Privacy Policy

How we collect, store, and use your data, in compliance with GDPR.

Data Protection

This policy explains how we process your personal data when you use GabaritKDP.

1. Data Controller

Controller: Sécurité pour Tous — SASU (RCS Paris 888 261 948)
Brand operated as: GabaritKDP
Address: 25 rue Marie Georges Picquart, 75017 Paris, France
Personal data contact: contact@gabaritkdp.com

In this document, “we” means Sécurité pour Tous operating under the GabaritKDP brand.

2. Data We Collect

We only collect information needed to deliver the service. Depending on how you use it, this may include:

  • Email address and login credentials (for authentication / account creation).
  • Technical export preferences (book size, page count, interior type).
  • Stripe purchase/transaction metadata (plan purchased, amount, date).
  • Technical logs (error logs, performance metrics, IP address in case of abnormal usage).

We never store full credit card numbers ourselves. Payments are processed by Stripe as a secure payment processor.

3. Why We Use Your Data

We use your data to:

  • Create and manage your user account.
  • Generate your cover templates and technical exports.
  • Provide access to paid plans, subscriptions, or export credits.
  • Handle billing, anti-fraud checks, and accounting obligations.
  • Improve technical stability and export quality.
  • Contact you in case of critical issues (e.g. blocking bug, security incident).

Important

We do not use your personal data for social media ad targeting. We do not sell your personal data.

4. Legal Basis for Processing

We only process your data if we have a valid legal basis under GDPR:

  • Contract performance: providing the service you requested (account creation, template generation, paid plan access).
  • Legal obligation: accounting and tax compliance.
  • Legitimate interest: service security, fraud prevention, technical improvement.
  • Consent: when required (e.g. for certain types of communication).

5. Our Service Providers (Processors)

We rely on strictly necessary service providers to deliver GabaritKDP:

  • Stripe Payment processing. We never store your full card number.
  • Supabase Hosting of technical data and user accounts (database, authentication, secure storage).
  • Infrastructure & analytics techniques Performance and stability diagnostics (e.g. error measurement, compatibility testing).

These providers act as “processors” under GDPR, and process your data only under our instructions.

6. Data Retention

We keep your data only as long as needed:

  • Account data (email, settings): as long as your account is active.
  • Billing data: the minimum period required under tax/accounting law.
  • Security logs: a reasonable period to detect abuse, fraud, and attacks.

You can request deletion of your account and associated data (within legal and accounting limits) by emailing: contact@gabaritkdp.com.

7. Your Rights

Under GDPR, you have the following rights:

  • Right of access: get a copy of your personal data.
  • Right to rectification: fix inaccurate data.
  • Right to erasure: request deletion of your data, subject to legal obligations.
  • Right to restriction/objection: limit or object to certain processing.
  • Right to portability: receive your data in a structured, machine-readable format.

To exercise your rights: contact@gabaritkdp.com.

You also have the right to lodge a complaint with the CNIL (the French Data Protection Authority).

8. Data Security

We implement reasonable technical and organizational measures to protect your information from unauthorized access, alteration, disclosure, or destruction.

  • Account management and authentication via secure services (e.g. Supabase Auth).
  • Technical logging to detect abnormal / abusive behavior.
  • Segmented handling of sensitive data (Stripe manages payments).

No method of transmission or storage is 100% secure, but we apply reasonable and proportionate safeguards.

9. International Data Transfers

Some of our technical service providers (e.g. hosting, analytics, payment processing) may be located outside the European Economic Area. Where this happens, we ensure appropriate safeguards are in place (Standard Contractual Clauses, additional security measures).

10. Changes to this Policy

We may update this policy to reflect service evolution, legal requirements, or security practices. If we make a significant change, we may inform you via email or a notice on the site.

By continuing to use the service after the update, you agree to the new version of this policy.