Skip to content

Privacy Policy

Last updated: [A COMPLETER]

1. Data Controller

The data controller responsible for processing your personal data is:

[A COMPLETER — Raison sociale]
[A COMPLETER — Adresse]
Email: dpo@corpsec.com

2. Data We Collect

We collect and process the following categories of personal data:

  • Identity data: name, email address, phone number
  • Account data: login credentials, profile information
  • KYC data: identity documents, proof of address (for incorporation services)
  • Financial data: payment information (processed by Stripe, not stored on our servers)
  • Usage data: pages visited, actions taken, device and browser information
  • Communication data: messages sent via contact forms, support emails

3. Purposes of Processing

Your data is processed for the following purposes:

  • Providing and managing our Services
  • Processing orders and payments
  • Communicating with you about your account and services
  • Regulatory compliance (KYC/AML obligations)
  • Improving our platform and user experience
  • Sending marketing communications (with your consent)

4. Legal Basis (GDPR Article 6)

  • Contract performance: processing necessary to deliver the Services you requested
  • Legal obligation: KYC/AML compliance, tax reporting
  • Legitimate interest: platform improvement, fraud prevention, analytics
  • Consent: marketing emails, non-essential cookies

5. Data Retention

We retain your data for the following periods:

  • Account data: for the duration of your account, plus [A COMPLETER] years after closure
  • KYC documents: 5 years after the end of the business relationship (legal obligation)
  • Financial records: 10 years (accounting obligation)
  • Marketing leads: 3 years from last contact
  • Analytics data: 26 months (PostHog)

6. Data Recipients

Your data may be shared with the following categories of recipients:

  • Supabase (hosting & database): account and application data
  • Stripe (payments): payment and billing data
  • PostHog (analytics): usage and behavioral data
  • Partner firms: local registered agents, accountants, and law firms in the relevant jurisdiction
  • Government registries: as required for incorporation and compliance filings

7. International Transfers

Some of our service providers are located outside the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure adequate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable

Specifically: Supabase (US — SCCs), Stripe (US — SCCs), PostHog (EU/US — [A COMPLETER]).

8. Cookies

Our platform uses the following cookies and tracking technologies:

  • Essential cookies: Supabase authentication session (strictly necessary)
  • Analytics cookies: PostHog for usage analytics (consent required)
  • Payment cookies: Stripe for secure payment processing (strictly necessary)

You can manage your cookie preferences at any time via your browser settings. For more information, see our Legal Notice.

9. Your Rights

Under the GDPR, you have the following rights:

  • Right of access: obtain a copy of your personal data
  • Right to rectification: correct inaccurate data
  • Right to erasure: request deletion of your data (subject to legal retention obligations)
  • Right to restriction: limit processing in certain circumstances
  • Right to data portability: receive your data in a structured format
  • Right to object: object to processing based on legitimate interest or marketing
  • Right to withdraw consent: at any time, without affecting prior processing

To exercise these rights, contact us at dpo@corpsec.com. We will respond within 30 days.

10. Data Protection Officer

Our Data Protection Officer can be contacted at:

Email: dpo@corpsec.com
[A COMPLETER — Nom du DPO si désigné]

You also have the right to lodge a complaint with the relevant supervisory authority (in France: CNIL).