Privacy Policy

1. Data controller

AquaSignal is the data controller for your personal data within the meaning of the General Data Protection Regulation (GDPR — EU Regulation 2016/679). Contact: contact@aquasignal.tech

2. Data collected

• Account: name, email, company, password (bcrypt hashed)
• Usage: monitored departments, generated reports, modules used
• Billing: Stripe data (customer ID, subscription status — no card stored on our servers)
• Technical logs: IP addresses, user-agent, connection timestamps

3. Processing purposes

• Service delivery and alert personalization
• Billing and subscription management
• Platform improvement (anonymized aggregated analytics)
• Sending email alerts and newsletters (with consent)

4. Data retention period

Account data is retained for the duration of the subscription, then 3 years after cancellation. Technical logs are retained for 12 months.

5. Subprocessors

• Neon (hosted PostgreSQL) — data storage
• Upstash (Redis) — application cache
• Stripe — online payment
• Resend — transactional email delivery
• Vercel — application hosting

All our subprocessors are GDPR compliant.

6. Your rights

Under the GDPR, you have the following rights: access, rectification, erasure ("right to be forgotten"), portability, restriction, and objection to processing. To exercise these rights: contact@aquasignal.tech

7. Cookies

AquaSignal only uses cookies strictly necessary for operation (NextAuth session). No advertising or third-party tracking cookies are used.

8. DPO Contact

For any questions regarding data protection: contact@aquasignal.tech. You also have the right to file a complaint with the CNIL (cnil.fr).