PRIVACY POLICY
Last updated: 31 October 2025
The Publisher (hereinafter "the Publisher" or "We") is committed to protecting the privacy of its users (hereinafter "the User" or "You") in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation - GDPR).
ARTICLE 1: DATA CONTROLLER
The data controller for your personal data is Vincent Schmitt, Sole Proprietor, located at 6 avenue pythagore 06560 Sophia-Antipolis.
- Contact email for data protection: Cornerstone.tobefoundation@gmail.com
ARTICLE 2: PERSONAL DATA COLLECTED
We collect different categories of data:
- Data provided directly by the User: When you create your Account, we collect your email address.
- Data collected via third-party services:
- Authentication: If you choose to log in via Google Sign-In, we collect your unique Google ID and associated email address.
- Payment: If you subscribe to a paid plan, our payment provider Stripe collects the necessary payment information (name, credit card information). We do NOT store your credit card information on our servers.
- Data collected automatically: When you browse the Platform, we collect technical data such as your IP address, connection logs, and information about your device and browser, notably through cookies.
ARTICLE 3: PURPOSES AND LEGAL BASES FOR PROCESSING
| Purpose of Processing | Data Concerned | Legal Basis (GDPR) |
|---|---|---|
| Creation and management of the User Account | Email address, Google ID | Performance of a contract (Art. 6.1.b) |
| Provision of the subscribed Service | Email address, Google ID | Performance of a contract (Art. 6.1.b) |
| Processing payments and managing subscriptions | Payment data (via Stripe) | Performance of a contract (Art. 6.1.b) |
| Securing the Platform and fraud prevention | IP address, connection logs | Legitimate interest (Art. 6.1.f) |
| Audience analysis and Service improvement | Navigation data (cookies) | Consent (Art. 6.1.a) |
| Communication (customer support, service information) | Email address | Performance of a contract / Legitimate interest |
ARTICLE 4: DATA RECIPIENTS (PROCESSORS)
We do not sell or rent your personal data.
We may share it with service providers (processors) acting on our behalf, including:
- Platform hosting provider.
- Payment service provider: Stripe, Inc.
- Authentication service provider: Google LLC.
- Audience analysis tool provider: Google LLC (Google Analytics).
ARTICLE 5: DATA TRANSFERS OUTSIDE THE EUROPEAN UNION
Some of our processors (notably Google LLC and Stripe, Inc.) are located in the United States.
The transfer of your personal data to this country is governed by the signing of the European Commission's Standard Contractual Clauses (SCCs) with these providers.
In accordance with the case law of the Court of Justice of the European Union ("Schrems II") and the positions of data protection authorities (such as the CNIL in France), the User is informed that US legislation does not guarantee a level of data protection deemed equivalent to that of the GDPR, particularly concerning potential access to this data by US public authorities.
Despite the contractual guarantees in place, a residual risk remains.
By using our services, you acknowledge that you have been informed of this risk.
ARTICLE 6: DATA RETENTION PERIOD
Your data is retained for the duration of your contractual relationship with us.
Upon deletion of your Account, certain data (e.g., invoices) are archived for the legally required period.
Data collected via cookies is retained for a maximum period of 13 months.
ARTICLE 7: YOUR RIGHTS
In accordance with the GDPR, you have the following rights over your data:
- Right of access (Art. 15)
- Right to rectification (Art. 16)
- Right to erasure ('right to be forgotten') (Art. 17)
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20)
- Right to object (Art. 21)
You can exercise these rights by contacting us at the email address mentioned in Article 1. You also have the right to lodge a complaint with the competent supervisory authority (in France, the CNIL - www.cnil.fr).
ARTICLE 7a: YOUR RIGHTS (U.S. RESIDENTS)
If you are a resident of California, you have the following rights under the California Consumer Privacy Act (CCPA):
- The right to know what personal information is being collected about you.
- The right to know whether your personal information is sold or disclosed and to whom.
- The right to say no to the sale of personal information.
- The right to access your personal information.
- The right to equal service and price, even if you exercise your privacy rights.
ARTICLE 8: COOKIE POLICY
We use cookies to ensure the proper functioning of the Platform (technical cookies) and to measure our audience (analytical cookies).
The use of non-essential cookies is subject to your prior consent, which you can manage at any time via our cookie management banner.
ARTICLE 9: DATA SECURITY
We implement appropriate technical and organizational measures to protect your personal data, including the encryption of communications (HTTPS protocol) and securing our servers.
ARTICLE 10: POLICY AMENDMENT
We may amend this policy.
You will be notified of any substantial changes.