Privacy Policy

Last updated: April 2026

1. Data controller

The data controller for personal data collected through the OpenChantier Service is the publishing company, whose contact details appear in the Legal Notice.

2. Data collected

In the course of using the Service, we collect the following data:

  • Identification data: first name, last name, email address
  • Professional data: company name, company registration number, VAT number
  • Usage data: projects, photos, working hours, documents
  • Technical data: IP address, browser type, connection data
  • Payment data: processed exclusively by our payment provider Stripe

3. Purposes of processing

Your data is collected for the following purposes:

  • Provision and management of the Service
  • Management of your account and subscription
  • Service-related communications (notifications, updates)
  • Service improvement and usage analysis
  • Compliance with our legal and regulatory obligations

4. Legal basis

The processing of your data is based on:

  • Performance of a contract (provision of the Service)
  • Your consent (marketing communications)
  • Our legitimate interests (Service improvement, security)
  • Compliance with our legal obligations (invoicing, accounting)

5. Retention period

Your data is retained for the duration of your use of the Service, then for 3 years after account deletion, unless otherwise required by law.

Billing data is retained for 7 years in accordance with accounting obligations.

6. Data recipients

Your data may be shared with the following providers, strictly for the purpose of delivering the Service:

  • Vercel (hosting) — EU/US
  • Neon (database) — EU (Frankfurt)
  • Stripe (payments) — EU/US
  • UploadThing (file storage)
  • Resend (email delivery)

No data is sold to third parties.

7. International transfers

Some of our providers are based in the United States. Data transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, in accordance with UK GDPR.

8. Your rights

Under UK GDPR, you have the following rights:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ('right to be forgotten')
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing

To exercise these rights, contact us at the address in the Legal Notice. You may also lodge a complaint with the ICO (ico.org.uk).

9. Cookies

The Service uses strictly necessary cookies for operation (authentication, language preferences). No tracking or advertising cookies are used.

You may configure your browser to refuse cookies, but some features of the Service may be affected.

10. Security

We implement appropriate technical and organisational measures to protect your data: encryption in transit (HTTPS/TLS), per-user data isolation, and restricted access to production data.

Privacy Policy