Privacy policy
Last updated: May 16, 2026
This policy describes how FujiSpace collects, uses and protects the personal data of users of the service, in compliance with Regulation (EU) 2016/679 of 27 April 2016 (« GDPR») and amended French law n° 78-17 of 6 January 1978.
By using the service, the User acknowledges having read this policy. It forms, with the Terms, the applicable contractual framework.
1. Data controller
The data controller for personal data is:
- [NOM DE LA SOCIÉTÉ], [legal form]
- Registered office: [Full address]
- SIRET: [14 digits]
- Privacy contact: fujispace@fujispace.com
2. Data Protection Officer (DPO)
To date, given the nature and volume of processing, the appointment of a Data Protection Officer is not mandatory under article 37 GDPR. A single point of contact is nevertheless set up: fujispace@fujispace.com. Any change (DPO appointment, contact details) will be reflected in this policy.
3. Data collected
Depending on how you use the service, we may process the following categories of data:
| Category | Examples |
|---|---|
| Identification | email, name / nickname, user identifier |
| Authentication | password hash, session tokens, OAuth provider |
| Subscription | plan subscribed, history, PSP customer ID |
| Billing | billing address, issued invoices (banking details are processed only by the PSP) |
| Service usage | assets viewed, configured alerts, preferences, in-app navigation history |
| Technical data | IP address, user-agent, server logs, cookie identifiers |
| Communications | content of exchanges with support, contact forms |
No sensitive data within the meaning of article 9 GDPR (racial origin, political opinions, health, etc.) is collected. The service is not intended for minors under 15 years of age; no account should be created by a minor without express parental agreement.
4. Purposes and legal bases
Each processing operation is based on an identified legal basis, in accordance with article 6 GDPR:
| Purpose | Legal basis |
|---|---|
| Account creation and management, provision of the subscribed service | Performance of the contract (art. 6-1-b) |
| Billing, collection, accounting | Legal obligation (art. 6-1-c) |
| Service security, fraud prevention, technical logs | Legitimate interest (art. 6-1-f) |
| Usage analysis and service improvement (anonymous audience measurement) | Legitimate interest or consent depending on the tool |
| Sending transactional communications (confirmations, alerts, invoices) | Performance of the contract (art. 6-1-b) |
| Sending commercial communications (newsletter, offers) | Consent (art. 6-1-a) |
| Response to a contact or support request | Legitimate interest (art. 6-1-f) |
5. Retention periods
Your data is kept only for the time necessary for the purposes for which it was collected:
- Active account: for the entire duration of your subscription and as long as your account is not deleted.
- Inactive account: after 24 months of inactivity, your account is archived then deleted, after a reminder by email.
- Billing data: 10 years from invoice issuance (art. L.123-22 C. com.).
- Technical and security logs: 12 months maximum.
- Audience measurement cookies: 13 months maximum (CNIL recommendation).
- Commercial prospecting data: 3 years after the last contact.
- Exchanges with support: 3 years after the last exchange.
6. Recipients and processors
Your data is never sold. It is only accessible to authorized persons of the Publisher and to a limited number of processors, bound by a contract compliant with article 28 GDPR:
| Processor | Role | Location |
|---|---|---|
| Vercel Inc. | Hosting, CDN, deployment | United States / EU |
| [Stripe / autre PSP] | Payment, subscription management | Ireland / United States |
| [Transactional email provider] | Email sending (confirmations, alerts, support) | [EU / United States] |
| [Market data provider] | Financial data feed (crypto, stocks) | [EU / United States] |
| [Audience measurement tool] | Usage statistics (if enabled with consent) | [EU / United States] |
The Publisher may also transmit data to any public or judicial authority that requests it as part of legal proceedings.
7. Transfers outside the European Union
Some processors (notably Vercel and the payment service provider) may operate, in whole or in part, outside the European Union, mainly in the United States.
These transfers are framed by the mechanisms provided in articles 44 et seq. GDPR, namely, depending on the case: the « Data Privacy Framework » adequacy decision for certified U.S. organizations, the Standard Contractual Clauses adopted by the European Commission, or, failing that, equivalent guarantees. Details of the guarantees can be obtained on request at fujispace@fujispace.com.
8. Your rights
In accordance with articles 15 to 22 GDPR, you have the following rights over your personal data:
- Right of access: obtain confirmation that data is processed and receive a copy of it;
- Right of rectification: have inaccurate or incomplete data corrected;
- Right to erasure (« right to be forgotten »): request deletion of your data, under the conditions of article 17;
- Right to restriction of processing;
- Right to object to processing based on legitimate interest or for prospecting purposes;
- Right to portability: receive your data in a structured, commonly used and machine-readable format;
- Right to withdraw your consent at any time when processing depends on it;
- Post-mortem directives: define the fate of your data after your death (art. 85 I&L Act).
These rights are exercised by simple request to fujispace@fujispace.com, accompanied by any element making it possible to verify your identity. A response will be provided within a maximum of one month, which may be extended by two months in case of complex request (art. 12 GDPR).
If you believe that your rights are not being respected, you can lodge a complaint with the French National Commission for Information Technology and Civil Liberties (CNIL), 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07 — www.cnil.fr.
9. Security
The Publisher implements appropriate technical and organizational measures to ensure a level of security adapted to the risk: encryption of communications (HTTPS/TLS), storage of passwords in hash form, strict access controls, logging, regular backups, periodic reviews. In the event of a data breach likely to result in a risk to the rights and freedoms of individuals, the CNIL will be notified within 72 hours in accordance with article 33 GDPR, and the users concerned will be informed as soon as possible when required by article 34.
10. Cookies
The use of cookies and trackers is described in detail in the Cookie Policy, which complements this policy.
11. Modifications
This policy may evolve to reflect regulatory changes, new processing operations implemented or service evolution. Any substantial modification will be brought to the attention of users by email or in-app notification, at least fifteen (15) days before its entry into force.
12. Contact
For any question regarding your personal data or this policy: fujispace@fujispace.com.