Privacy Policy
Processing of your personal data in accordance with Regulation (EU) 2016/679 (GDPR) and French Data Protection Act No. 78-17. This English version is a courtesy translation; the French version prevails.
Dernière mise à jour : 22 May 2026
This policy explains, clearly and transparently, how Rémy Magne (sole trader), publisher of Orizen (the « Service », orizen.cloud) — « we », the « Publisher » — collects, uses, stores, shares and protects the personal data of its users.
1. Data controller
The data controller is Rémy Magne, sole trader (micro-enterprise), registered with the French National Business Register under SIREN 987740248 (SIRET 98774024800016, NACE code 6201Z — Computer programming), operating in Nevers (58000), France.
Data protection contact: Rémy Magne — contact@orizen.cloud.
2. Categories of data collected
- Account and identification data: name, email address, password (hashed, handled by our authentication provider), profile picture where applicable.
- Business data: company name, sector, size, role.
- Billing data: plan, payment history, customer ID. Card details are stored solely by our payment provider; we never have access to them.
- Usage and technical data: connection logs, IP address, browser, modules used, AI requests, timestamps, cookies.
- Content you enter in the modules, which may include third-party data for which you are responsible.
3. Purposes and legal bases
- Account creation/management and Service delivery — performance of contract (Art. 6.1.b).
- Billing and subscription management — contract and legal obligation (Art. 6.1.b and 6.1.c).
- Processing of AI requests — performance of contract (Art. 6.1.b).
- Security and fraud prevention — legitimate interest (Art. 6.1.f).
- Improvement and audience measurement — legitimate interest or consent.
- Service communications — contract; marketing — revocable consent.
4. Recipients and processors
Your data is never sold. Processors (Art. 28 GDPR):
- Clerk — authentication.
- Stripe — payments.
- Supabase — database (EU).
- Vercel — application hosting.
- Resend — emails.
- Groq, Mistral, Google (Gemini) — AI processing.
5. Transfers outside the European Union
Some processors may process data outside the EU (notably in the United States). Such transfers are governed by appropriate safeguards (Standard Contractual Clauses and/or the Data Privacy Framework), in accordance with Chapter V of the GDPR.
6. Retention periods
- Account data and content: for the duration of the subscription, then deleted within 30 days after closure.
- Billing data: 10 years (legal obligation).
- Technical logs: 12 months.
7. Security
Encryption in transit (HTTPS/TLS) and at rest, per-company data isolation, access controls, logging. In the event of a high-risk breach, we notify the supervisory authority (CNIL) and affected individuals (Art. 33 and 34 GDPR).
8. Your rights
Rights of access, rectification, erasure, restriction, objection, portability, and post-mortem directives (Art. 15–22 GDPR). Exercise them at contact@orizen.cloud (reply within one month). You may lodge a complaint with the CNIL (www.cnil.fr). See also our GDPR page.
9. Customer content (processing)
When you enter third-party data, you act as controller and the Publisher acts as processor (Art. 28 GDPR), under a Data Processing Agreement (DPA).
10. Minors
The Service is intended for professional use and is not designed for persons under 15.
11. Changes
This policy may be updated; any material change will be notified.
12. Contact
contact@orizen.cloud — or via our contact page.