Privacy Policy

Oplia's personal data protection policy

Last update: January 15, 2026

Note: The French version of this policy is the original and legally binding version.

1. Data Controller

Controller: Thomas DE ALMEIDA
Headquarters: 14 rue du Maréchal Leclerc, 31380 Montastruc la Conseillère, France
Email: contact@oplia.fr

We place a major importance on the confidentiality of your data. This policy aims to inform you transparently about our practices.

2. Collected Data

We collect only the data strictly necessary for the operation of the service:

  • Account Data: Email, Password (encrypted)
  • Billing Data: Name, Address (processed securely by Stripe)
  • Usage Data: Audited URLs, generated audit reports, technical connection logs

We do not collect any sensitive data (health, opinion, etc.).

3. Purposes and Legal Basis

The processing of your data is justified by:

  • Contract performance (GTC): Account creation, audit generation, technical assistance.
  • Legal obligation: Billing, accounting.
  • Legitimate interest: Site security, fraud prevention.

4. Data Recipients

Your data is accessible only by Thomas DE ALMEIDA and its strictly authorized technical subcontractors:

  • Supabase (AWS Europe - Ireland): Secure database hosting and authentication.
  • Stripe (USA/EU): Payment management. We do not store any credit card numbers.
  • OVH (France): Application server hosting and file storage (self-hosted MinIO).
  • Resend (USA): Sending transactional emails (confirmations, password recovery).
  • Sentry (USA): Technical error monitoring to improve stability.
  • Google Analytics (USA): Anonymized audience analysis (subject to your cookie consent).

All these subcontractors adhere to the standard contractual clauses of the European Commission or the Data Privacy Framework.

We do not sell, rent or transfer any personal data to third parties for commercial purposes.

5. Transfer of data outside the EU

Data is mostly hosted in Europe. Some subcontractors (such as Stripe or Vercel) may have infrastructures in the United States. In this case, we ensure that they adhere to the standard contractual clauses of the European Commission or the Data Privacy Framework to guarantee an equivalent level of protection.

6. Retention Period

  • Active account: Subscription period.
  • Inactive account: 3 years after the last activity.
  • Billing data: 10 years (legal accounting obligation).

7. Your Rights

You have the rights of access, rectification, erasure ("right to be forgotten"), limitation and portability of your data.

To exercise these rights, simply send an email to contact@oplia.fr. You also have the right to lodge a complaint with the CNIL.

8. Cookies and Trackers

Oplia uses two types of cookies:

  • Technical cookies (mandatory): User session, security. Always active.
  • Analysis cookies (optional): Google Analytics to understand site usage. Subject to your consent.

During your first visit, a banner allows you to choose to accept or refuse analysis cookies. You can modify this choice at any time by deleting your browser cookies.

9. Security

We use the HTTPS protocol (TLS encryption) for all exchanges. Passwords are hashed and salted. Access to the database is restricted by strict security policies (Row Level Security).