Accueil

Privacy Policy

Processing of your personal data in accordance with Regulation (EU) 2016/679 (GDPR) and French Data Protection Act No. 78-17. This English version is a courtesy translation; the French version prevails.

Dernière mise à jour : 22 May 2026

This policy explains, clearly and transparently, how Rémy Magne (sole trader), publisher of Orizen (the « Service », orizen.cloud) — « we », the « Publisher » — collects, uses, stores, shares and protects the personal data of its users.

1. Data controller

The data controller is Rémy Magne, sole trader (micro-enterprise), registered with the French National Business Register under SIREN 987740248 (SIRET 98774024800016, NACE code 6201Z — Computer programming), operating in Nevers (58000), France.

Data protection contact: Rémy Magne — contact@orizen.cloud.

2. Categories of data collected

  • Account and identification data: name, email address, password (hashed, handled by our authentication provider), profile picture where applicable.
  • Business data: company name, sector, size, role.
  • Billing data: plan, payment history, customer ID. Card details are stored solely by our payment provider; we never have access to them.
  • Usage and technical data: connection logs, IP address, browser, modules used, AI requests, timestamps, cookies.
  • Content you enter in the modules, which may include third-party data for which you are responsible.

3. Purposes and legal bases

  • Account creation/management and Service delivery — performance of contract (Art. 6.1.b).
  • Billing and subscription management — contract and legal obligation (Art. 6.1.b and 6.1.c).
  • Processing of AI requests — performance of contract (Art. 6.1.b).
  • Security and fraud prevention — legitimate interest (Art. 6.1.f).
  • Improvement and audience measurement — legitimate interest or consent.
  • Service communications — contract; marketing — revocable consent.

4. Recipients and processors

Your data is never sold. Processors (Art. 28 GDPR):

  • Clerk — authentication.
  • Stripe — payments.
  • Supabase — database (EU).
  • Vercel — application hosting.
  • Resend — emails.
  • Groq, Mistral, Google (Gemini) — AI processing.

5. Transfers outside the European Union

Some processors may process data outside the EU (notably in the United States). Such transfers are governed by appropriate safeguards (Standard Contractual Clauses and/or the Data Privacy Framework), in accordance with Chapter V of the GDPR.

6. Retention periods

  • Account data and content: for the duration of the subscription, then deleted within 30 days after closure.
  • Billing data: 10 years (legal obligation).
  • Technical logs: 12 months.

7. Security

Encryption in transit (HTTPS/TLS) and at rest, per-company data isolation, access controls, logging. In the event of a high-risk breach, we notify the supervisory authority (CNIL) and affected individuals (Art. 33 and 34 GDPR).

8. Your rights

Rights of access, rectification, erasure, restriction, objection, portability, and post-mortem directives (Art. 15–22 GDPR). Exercise them at contact@orizen.cloud (reply within one month). You may lodge a complaint with the CNIL (www.cnil.fr). See also our GDPR page.

9. Customer content (processing)

When you enter third-party data, you act as controller and the Publisher acts as processor (Art. 28 GDPR), under a Data Processing Agreement (DPA).

10. Minors

The Service is intended for professional use and is not designed for persons under 15.

11. Changes

This policy may be updated; any material change will be notified.

12. Contact

contact@orizen.cloud — or via our contact page.