Privacy Policy

Last updated: 28 July 2025

1. Purpose of this policy

This policy explains what personal data is collected and processed by Enchanter Consulting SAS (hereinafter “we”, “our”, “the Site”) when you use the website begonia.pro (the “Site”) and the SaaS services offered therein, including authentication via Google OAuth (the “Service”). It also describes your rights and how to exercise them.

2. Data controller

Company: Enchanter Consulting SAS
Company registration (SIREN): 923 456 789
Address: 10 rue des Lilac, 75010 Paris, France
DPO contact: antoine@begonia.pro

3. Data collected and purposes

Data category	Example	Purpose	Legal basis	Retention period
Google OAuth data	Email address, name, profile picture, Google ID	Account creation & management, secure login, Service customisation	Performance of the contract (ToU)	As long as the account is active + 12 months after deletion (logs)
Functional cookies	`i18n_redirected`	Remember chosen language	Legitimate interest (user experience)	12 months
Aggregated statistics	Pages viewed (via Fathom)	Anonymous audience measurement	Legitimate interest (analytics)	24 months
Functional cookies	`gbp_audit_visitor_id`	Restrict audit requests per visitor	Legitimate interest (service operation)	30 days
Functional cookies	IP address	Limit the number of Google Business Profile audits per visitor	Legitimate interest (service operation)	30 days

We collect no profiling, marketing or advertising data.

4. How we collect Google OAuth data

When you click “Sign in with Google”, you are redirected to Google OAuth where Google tells you exactly what information you will share. We request the following scopes:

https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile

These scopes allow us only to obtain your verified email address and basic profile information (name, picture). We do not access your emails, documents, calendar or any other sensitive data.

4.1. Limited Use

In accordance with the Google API Services User Data Policy, we use and transfer information received from Google APIs solely to provide and improve the Service; we do not sell or share this data with third parties, except (i) with your consent, (ii) as necessary to operate and secure the Service, or (iii) when required by law. We implement internal mechanisms to ensure compliance with the “Limited Use” principle.

5. Recipients and transfers outside the EU

Data is hosted by:

Vercel Inc. (hosting, United States)
– Legal basis: European Commission Standard Contractual Clauses (SCC)
Google LLC (authentication, United States)
– Legal basis: SCC + participation in the EU‑US Data Privacy Framework (where applicable)

No other transfer is made without your explicit consent.

6. Security

We implement appropriate technical and organisational measures: TLS encryption, encrypted storage of OAuth tokens, strict access control, regular security reviews.

7. Your rights

You have the rights of access, rectification, erasure, objection, restriction of processing, data portability and withdrawal of consent.
To exercise them: contact us at antoine@begonia.pro or delete your account directly in your user area.

7.1. Revoking Google access

You can:

Remove access in your Google account settings: https://myaccount.google.com/permissions.
Delete your account in the Service: your data will be erased within 30 days (including backups).

8. Updates to this policy

Any material change will be announced on the Site and, where appropriate, by email. The effective date appears at the top of the document.