1. Introduction

Protecting your personal data is a priority for OpenUp. This privacy policy explains in a transparent manner how we collect, use, protect, and store your data. By using our services, you agree to the practices described below, in accordance with the General Data Protection Regulation (GDPR) and applicable French data protection laws (Loi Informatique et Libertés). This policy applies to all users of our services, regardless of their place of residence or access.

2. Data collected

When you use our platform, we only collect information that is necessary to provide and improve the service. This includes the information you provide when you register, data generated by the use of links and QR codes, and certain technical data obtained through cookies. It also includes technical data such as IP address, browser type, operating system, and approximate geolocation information. Some of this data may be collected by third-party services integrated into our platform (including our payment processor and analytics providers). We consider cookies and technical identifiers to be personal data when they allow a user to be identified directly or indirectly.

3. Purpose of data use

The data is used to ensure the proper functioning of the service, provide link performance statistics, ensure account security, manage billing, enable communication with users, and improve the overall experience on the platform. Aggregated and anonymized data may be used for statistical or marketing purposes, but does not allow individual users to be identified. Subject to the user's consent, certain data may also be used to send newsletters or marketing communications.

4. Legal basis for processing

The processing of your data is primarily based on the performance of the contract between you and OpenUp. Certain processing operations are based on consent (such as non-essential cookies or optional communications) or on OpenUp's legitimate interest in maintaining security, detecting abuse, or improving the quality of service. Users may withdraw their consent at any time, without affecting the lawfulness of processing already carried out.

5. Access to data and subcontracting

Access to your data is strictly limited to OpenUp members, technical service providers acting on our behalf, and services essential to the operation of the platform, including our payment processor and analytics providers.

Some of these providers are located outside the European Union; in this case, appropriate safeguards are put in place in accordance with the GDPR (standard contractual clauses, adequacy decisions, etc.). These partners are contractually bound to respect data confidentiality and the requirements of the GDPR.

6. Embedded content and external links

Our site may contain embedded content (e.g., YouTube videos, third-party widgets). This embedded content behaves in the same way as if the user were visiting the third-party site directly. These sites may collect data, use cookies, or embed tracking tools. OpenUp is not responsible for the privacy policies of these external services, which operate under their own responsibility. Users are encouraged to review the privacy policies of these third-party services.

Links created through OpenUp redirect to third-party websites and applications. OpenUp does not control, monitor, or take responsibility for the content, privacy practices, or data collection of these third-party destinations.

7. Retention period

Personal data is retained for the duration of active use of the service. In the event of prolonged inactivity (24 months), data may be automatically deleted. Billing data is retained for the legal period (10 years) as required by French accounting and tax regulations. Technical data relating to links is retained for up to 12 months after creation. Upon account deletion, all personal data is permanently erased from our servers within 30 days, except where retention is required by law.

8. Your rights

In accordance with current legislation, you may access your personal data at any time, request its correction or deletion, exercise your right to portability, restrict processing, or object to its processing. You can exercise these rights by contacting us directly by email at [email protected]. All requests will receive a response within the legal time frame (30 days maximum). You may also lodge a complaint with the CNIL (www.cnil.fr) if you believe that your rights have not been respected.

9. Security

We implement technical and organizational measures to ensure the security of personal data, prevent unauthorized access, accidental loss, or alteration. All data is stored on secure servers, accessible only by authorized personnel. All data transmitted between your device and our servers is encrypted using industry standard protocols (TLS/SSL). We regularly review and update our security practices to address evolving threats.

10. Cookies

Cookies may be used for the proper functioning of the service, for anonymous statistical analysis, or to improve the user experience. You can configure your browser to block or delete these cookies, except those that are essential for the functioning of the platform. Non-essential cookies are subject to your prior consent. A consent banner is displayed on your first visit to allow you to manage your preferences.

The types of cookies we use include essential cookies (required for the service to function, no consent needed), analytics cookies (to understand how visitors use the site, require consent), and preference cookies (to remember your settings and choices, require consent).

11. International data transfers

OpenUp may transfer data to service providers located outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, adequacy decisions where applicable, and contractual obligations requiring our partners to protect your data to the same standard as within the EEA.

12. Children's privacy

OpenUp is not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16 without parental consent, we will take steps to delete that information promptly.

13. Third-party services

OpenUp integrates with certain third-party services to provide its functionality. These include a payment processor for subscription management, analytics services for link performance tracking, and authentication providers for secure sign-in. Each of these services has its own privacy policy, and we encourage you to review them. We only share the minimum data necessary for each service to function.

14. Changes

This privacy policy is subject to change. In the event of a substantial change, users will be notified by email or via a notification on their interface. Continued use of the service after this notification will constitute acceptance of the new provisions. The effective date of each new version will be clearly indicated at the top of this page.

15. Use of the OpenUp application

This privacy policy also applies to the use of the OpenUp mobile app available on iOS and Android, as well as the Progressive Web App (PWA). In addition to the data mentioned for the website, the app may request certain specific permissions from your smartphone.

Push notifications: only if you consent to this, in order to notify you of activity on your links, QR codes, or business cards. Camera and gallery access: only if you choose to add a logo, image, or scan a QR code from the app. Local storage (cache): to improve the app's performance and allow you to access certain data offline.

All of these permissions are optional and can be managed directly from your smartphone settings. The OpenUp app does not collect location or contact information without your explicit consent.

16. Data breach notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, OpenUp will notify the CNIL within 72 hours as required by the GDPR. If the breach is likely to result in a high risk to you, we will also notify you directly by email without undue delay.

17. Contact

If you have any questions, complaints, or requests regarding your data, you can contact us by email at the following address: [email protected].

OpenUp is a micro-enterprise registered in France. Its legal representative, Raphaël Le Cras, can be reached at the same address.