Epsylon
Legal information

Transparency first.

Everything you should know about Epsylon: who publishes it, who hosts it, what we do with your data, and the terms of use.

Privacy & GDPR

Last updated: April 25, 2025

Epsylon is committed to protecting your privacy and your customers' data. This policy explains what we collect, why, and how we handle it. The official binding version is the French version at /confidentialite; this English version is provided for convenience.

1. Data controller

The data controller for the website epsylon-cie.fr is Epsylon (13 Impasse d'Issalo, 19600 Larche, France), reachable at contact@app-epsylon.fr.

For data processed inside the Epsylon ERP on behalf of our Customers (their own customers, employees, transactions), the Customer is the data controller and Epsylon acts as a data processor under article 28 of the GDPR.

2. Data we collect

2.1 On epsylon-cie.fr

  • Contact form: name, email, company name (optional), message.
  • Account creation: name, email, password (hashed), company.
  • Technical logs: IP address, browser, pages visited (retained 12 months).

2.2 Inside the Epsylon ERP

The ERP stores data that the Customer enters: business contacts, repair tickets, invoices, inventory, payments, etc. We do not access this data except for technical support requested by the Customer.

3. Purposes & legal basis

  • Provide the Service - performance of contract (art. 6.1.b GDPR).
  • Billing and accounting - legal obligation (art. 6.1.c).
  • Security and fraud prevention - legitimate interest (art. 6.1.f).
  • Marketing emails - consent (art. 6.1.a), opt-out at any time.

4. Retention

  • Active account: kept while the subscription is active.
  • After cancellation: 30 days for export, then deletion.
  • Invoices and accounting documents: 10 years (legal obligation).
  • Marketing prospects: 3 years after last contact.
  • Cookies: 13 months maximum.

5. Recipients & subprocessors

Your data is only shared with the following subprocessors, all GDPR-compliant:

  • LWS (France) - hosting and backups.
  • Stripe (Ireland) - payment processing.
  • Brevo (France) - transactional email.

Your data never leaves the European Union.

6. Your rights

Under the GDPR you have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Erase your data (right to be forgotten).
  • Restrict processing.
  • Data portability.
  • Object to processing.
  • Withdraw consent at any time.

To exercise these rights, contact contact@app-epsylon.fr. You may also file a complaint with the CNIL (French data protection authority) or your local supervisory authority.

7. Cookies

The website uses only strictly necessary cookies (session, theme preference) which do not require consent. We do not use advertising trackers.

8. Security

  • HTTPS / TLS 1.3 on every endpoint.
  • Passwords hashed (Argon2).
  • Daily backups, 30-day retention.
  • Documents cryptographically signed and archived.
  • Hosting in ISO 27001 certified data centres in France.

9. Changes

We may update this policy. Significant changes will be notified by email or in-app at least 30 days before they take effect.