Privacy Policy
November 11, 2024
Introduction
Pilgrimz SAS (“we,” “our,” or “us”) is committed to protecting the privacy of our users (“you” or “user”). This Privacy Policy explains how we collect, use, retain, and share your personal data in compliance with relevant data protection laws, including the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).
If you have any questions, please reach out to us at privacy@wearepilgrimz.com.
1. Data Collection and Usage
We collect various types of data to enhance your experience and provide essential services through the Pilgrimz app.
Data Collected
- General Account Data: Name, email, geolocation data, IP address, device type, and user-generated content.
- Financial and Transaction Data: Billing information.
- Usage Data: Interaction data (clicks, page views) collected through PostHog and error/exception data collected through Sentry.
Purpose of Data Use
- To improve app features and functionality.
- To provide personalized content and notifications.
- For analytics to enhance user experience.
- To process payments and maintain service quality.
- Targeted Advertising: If targeted advertising or personalized content is introduced, we will provide an option for users to opt out.
2. Data Retention Policy
We follow strict guidelines on how long data is retained, based on its type and purpose.
| Data Type | Retention Period | Justification |
|---|---|---|
| General Account Data | While account is active, plus 3 years after last interaction | Aligns with GDPR’s data minimization principles. |
| Financial and Transaction Data | 10 years after fiscal year end of transaction | Required by the French Commercial Code for tax and accounting purposes. |
| User-Generated Content | While visible and up to 1 year post-deletion | Supports dispute resolution and compliance. |
| Employee Data | Up to 5 years after employment ends | Compliance with employment laws. |
| Marketing and Communication Data | 3 years post-last interaction | Based on CNIL guidelines for prospecting data. |
| Log and Usage Data | 6 months to 1 year | For security, analytics, and service improvements. |
| Cookies and Tracking Data | User consent for 6-13 months | In line with CNIL retention guidelines. |
| Identification and Verification | 5 years post-business relationship end (KYC data) | Ensures anti-money laundering compliance. |
| Legal and Dispute-Related Data | 5 years post-legal resolution | Aligns with French statute of limitations. |
Data Deletion: We ensure secure data deletion or anonymization after the retention period expires, respecting GDPR’s “right to be forgotten.”
3. Data Sharing
We may share certain data with third-party providers for essential services (e.g., payment processing, analytics) and, with your consent, marketing purposes. Data shared with partners will be anonymized whenever possible.
Current Third-Party Services
- Supabase: Database management.
- PostHog: User analytics.
- Sentry: Platform analytics.
For a full list and links to their Privacy Policies, please refer to our website.
4. User Consent
Users must provide explicit consent for data collection. You may opt out of certain data-sharing activities, like analytics, through settings available in the app. The Pilgrimz app will include opt-in/out options for tracking on the registration page and in the settings menu.
5. Data Security
We store all data in secure European cloud services and are committed to implementing data encryption and, where feasible, two-factor authentication to enhance security.
6. Children’s Data
Users under 16 years of age are not permitted to create accounts. This restriction aligns with COPPA regulations and other data privacy laws for minors.
7. Cross-Border Data Transfers
Currently, all data is stored within the EU (Ireland-based database). We are designing our infrastructure to facilitate data management across regions if expansion requires it, maintaining compliance with GDPR for any future transfers.
8. User Rights
Users have the right to:
- Access, update, or delete their data.
- Withdraw consent at any time.
- Request data portability.
To exercise your rights, contact us at privacy@wearepilgrimz.com.
9. Cookies and Tracking
While we do not use cookies in the app, we do use direct tracking tools such as PostHog and Sentry. Users can manage tracking settings directly within the app’s profile menu.
10. Policy Updates and Notifications
We will review this Privacy Policy annually or when significant changes are made to operations or regulations. Users will be notified of updates via in-app notifications.
11. Dispute Resolution
For any data privacy concerns, you may contact our Data Protection Officer at privacy@wearepilgrimz.com. We aim to resolve issues within 30 days. For unresolved issues, users may approach relevant local data protection authorities.