your account — deletion takes effect 30 days after the request (during which you can cancel it), then identity data (email, name, avatar) is permanently anonymized within the following 30 days. Sentry error logs: 30 days maximum. Local preferences (theme, sidebar): until manually cleared by the user.
8. Your Rights
Under the GDPR (Articles 15 to 22), you have the following rights:
- Right of access: obtain a copy of your personal data.
- Right to rectification: correct inaccurate or incomplete data.
- Right to erasure: request deletion of your data.
- Right to restriction: restrict the processing of your data.
- Right to object: object to processing based on legitimate interest.
9. Contact
To exercise your rights or for any questions about the protection of your data, contact us: hello@guillaumekick.com You also have the right to lodge a complaint with your local data protection authority (in France: CNIL, www.cnil.fr).