Privacy Policy

Protecting your personal data is a priority for Knoovi. This privacy policy explains what data we collect, why we collect it, how we use it, and what your rights are.

This policy complies with the General Data Protection Regulation (GDPR) and the French Data Protection Act (Loi Informatique et Libertés).

Controller: [To be completed with your information]

Address: [To be completed]

Email: [To be completed]

3.1 Identification Data

• Email address
• Password (hashed and secured)
• Account creation date

3.2 Usage Data

• Videos viewed
• Favorite categories
• Browsing history on the platform
• Questions asked to the AI
• Content proposals

3.3 Subscription Data

• Subscription type (free/premium)
• Subscription and renewal dates
• Payment history (via Stripe)

3.4 Technical Data

• IP address
• Browser type and operating system
• Connection data (date, time)
• Cookies (see our cookie policy)

Your data is collected and processed for the following purposes:

• User account management - Creation, authentication, and management of your account
• Service provision - Access to videos, favorites, personalized recommendations
• Subscription management - Billing, renewal, cancellation
• Service improvement - Usage analysis, bug fixes, new features
• Communication - Transactional emails, important notifications, customer support
• Security - Fraud prevention, abuse detection, user protection
• Legal obligations - Compliance with legal and regulatory requirements

Data processing is based on the following legal grounds:

• Contract performance - Provision of the Knoovi service following your registration
• Legitimate interest - Service improvement, security, fraud prevention
• Consent - Marketing (if you have agreed), non-essential cookies
• Legal obligation - Retention of billing data

Your data may be shared with:

• Supabase - Database hosting and authentication (United States — Standard Contractual Clauses)
• Stripe - Payment processing (secured banking data) (United States — EU-US Data Privacy Framework certified)
• OpenAI - Processing of AI questions (United States — Standard Contractual Clauses; your questions may transit through US servers)
• Vercel - Platform hosting (United States — EU-US Data Privacy Framework certified)
• Google Analytics - Anonymized traffic analysis (United States — EU-US Data Privacy Framework certified; only with your consent)
• YouTube API - Retrieval of video metadata (United States — EU-US Data Privacy Framework certified)

No data is sold to third parties. Subcontractors are contractually bound to respect the confidentiality and security of your data.

• Active account data - Retained as long as the account is active
• Data after account deletion - Deleted immediately, except for legal obligations (billing: 10 years)
• Browsing data - Retained for a maximum of 13 months
• Technical logs - Retained for a maximum of 12 months

In accordance with the GDPR, you have the following rights:

• Right of access - Obtain a copy of your personal data
• Right to rectification - Correct inaccurate or incomplete data
• Right to erasure - Request the deletion of your data
• Right to restriction - Restrict the processing of your data
• Right to data portability - Retrieve your data in a structured format
• Right to object - Object to the processing of your data
• Right to withdraw consent - Withdraw your consent at any time

To exercise these rights, contact us at: [To be completed with your email]

You also have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés): www.cnil.fr

We implement technical and organizational measures to protect your data:

• Data encryption in transit (HTTPS/TLS)
• Password hashing (bcrypt)
• Secure authentication (Supabase Auth)
• Row Level Security (RLS) on the database
• Regular backups
• Restricted data access by administrators
• Monitoring and detection of unauthorized access

Some of our subcontractors (OpenAI, Stripe, Vercel) may transfer your data outside the European Union. These transfers are governed by:

• Standard contractual clauses of the European Commission
• Certifications (EU-US Data Privacy Framework)
• Appropriate data protection safeguards

Knoovi uses cookies to improve your experience. For more information, please refer to our Cookie Policy.

Knoovi is not intended for minors under the age of 15. If we discover that a minor under 15 has created an account, we will delete it immediately.

Minors aged 15 to 18 must obtain permission from their parents or legal guardians before creating an account.

We may update this privacy policy at any time. Significant changes will be notified to you by email or via a notification on the platform.

The date of the last update is indicated at the bottom of this page.