Privacy policy

This policy describes the personal data collected by FerrLabs (Bryan Ferrando, sole proprietor, SIREN 104 243 951) acting as data controller, in accordance with the GDPR.

Data collected

• Account: email address, password (hashed with Argon2id), display name, timezone, locale.
• Organization: name, slug, team size, country.
• Audit: IP address, user-agent, timestamps of sensitive actions.
• Cookies: fl_session (httpOnly, SameSite=Lax, 7-day lifetime) — strictly necessary for authentication.
• Server logs: 30-day retention.

Purposes

• Authentication and access to the service.
• Operation and security of the platform.
• Billing of paid subscriptions.
• Compliance with legal obligations.

Legal bases (GDPR art. 6)

• Performance of the contract (6.1.b) for accounts and subscriptions.
• Legitimate interest (6.1.f) for security and logs.
• Legal obligation (6.1.c) for accounting and tax data.

Subprocessors

• OVH SAS — hosting (France).
• Stripe Inc. — payments (United States, certified under the Data Privacy Framework) — active when a paid subscription is activated.
• Resend — transactional emails — active when transactional emails are sent.

Retention period

Your rights

Under the GDPR, you have the rights of access, rectification, erasure, portability, objection, and restriction of processing.

To exercise your rights: contact@ferrlabs.com.

You may also lodge a complaint with the CNIL (cnil.fr).

Data Protection Officer (DPO)

FerrLabs has not appointed a DPO. This is not required for a sole proprietorship that does not carry out large-scale processing of sensitive data (GDPR art. 37).

Transfers outside the European Union

Where applicable, transfers occur to subprocessors located in countries with an adequacy decision or certified under the Data Privacy Framework. No transfer is made to a country without adequate safeguards.

Changes

This policy may be updated. The date of the last revision is shown at the top of this page.

French version: Politique de confidentialité.