Privacy Policy
Last updated: March 18, 2026
ArchiScroll is committed to protecting the privacy of its users. This policy describes what data is collected, why, and how it is processed, in accordance with the General Data Protection Regulation (GDPR — EU 2016/679).
1. Data Controller
The data controller is ArchiScroll.
Contact : contact@archiscroll.com
2. Data Collected
| Category | Data | Purpose |
|---|---|---|
| Account | Email address, password (hashed) | Authentication, access to the Service |
| Profile | Name, firm, phone, logo | Personalisation of PDF reports |
| Projects | Business data (projects, reports, observations) | Delivery of the Service |
| Technical | Connection logs, IP address | Security, fraud detection |
| Payment | Information sent to Stripe (not stored by ArchiScroll) | Pro subscription management |
3. Legal Basis for Processing
- Performance of contract— to provide you with the Service
- Consent— for marketing communications (if given)
- Legitimate interest— for security and abuse prevention
- Legal obligation— for invoicing and accounting
4. Hosting and Data Transfer
Data is hosted on Supabase (AWS infrastructure, Europe region — Frankfurt, Germany). Servers are located in the European Union. No data is transferred to third countries without adequate safeguards.
5. Retention Period
- Active account data: retained for the lifetime of the account
- After account deletion: erased within 30 days
- Security logs: 12 months
- Billing data: 10 years (legal obligation)
6. Sharing with Third Parties
Your data is never sold or shared for advertising purposes. It may be shared with the following technical providers, solely within the scope of their services:
- Supabase— database hosting and authentication
- Stripe— payment processing
- Vercel— web application hosting
7. Cookies
ArchiScroll uses only strictly necessary functional cookies (authentication session, language preferences). No advertising or third-party tracking cookies are used.
8. Your Rights (GDPR)
Under the GDPR, you have the following rights:
- Access— obtain a copy of your data
- Rectification— correct inaccurate data
- Erasure— delete your account and data
- Portability— export your data (feature available in the app)
- Objection— object to certain processing
- Restriction— temporarily restrict processing
To exercise these rights, contact us at contact@archiscroll.com. You may also lodge a complaint with the CNIL (French Data Protection Authority).
9. Security
We implement appropriate technical and organisational measures: data encryption in transit (TLS), hashed passwords (bcrypt), JWT token authentication, restricted access to production data.
10. Changes
This policy may be updated. In the event of a significant change, you will be notified by email. The current version is always accessible on this page.