Privacy Policy
Last updated: January 21, 2026
Version 1.0
At CyberClair, we place paramount importance on protecting your personal data. This privacy policy informs you of how we collect, use, store and protect your information in accordance with the General Data Protection Regulation (GDPR) and French data protection laws.
1. Data Controller
The data controller for personal data is:
- Company name: ID Cyberconseil
- SIRET: 98969428600018
- Registered office: La Réunion, France
- Data Controller: Achille Brial
- DPO Contact: contact@cyberclair.io
2. Data We Collect
We collect the following categories of data:
2.1 Identification Data
- First and last name
- Email address
- Phone number
- Social media handles (Instagram, TikTok, LinkedIn, Twitter/X)
2.2 Account Data
- Account identifier
- Password (stored in hashed form)
- Language preferences
- Account creation date
2.3 Service Usage Data
- Security scan results (data breaches, suspicious accounts)
- Security checklist progress
- Alerts generated by the service
- Security score
2.4 Payment Data
- Stripe customer ID
- Subscription type
- Transaction history (via Stripe)
Note: Banking details (card number, CVV) are never stored on our servers. They are processed directly by our payment provider Stripe, which is PCI-DSS Level 1 certified.
3. Purposes and Legal Bases
| Purpose | Legal Basis |
|---|---|
| Account creation and management | Contract performance (Art. 6.1.b GDPR) |
| Cybersecurity services delivery | Contract performance (Art. 6.1.b GDPR) |
| Data breach scans (HIBP) | Contract performance (Art. 6.1.b GDPR) |
| Fake account detection (OSINT) | Contract performance (Art. 6.1.b GDPR) |
| Subscription and payment management | Contract performance (Art. 6.1.b GDPR) |
| Customer support (Crisp) | Legitimate interest (Art. 6.1.f GDPR) |
| Targeted advertising (Meta Pixel) | Consent (Art. 6.1.a GDPR) |
| Legal obligations (invoicing) | Legal obligation (Art. 6.1.c GDPR) |
4. Data Recipients
Your data may be shared with the following recipients:
4.1 Sub-processors
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Database hosting and authentication | European Union |
| Vercel | Application hosting | USA (Edge EU) |
| Stripe | Payments | USA (DPF certified) |
| Apify | OSINT research | European Union (Prague) |
| HaveIBeenPwned | Breach verification | United Kingdom |
| Crisp | Customer support | France |
| Meta (Facebook) | Advertising (with consent) | USA (DPF certified) |
5. International Transfers
Some of our sub-processors are located outside the European Union. These transfers are governed by:
- United Kingdom: European Commission adequacy decision
- United States: EU-US Data Privacy Framework (DPF) for certified companies (Stripe, Meta) and Standard Contractual Clauses (SCC)
6. Data Retention Periods
| Data Category | Retention Period |
|---|---|
| Account data | Account duration + 3 years |
| Scan results | Account duration |
| Billing data | 10 years (legal requirement) |
| Temporary onboarding data | 30 days maximum |
| Support conversations | 3 years |
7. Your Rights
Under the GDPR, you have the following rights:
- Right of access (Art. 15): Obtain a copy of your data
- Right to rectification (Art. 16): Correct inaccurate data
- Right to erasure (Art. 17): Request deletion of your data
- Right to restriction (Art. 18): Limit processing of your data
- Right to data portability (Art. 20): Receive your data in a structured format
- Right to object (Art. 21): Object to data processing
- Right to withdraw consent: Withdraw your consent at any time
To exercise these rights, visit the My Data page in your account or contact us at contact@cyberclair.io.
8. Cookies
We use cookies for site functionality and, with your consent, for marketing purposes. For more information, see our Cookie Policy.
9. Data Security
We implement the following technical and organizational measures:
- Encryption of data in transit (TLS/HTTPS)
- Password encryption (secure hashing)
- Role-based access control (Row Level Security)
- Secure authentication (OTP, strong passwords)
- Certified infrastructure hosting (Supabase, Vercel)
- Limited access to personal data
10. Complaints
If you believe that the processing of your data does not comply with regulations, you can lodge a complaint with the French Data Protection Authority (CNIL):
- Address: 3 Place de Fontenoy - TSA 80715 - 75334 Paris Cedex 07, France
- Website: www.cnil.fr
11. Changes
We reserve the right to modify this privacy policy at any time. In case of substantial changes, we will inform you by email or via a notification on the site.
12. Contact
For any questions regarding this policy or your personal data, contact us at: contact@cyberclair.io