Back

Privacy Policy

Last updated: January 6, 2025

Introduction

KALEO-IT (hereinafter "we", "our" or "the Publisher") attaches paramount importance to the protection of its users' personal data.

This Privacy Policy aims to inform users of the Bounce Crew service (hereinafter "the Service") about how their personal data is collected, processed and protected, in accordance with the General Data Protection Regulation (GDPR) No. 2016/679 and the French Data Protection Act of January 6, 1978, as amended.

By using the Service, you acknowledge having read this Policy and consent to the processing of your data under the conditions described below.

1. Data Controller

The data controller for personal data is:

KALEO-IT

SAS with capital of €500.00

679 avenue de la République, 59800 Lille, France

SIREN: 882 321 227 - RCS Lille Métropole

Email: dpo@bounce-crew.io

2. Personal Data Collected

We collect different categories of personal data as part of using the Service:

2.1 Identification Data

When you register via LinkedIn OAuth, we collect:

  • First and last name
  • Professional email address
  • Unique LinkedIn identifier
  • LinkedIn profile photo
  • Job title (headline)

2.2 Content Data

As part of using the Service, we process:

  • LinkedIn posts created via the Service
  • Uploaded media (images, documents)
  • Configured AI profiles (tone, topics, customization)
  • Interactions within Workspaces

2.3 Technical and Connection Data

  • IP address
  • Browser type and version
  • Operating system
  • Pages viewed and actions taken
  • Date and time of connection
  • Cookie data (see dedicated section)

2.4 Billing Data

For paid subscriptions, payment data (card number, etc.) is collected and processed directly by our payment provider Stripe, PCI-DSS certified. We do not store your banking data.

3. Processing Purposes

Your personal data is processed for the following purposes:

PurposeLegal Basis
Creating and managing your accountContract performance
Providing the Service (creating, scheduling, publishing posts)Contract performance
AI-assisted content generationContract performance
Payment management and invoicingContract performance / Legal obligation
Service-related communication (notifications, updates)Legitimate interest
Service improvement and statistical analysisLegitimate interest
Compliance with legal obligationsLegal obligation
Commercial prospecting (newsletters, offers)Consent

4. Retention Period

Your personal data is retained for the period strictly necessary for the purposes for which it is processed:

  • Account data: throughout your registration, then 3 years from the last activity on the account, unless deletion is requested.
  • Content data (posts, media): during the subscription period, then deleted within 30 days following termination.
  • Billing data: 10 years from the end of the relevant accounting period (legal obligation).
  • Technical data (logs): 12 months maximum.
  • Cookies: 13 months maximum from their deposit.

Upon expiration of these periods, data is deleted or irreversibly anonymized.

5. Data Recipients

Your personal data may be communicated to the following categories of recipients:

5.1 Internal Recipients

  • Members of your Workspace (as part of collaboration)
  • Authorized KALEO-IT personnel (support, technical, administrative)

5.2 Subcontractors

We use technical service providers to ensure the operation of the Service. These subcontractors act on our instructions and are contractually bound to respect the confidentiality and security of your data:

  • Vercel Inc. (United States) - Web application hosting
  • Railway Corporation (United States) - API and database hosting
  • Stripe, Inc. (United States) - Payment processing
  • Anthropic PBC (United States) - Artificial intelligence services
  • LinkedIn Corporation (United States) - OAuth authentication and publishing

5.3 Other Recipients

Your data may also be communicated to competent administrative or judicial authorities when required by law.

6. Data Transfers Outside the European Union

Some of our subcontractors are located outside the European Union, particularly in the United States. These transfers are governed by:

  • The EU-US Data Privacy Framework (DPF): our American service providers (Vercel, Stripe, Anthropic) are certified under the DPF, recognized by the European Commission as providing an adequate level of protection (adequacy decision of July 10, 2023).
  • Standard Contractual Clauses (SCC): for non-DPF certified providers, we implement the SCCs adopted by the European Commission.

You can obtain a copy of the guarantees in place by contacting us at dpo@bounce-crew.io.

7. Your Rights

In accordance with the GDPR and the French Data Protection Act, you have the following rights over your personal data:

  • Right of access: obtain confirmation that your data is being processed and receive a copy.
  • Right of rectification: have your inaccurate or incomplete data corrected.
  • Right to erasure ("right to be forgotten"): request the deletion of your data in cases provided by law.
  • Right to restriction: request the suspension of processing of your data in certain cases.
  • Right to portability: receive your data in a structured and commonly used format, or have it transferred to another data controller.
  • Right to object: object to the processing of your data for legitimate reasons, or to commercial prospecting.
  • Right to withdraw consent: at any time, when processing is based on your consent.
  • Post-mortem directives: define directives regarding the fate of your data after your death.

Exercising Your Rights

You can exercise your rights at any time by contacting us:

  • By email: dpo@bounce-crew.io
  • By mail: KALEO-IT - DPO, 679 avenue de la République, 59800 Lille, France

We will respond within one month of receiving your request. This period may be extended by two months depending on the complexity or number of requests.

In case of difficulty, you have the right to lodge a complaint with the French Data Protection Authority (CNIL): www.cnil.fr

8. Cookies and Similar Technologies

8.1 What is a Cookie?

A cookie is a small text file placed on your device (computer, tablet, smartphone) when visiting a website. It allows storing information about your browsing.

8.2 Types of Cookies Used

TypePurposeDuration
Strictly necessary cookiesAuthentication, security, session preferencesSession
Performance cookiesStatistical analysis (pages viewed, time spent)13 months
Functional cookiesRemembering your preferences (language, theme)12 months

8.3 Cookie Management

Strictly necessary cookies do not require your consent as they are essential for the Service to function.

For other cookies, you can modify your preferences at any time:

  • Via the cookie banner displayed on your first visit
  • Via your browser settings

Refusing non-essential cookies will not affect your access to the Service, but may limit certain features.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, modification, disclosure or destruction, including:

  • Data encryption in transit (HTTPS/TLS)
  • Data encryption at rest (database)
  • Secure authentication via OAuth 2.0 (LinkedIn)
  • Signed JWT access tokens with limited duration
  • Data access restriction according to the principle of least privilege
  • Access monitoring and logging
  • Regular security updates

In case of a data breach likely to result in a high risk to your rights and freedoms, we will inform you as soon as possible in accordance with our legal obligations.

10. Minors' Data

The Service is intended for professional use (B2B) and is not designed to be used by persons under 18 years of age. We do not knowingly collect personal data concerning minors. If we become aware that a minor has provided personal data, we will take the necessary steps to delete it.

11. Privacy Policy Amendments

We reserve the right to modify this Privacy Policy at any time to adapt it to legal, regulatory or technical developments.

In case of substantial modification, we will inform you by email or notification in the Service at least 30 days before the modifications take effect.

The date of last update is indicated at the top of this document. We encourage you to consult this page regularly.

12. Contact

For any questions regarding this Privacy Policy or the exercise of your rights, you can contact us:

Data Protection Officer (DPO)

KALEO-IT

679 avenue de la République, 59800 Lille, France

Email: dpo@bounce-crew.io