Privacy Policy
Last updated: [DATE]
1. Introduction
Pillar places great importance on protecting your personal data. This privacy policy informs you about how we collect, use, share, and protect your data in accordance with the General Data Protection Regulation (GDPR).
2. Data Controller
[YOUR COMPANY] Address: [FULL ADDRESS] Email: contact@ai-pillar.com Phone: [NUMBER] Data Protection Officer (DPO): [NAME] - dpo@ai-pillar.com
3. Data Collected
We collect the following data: **Identification Data** - First name, last name - Email address - Password (encrypted) **Financial and Asset Data** - Income and expenses - Real estate and financial assets - Financial goals - Family situation (if provided) - Risk tolerance **Navigation Data** - IP address - Browser type - Pages visited - Visit duration - Cookies (see our Cookie Policy) **Payment Data** - Banking data is collected and processed directly by our payment provider Stripe. We do not store complete banking data.
4. Processing Purposes
Your data is collected to: - Create and manage your user account - Provide our financial diagnostic services - Personalize recommendations - Process payments - Send you communications (with your consent) - Improve our services - Comply with legal obligations - Ensure platform security
5. Legal Basis for Processing
The processing of your data is based on: - **Contract performance**: to provide requested services - **Consent**: for marketing communications - **Legitimate interest**: to improve services and ensure security - **Legal obligations**: to comply with tax and accounting regulations
6. Retention Period
We retain your data: - **Account data**: for the duration of your account + 3 years after deletion - **Diagnostic data**: 5 years (accounting obligation) - **Payment data**: 10 years (tax obligation) - **Cookies**: 13 months maximum - **Marketing data**: 3 years without contact from you After these periods, your data is deleted or anonymized.
7. Data Recipients
Your data may be shared with: **Service Providers** - Stripe (payment) - Supabase (hosting) - AI services for analysis (pseudonymized data) **Authorities** - Upon legal request (justice, tax administration) **No Data Sale** We never sell your data to third parties.
8. Transfers Outside EU
Some of our service providers may be located outside the European Union. In this case, we ensure that appropriate safeguards are in place (standard contractual clauses, Privacy Shield, etc.).
9. Data Security
We implement technical and organizational security measures: - Encryption of sensitive data (HTTPS, SSL/TLS) - Password encryption - Restricted data access - Regular backups - Security testing - Staff training However, no transmission over the Internet is completely secure.
10. Your Rights
Under GDPR, you have the following rights: **Right of access**: Obtain a copy of your data **Right to rectification**: Correct inaccurate data **Right to erasure**: Delete your data (under conditions) **Right to restriction**: Limit processing of your data **Right to portability**: Receive your data in structured format **Right to object**: Object to processing of your data **Right to withdraw consent**: At any time **Right to define post-mortem directives**: On the fate of your data after death To exercise your rights, contact us at: contact@ai-pillar.com Response time: maximum 1 month.
11. Complaint
If you believe your rights are not being respected, you can file a complaint with your data protection authority.
12. Cookies
We use cookies to improve your experience. For more information, see our Cookie Policy.
13. Modifications
This policy may be modified at any time. The current version is the one published on our site. We will inform you of major changes by email.
14. Contact
For any questions regarding this policy: Email: contact@ai-pillar.com Mail: [POSTAL ADDRESS] DPO: dpo@ai-pillar.com