Privacy Policy

Last updated: January 15, 2026

This Privacy Policy explains how Frederic Alix ("we," "us," "our") collects, uses, and protects your personal data when you use the WhookTown platform ("Service").

We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

Frederic Alix
1 rue de Tilloloy
50500 Carentan les Marais
France

Email: legal@whook.town
SIRET: 413 362 252 00061

2. Data We Collect

2.1 Account Data

When you create an account, we collect:

  • Email address
  • Password (stored as a secure hash, never in plain text)
  • Account role and permissions

2.2 Service Usage Data

When you use the Service, we collect:

  • City layouts and configurations you create
  • Sensor configurations and mappings
  • Workflow definitions
  • Camera presets and paths

2.3 Sensor Data

If you send data to our sensor endpoints:

  • Sensor values and metrics from your monitored systems
  • Timestamps of data submissions
  • Source identifiers

Note: We recommend not sending personally identifiable information through sensor data. The Service is designed for infrastructure metrics, not personal data.

2.4 Technical Data

We automatically collect:

  • IP address
  • Browser type and version
  • Operating system
  • Access timestamps
  • Pages and features accessed
  • Error logs for debugging

2.5 Payment Data

Payment processing is handled by Stripe. We do not store:

  • Credit card numbers
  • Bank account details
  • Full payment card information

We receive from Stripe:

  • Subscription status
  • Transaction history
  • Last four digits of payment card (for reference only)

3. How We Use Your Data

3.1 To Provide the Service

  • Creating and managing your account
  • Processing your sensor data and displaying visualizations
  • Storing your layouts and configurations
  • Sending real-time updates via WebSocket

3.2 To Process Payments

  • Managing your subscription
  • Generating invoices
  • Processing refunds when applicable

3.3 To Communicate With You

  • Sending service-related notifications
  • Responding to support requests
  • Notifying you of changes to our terms or policies

3.4 To Improve the Service

  • Analyzing usage patterns to improve features
  • Debugging and fixing technical issues
  • Ensuring security and preventing abuse

4. Legal Basis for Processing

Under GDPR, we process your data based on:

Purpose Legal Basis
Providing the Service Contract performance (Art. 6(1)(b))
Processing payments Contract performance (Art. 6(1)(b))
Security and fraud prevention Legitimate interest (Art. 6(1)(f))
Service improvement Legitimate interest (Art. 6(1)(f))
Legal compliance Legal obligation (Art. 6(1)(c))
Marketing communications Consent (Art. 6(1)(a))

5. Data Retention

We retain your data for the following periods:

Data Type Retention Period
Account data Duration of account + 30 days after deletion
Layouts and configurations Duration of account + 30 days after deletion
Sensor data 90 days (rolling)
Technical logs 12 months
Invoices and payment records 10 years (legal requirement)
Support correspondence 3 years

After the retention period, data is permanently deleted or anonymized.

6. Data Sharing

6.1 Third-Party Service Providers

We share data with:

Stripe (Payment Processing)
Purpose: Processing subscription payments
Data shared: Email, subscription details
Privacy Policy: https://stripe.com/privacy

We do not sell your personal data to third parties.

6.2 Legal Requirements

We may disclose your data if required by:

  • Court order or legal process
  • Law enforcement requests
  • Protection of our legal rights

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. You will be notified of any such change.

7. Your Rights Under GDPR

As a data subject, you have the following rights:

7.1 Right of Access

You can request a copy of all personal data we hold about you.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete data.

7.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when:

  • The data is no longer necessary
  • You withdraw consent
  • The data was unlawfully processed

7.4 Right to Data Portability

You can request your data in a structured, machine-readable format.

7.5 Right to Restriction

You can request limitation of data processing in certain circumstances.

7.6 Right to Object

You can object to processing based on legitimate interests.

7.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

How to Exercise Your Rights

To exercise any of these rights:

  • Email us at legal@whook.town
  • Include your account email and specify your request
  • We will respond within 30 days

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

8.1 Technical Measures

  • Encryption of data in transit (TLS/HTTPS)
  • Secure password hashing (bcrypt)
  • Access control and authentication
  • Regular security updates
  • Firewall and intrusion detection

8.2 Organizational Measures

  • Limited access to personal data
  • Security awareness
  • Incident response procedures

8.3 Breach Notification

In the event of a data breach that poses a risk to your rights:

  • We will notify the relevant supervisory authority within 72 hours
  • We will inform affected users without undue delay

9. International Data Transfers

9.1 Data Location

Your data is primarily stored and processed in France/European Union.

9.2 Transfers Outside the EU

When data is transferred outside the EU (e.g., to Stripe's US servers):

  • We ensure appropriate safeguards are in place
  • Stripe participates in the EU-US Data Privacy Framework
  • Standard Contractual Clauses may be used where applicable

10. Cookies and Tracking

10.1 Essential Cookies

We use essential cookies for:

  • Session management (authentication)
  • Security tokens
  • User preferences

These cookies are necessary for the Service to function and cannot be disabled.

10.2 Analytics

We do not currently use third-party analytics services. If this changes, we will update this policy and obtain consent where required.

10.3 Managing Cookies

You can manage cookies through your browser settings. Note that disabling essential cookies may prevent the Service from functioning properly.

11. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at legal@whook.town.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be communicated via:

  • Email to your registered address
  • Notice within the Service
  • Updated "Last updated" date on this page

Material changes will be notified at least 30 days before taking effect.

13. Supervisory Authority

If you are in the European Union and believe we have not addressed your concerns adequately, you have the right to lodge a complaint with a supervisory authority.

For users in France:

CNIL (Commission Nationale de l'Informatique et des Libertés)
3 Place de Fontenoy
TSA 80715
75334 Paris Cedex 07
France
Website: https://www.cnil.fr

14. Contact Us

For any questions about this Privacy Policy or our data practices:

Frederic Alix
1 rue de Tilloloy
50500 Carentan les Marais
France

Email: legal@whook.town

We aim to respond to all inquiries within 30 days.

By using WhookTown, you acknowledge that you have read and understood this Privacy Policy.