Privacy Policy

Last updated: March 2, 2026

Data controller

Elementium is the controller of your personal data within the meaning of the General Data Protection Regulation (GDPR) and applicable data protection laws.

Contact: privacy@elementium.fr

Data collected

Depending on your use of the service, we collect the following data:

NameProvided during registration or via OAuth (Google, GitHub)

Email addressRequired to create an account and identify you

PasswordHashed (bcrypt) – never stored in plain text

Payment dataManaged exclusively by Stripe – not stored by us

Subscription statusSubscription type, renewal date

Session dataEncrypted JWT to maintain your session

Usage dataPages visited (anonymized server logs)

We do not collect precise location data, phone numbers or biometric information.

Processing purposes

Your data is used to:

Create and manage your user account
Authenticate your logins securely
Manage your Premium subscription and payments
Send you account-related notifications (renewal, etc.)
Improve the service and detect technical anomalies

Legal basis: contract performance (account and subscription), legitimate interest (security, service improvement), consent (marketing communications, if applicable).

Data sharing

We do not sell or rent your personal data. It may be shared only with the following processors, strictly within the scope of their missions:

Stripe — Payment processingPrivacy policy →

Google (OAuth) — Authentication via Google accountPrivacy policy →

GitHub (OAuth) — Authentication via GitHub accountPrivacy policy →

Host (Neon / Vercel) — Database and application hosting

Cookies and local storage

Elementium uses storage mechanisms to ensure the proper functioning of the service:

Session cookieNextAuth JWT – essential for authentication (session only)

sessionStorageTemporary flags for notifications (login/logout) – not persistent

localStorageFavorites and local preferences (theme)

We do not use advertising cookies or third-party trackers.

Your rights (GDPR)

In accordance with the GDPR, you have the following rights over your personal data:

Right of access

Obtain a copy of your data

Right of rectification

Correct inaccurate data

Right to erasure

Request deletion of your account

Right to portability

Receive your data in a standard format

Right to object

Object to certain processing

Right to restriction

Restrict the processing of your data

To exercise these rights, contact us at privacy@elementium.fr. We respond within 30 days. You may also lodge a complaint with the relevant data protection authority.

Data retention

Your data is retained for as long as your account is active. Upon account deletion:

Account data: deleted within 30 days
Payment data: retained by Stripe according to their legal obligations (10 years)
Anonymized logs: retained for 12 months for security purposes

Contact & updates

For any questions regarding this policy: privacy@elementium.fr

In case of a material change to this policy, you will be notified by email or via a banner in the application.