StalkPhish.io - Privacy Policy

This Privacy Policy explains how StalkPhish.io ("we", "us", "the Site") collects, uses, and protects your personal information when you visit or use our services.

1. DATA CONTROLLER

StalkPhish.io is operated by an individual entrepreneur based in France. For any questions regarding your personal data, contact us at: contact (at) stalkphish.com

2. PERSONAL DATA WE COLLECT

Account Information: When you register, we collect your email address, username, and optionally your organization name.

Billing Information: When you subscribe to a paid plan, payment processing is handled by Stripe. We do not store your credit card details. Stripe may collect your name, billing address, and payment method. See Stripe's privacy policy at stripe.com/privacy.

Technical Data: We automatically collect your IP address, browser type, and access timestamps for security purposes (fraud prevention, abuse detection) and service operation.

API Usage Data: We log API requests (endpoints called, timestamps, response codes) to monitor service usage and enforce rate limits.

3. HOW WE USE YOUR DATA

We use your personal data for the following purposes and legal bases:

Contract performance: To provide our services, manage your account, process subscriptions, and communicate about your account status.

Legitimate interest: To ensure security of our platform, prevent fraud and abuse, and improve our services.

Legal obligation: To comply with applicable laws and respond to lawful requests from authorities.

4. COOKIES

We use only essential technical cookies required for the Site to function properly (session management, authentication). We do not use advertising cookies, tracking pixels, or analytics tools that collect personal data. No consent banner is required as these cookies are strictly necessary for service operation.

5. DATA SHARING

We do not sell your personal data. We share data only with:

Stripe: Our payment processor, which receives billing information necessary to process your subscription payments. Stripe is certified under EU-US Data Privacy Framework.

Legal authorities: When required by law or to protect our rights.

6. DATA HOSTING AND STORAGE

Your data is hosted exclusively within the European Union by French cloud providers:

OVHcloud: Infrastructure and database hosting (datacenters located in France).

Scaleway: Additional infrastructure services (datacenters located in France).

OVHcloud and Scaleway are French companies not subject to extraterritorial laws such as the US Cloud Act, ensuring your data remains under European jurisdiction.

7. DATA RETENTION

Account data: Retained for the duration of your account, plus 3 years after deletion for legal purposes.

Technical logs: Retained for 12 months for security and debugging purposes.

Billing records: Retained for 10 years as required by French tax law.

8. INTERNATIONAL TRANSFERS

Your data is stored on servers located in France. Payment data processed by Stripe may be transferred to the United States; such transfers are protected by Stripe's certification under the EU-US Data Privacy Framework and Standard Contractual Clauses.

9. YOUR RIGHTS (GDPR)

If you are located in the European Economic Area, you have the following rights:

Access: Request a copy of your personal data.
Rectification: Request correction of inaccurate data.
Erasure: Request deletion of your data ("right to be forgotten").
Portability: Receive your data in a structured, machine-readable format.
Restriction: Request limitation of processing.
Objection: Object to processing based on legitimate interest.

To exercise these rights, contact us at contact (at) stalkphish.com. We will respond within 30 days. You also have the right to lodge a complaint with the French data protection authority (CNIL) or your local supervisory authority.

10. SECURITY

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS), secure password hashing, and access controls.

11. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Any changes will be posted on this page. The "Last updated" date at the top indicates when this policy was last revised.

12. CONTACT

For any questions about this Privacy Policy or to exercise your rights, contact us at: contact (at) stalkphish.com