🎉 Founder pricing — first 100 users lock in €29/month for life Claim your spot →
Legal

Privacy Policy

📅 Effective date: 1 June 2025 🔄 Last updated: 1 June 2025
This Privacy Policy explains how Pricevo collects, uses, and protects your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable French law. We take your privacy seriously.
01

Data Controller

The data controller for personal data processed through the Pricevo platform is:

LEFRANCOIS Alexis
Registered in France — SIRET: 93116252300019
📧 privacy@pricevo.io
📍 22B AV Pasteur, 60800 Crepy-en-Valois, France
02

Data We Collect

We collect only the data necessary to provide and improve the Service.

Account Data

  • Email address (required for account creation)
  • Name (optional, used for personalisation)
  • Password (hashed via Supabase Auth — never stored in plaintext)
  • OAuth profile data if you sign in via Google (name, email, profile picture)

Usage Data

  • Search queries submitted (vehicle make, model, criteria)
  • Search history and results accessed
  • Feature usage patterns and session duration
  • Browser type, device type, and IP address (for security and analytics)

Billing Data

Billing information (card details, billing address, VAT number) is collected and processed exclusively by our payment processor Paddle. Pricevo does not store or process payment card data. Paddle acts as an independent data controller for billing-related personal data.

Communications Data

  • Email address collected via our waitlist form (with explicit consent)
  • Support inquiries and correspondence
03

How We Use Your Data

PurposeData UsedLegal Basis
Provide and operate the ServiceAccount data, usage dataContract performance
Process payments & billingEmail, billing info (via Paddle)Contract performance
Send transactional emails (invoices, alerts)Email addressContract performance
Send product updates & newslettersEmail addressConsent (opt-in)
Improve platform features & analyticsAnonymised usage dataLegitimate interest
Security, fraud prevention & debuggingIP address, usage logsLegitimate interest
Comply with legal obligationsAny data as requiredLegal obligation

We do not sell your personal data. We do not use your data for automated decision-making that produces legal effects.

05

Data Sharing & Sub-processors

We share personal data only with trusted sub-processors necessary to operate the Service:

Sub-processorPurposeLocation
SupabaseDatabase hosting and authenticationEU (Frankfurt)
PaddlePayment processing, billing, VATUK / EU
ResendTransactional and marketing emailsUS (SCCs applied)
VercelFrontend hostingEU
Railway / HetznerBackend API hostingEU

We do not share your personal data with any third parties for advertising or marketing purposes. We may disclose data if legally required to do so by a court order or competent authority.

06

Data Retention

  • Account data: Retained for the duration of your active subscription plus 2 years following account deletion, unless a longer period is required by law.
  • Search history: Retained for the duration of your active subscription.
  • Billing records: Retained for 10 years as required by French accounting law.
  • Waitlist emails: Retained until you unsubscribe or request deletion.
  • Security logs: Retained for 12 months.

After the applicable retention period, data is permanently deleted or irreversibly anonymised.

07

Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • Password hashing via bcrypt (managed by Supabase Auth)
  • Role-based access controls — only authorised personnel access user data
  • Regular security reviews and dependency updates

No transmission over the internet is 100% secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority (CNIL) within 72 hours as required by GDPR Article 33.

08

Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15) — Request a copy of the data we hold about you.
  • Right to rectification (Art. 16) — Request correction of inaccurate data.
  • Right to erasure (Art. 17) — Request deletion of your data ("right to be forgotten").
  • Right to data portability (Art. 20) — Receive your data in a structured, machine-readable format.
  • Right to object (Art. 21) — Object to processing based on legitimate interests.
  • Right to restriction (Art. 18) — Request that we limit how we process your data.
  • Right to withdraw consent — At any time, for processing based on consent (e.g. marketing emails).

To exercise any of these rights, email privacy@pricevo.io. We will respond within 30 days. We may need to verify your identity before processing requests.

You also have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés) — France's data protection authority — at cnil.fr.
09

Cookies & Local Storage

Cookies

We use minimal cookies, strictly limited to:

  • Authentication cookies — Session tokens to keep you logged in (essential, cannot be disabled).
  • Preference cookies — Remembering UI preferences such as selected markets.

We do not use third-party advertising or tracking cookies.

Local Storage

We use your browser's local storage to cache search results and history for performance reasons. This data is stored on your device and is not transmitted to our servers unless you replay a search.

10

International Data Transfers

Some of our sub-processors (notably Resend) are based outside the EEA. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
11

Minors

Pricevo is a professional B2B service. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that a minor has provided personal data, we will delete it promptly.

12

Changes to this Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email and update the "Last updated" date above. We encourage you to review this policy periodically.

13

Contact & DPA Requests

For any privacy-related enquiries, data subject requests, or to obtain a Data Processing Agreement (DPA), please contact our privacy team:

Privacy Team — Pricevo
📧 privacy@pricevo.io
We aim to respond within 5 business days. For formal data subject requests, response time is 30 days.