Privacy Policy
We take the protection of your personal data very seriously. This policy describes how we collect, use, and protect your information.
Last updated: [DD/MM/YYYY]
Translations are provided for informational purposes only. In case of discrepancy, the French version prevails.
TO CUSTOMIZE: Adapt this document to your actual practices. Elements in [brackets] must be completed. This template is a starting point — we recommend validation by a legal professional.
1. Data Controller
The data controller for your personal data is:
[Company name]
[Full address]
Email: [contact email]
[If DPO appointed: Data Protection Officer (DPO): [Name], reachable at [DPO email]]
2. Data Collected
In the context of using Koupli, we collect the following data:
Data provided directly by you
- Registration data: first name, email address, password (stored in hashed form)
- Profile data: usage preferences, couple space settings
- Imported financial data: bank transactions (amount, date, label, category) that you voluntarily import via CSV, XLSX, or PDF files
- Couple space data: shared transactions, splitting rules, shared savings goals
Data collected automatically
- Technical data: IP address, browser type, operating system, pages viewed, date and time of connection
- Cookies: see our Cookie Policy for more details
What we do NOT collect: we never have access to your banking credentials, your banking passwords, your card numbers, or your bank details. Transaction import is done only through files you download manually.
3. Purposes of Processing
Your data is processed for the following purposes:
| Purpose | Legal basis |
|---|---|
| Creation and management of your user account | Performance of contract |
| Provision of the Koupli service (import, categorization, splitting, budgets) | Performance of contract |
| Operation of the couple space (data sharing with your partner) | Performance of contract + consent |
| Personalized AI advice (categorization, alerts, recommendations) | Performance of contract |
| Sending weekly summary emails | Performance of contract |
| Sending marketing communications (newsletter, updates) | Consent |
| Service improvement and aggregated usage statistics | Legitimate interest |
| Handling support requests | Performance of contract |
| Compliance with legal and tax obligations | Legal obligation |
4. Data Sharing
Your personal data is never sold to third parties.
It may be shared only in the following cases:
- With your partner: only data that you have explicitly marked as "shared" in the couple space. Your personal accounts and transactions remain strictly private.
- With our technical subcontractors: hosting, email sending, payment processing. These providers are contractually bound to protect your data and may not use it for other purposes. [List main subcontractors: host, email service, payment processor]
- In case of legal obligation: if a judicial or administrative authority requires it.
5. Data Retention Period
| Data type | Retention period |
|---|---|
| Account data (profile, email) | For the duration of your registration + [X] months after account deletion |
| Imported financial data | For the duration of your registration. Deleted upon account closure. |
| Couple space data | For the duration of the couple space. Deleted when both partners leave the space. |
| Billing data | 10 years (legal accounting obligation) |
| Connection logs | 12 months (legal obligation) |
| Cookies | 13 months maximum |
6. Your Rights
In accordance with the GDPR, you have the following rights over your personal data:
- Right of access: obtain confirmation that your data is being processed and receive a copy
- Right of rectification: correct inaccurate or incomplete data
- Right to erasure: request deletion of your data (within legal limits)
- Right to portability: receive your data in a structured, readable format (CSV, PDF)
- Right to object: object to the processing of your data for legitimate reasons
- Right to restriction: request suspension of your data processing
- Right to withdraw consent: at any time for consent-based processing
How to exercise your rights: send an email to [contact / DPO email] specifying your request and attaching proof of identity. We commit to responding within one month.
If you believe your rights are not respected after contacting us, you can file a complaint with the CNIL:
Commission Nationale de l'Informatique et des Libertes
3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
www.cnil.fr
7. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, modification, disclosure, or destruction:
- Passwords are hashed and never stored in plain text
- Communications between your browser and our servers are encrypted (HTTPS/TLS)
- Internal access to data is restricted to those who need it
- Regular backups are performed
- [Add other relevant measures: WAF, security audit, etc.]
8. Data Transfers Outside the EU
[If your data stays in the EU:] Your data is hosted within the European Union and is not transferred to third countries.
[If some subcontractors are outside the EU:] Some of our technical subcontractors may be located outside the European Union. In this case, we ensure that appropriate safeguards are in place (European Commission standard contractual clauses or adequacy decision).
9. Changes
We reserve the right to modify this privacy policy at any time. In case of substantial changes, we will inform you by email or via an in-app notification. The date of the last update is indicated at the top of this page.
10. Contact
For any questions regarding this policy or your personal data:
[Company name]
Email: [contact / DPO email]
Address: [postal address]