Chrono running
00:00:00

Privacy Policy

Last updated: 02/04/2026

1. Data Controller

Controller: ThumbUp (contact: contact@byevti.com).

2. Data We Collect

  • Account data: email, hashed password, role, time zone, verification status.
  • Business data: clients, orders, deliverables, revision comments, and related history.
  • Security data: login logs, session tokens, CSRF protections, technical logs.
  • Communication data: verification emails, password reset messages, contact form requests.
  • Payment data: PayPal/Stripe transaction identifiers, status, amount, currency, timestamp.

3. Purposes and Legal Bases

  • Contract performance: account creation, order management, billing, support.
  • Legitimate interest: service security, fraud prevention, operational monitoring.
  • Legal obligation: accounting and tax retention for payment operations.
  • Consent: processing requests submitted through the contact form.

4. Login and Security

  • Passwords are stored in hashed form (never plaintext).
  • Login forms are protected by CSRF tokens.
  • Role-based access control and mandatory email verification are enforced.
  • Sessions and technical traces are used to detect abusive activity.

5. Payments (PayPal and Stripe)

  • Transactions are processed by PCI DSS certified providers (PayPal and/or Stripe).
  • Full card details do not transit through ThumbUp servers.
  • Only technical payment references and statuses are retained for tracking purposes.

6. Data Recipients

  • Strictly authorized internal team members.
  • Technical providers: hosting, SMTP email delivery, payment providers (PayPal/Stripe).
  • Public authorities when legally required.

7. Retention Periods

  • User account data: for the duration of the contractual relationship, then limited archival retention.
  • Security and login logs: up to 12 months, unless an incident requires extended retention.
  • Payment/accounting data: up to 10 years (legal obligations).
  • Contact requests: up to 3 years from the last exchange.

8. Your Rights

Under the GDPR and applicable French data protection laws, you have rights of access, rectification, erasure, restriction, objection, portability, and withdrawal of consent.

To exercise your rights: contact@byevti.com. You may also lodge a complaint with the CNIL.

9. Cookies and Tracking Technologies

ThumbUp mainly uses strictly necessary cookies for authentication, user session, and security. No third-party advertising cookies are placed without an appropriate legal basis.

10. Policy Updates

This policy may be updated to reflect service changes, legal obligations, or provider updates.