Privacy Policy
Last updated: December 21, 2025
1. Introduction
At SyncPIM (published by Stellab SASU), we place the utmost importance on protecting your personal data. This privacy policy describes how we collect, use, store, and protect your information when you use our service.
We are committed to complying with the General Data Protection Regulation (GDPR) and all applicable data protection laws.
2. Data Controller
The data controller for your personal data is:
- Company: Stellab SASU
- Contact: Contact form (select "Privacy / Legal")
3. Data We Collect
3.1 Data You Provide
- Account information: name, email address, password (hashed)
- Billing information: billing address, payment information (processed by Stripe)
- Company information: company name, industry
- Configurations: Akeneo credentials (encrypted), export settings, custom enrichers
3.2 Automatically Collected Data
- Connection data: IP address, browser type, operating system
- Usage data: pages visited, features used, action timestamps
- Technical logs: errors, performance, system events
3.3 Data Transiting Through the Service
During exports, your Akeneo product data transits through our servers. This data is processed only to perform the export and is not stored beyond the time necessary for processing (typically a few seconds to a few minutes).
4. Purposes of Processing
We use your data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Provide and maintain the Service | Contract performance |
| Manage your account and subscription | Contract performance |
| Process payments | Contract performance |
| Provide technical support | Contract performance |
| Send important communications | Legitimate interest |
| Improve the Service | Legitimate interest |
| Prevent fraud and abuse | Legitimate interest |
| Send marketing communications | Consent |
5. Data Sharing
5.1 Sub-processors
We use sub-processors to provide the Service:
- Clerk (USA): Authentication and user management
- Stripe (USA): Payment processing
- Vercel (USA): Web application hosting
- Railway (USA): API and worker hosting
- Neon (USA): PostgreSQL database
These sub-processors are bound by Standard Contractual Clauses (SCCs) ensuring adequate protection for transfers outside the EU.
5.2 Other Recipients
We may share your data with:
- Competent authorities if required by law
- Professional advisors (lawyers, accountants) bound by professional secrecy
- A potential acquirer in case of business transfer (with prior notice)
5.3 What We Never Do
- Sell your personal data to third parties
- Share your Akeneo product data with other customers
- Use your data for advertising profiling
6. Data Security
We implement technical and organizational security measures to protect your data:
- Encryption: All communications use HTTPS/TLS. Akeneo credentials are encrypted at rest (AES-256)
- Authentication: Multi-factor authentication available, secure sessions
- Infrastructure: Hosting on certified platforms (SOC 2, ISO 27001)
- Access: Principle of least privilege, access logging
- Monitoring: 24/7 surveillance, automated security alerts
- Backups: Daily encrypted backups with 30-day retention
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Duration of subscription + 3 years |
| Billing data | 10 years (legal requirement) |
| Export configurations | 30 days after termination |
| Technical logs | 90 days |
| Product data in transit | Processing duration only |
8. Your Rights
Under the GDPR, you have the following rights:
8.1 Right of Access
You can request a copy of all personal data we hold about you.
8.2 Right to Rectification
You can request correction of inaccurate or incomplete data. Most information can be modified directly in your dashboard.
8.3 Right to Erasure
You can request deletion of your personal data. Note that some data must be retained for legal reasons (billing, tax obligations).
8.4 Right to Portability
You can request to receive your data in a structured, commonly used format (JSON, CSV).
8.5 Right to Object
You can object to processing of your data on legitimate grounds, particularly for marketing communications.
8.6 Right to Restriction
You can request restriction of processing in certain circumstances (contesting accuracy, unlawful processing).
8.7 Exercising Your Rights
To exercise your rights, contact us via our contact form (select "Privacy / Legal"). We will respond within one month.
8.8 Complaints
If you believe your rights are not being respected, you can file a complaint with the CNIL (French Data Protection Authority): www.cnil.fr
9. Cookies
9.1 Essential Cookies
We use strictly necessary cookies for the Service to function (authentication, session preferences). These cookies do not require your consent.
9.2 Analytics Cookies
With your consent, we use analytics cookies to understand how you use the Service and improve it. You can withdraw your consent at any time.
9.3 Cookie Management
You can manage your cookie preferences via the consent banner or your browser settings.
10. International Transfers
Some of our sub-processors are located in the United States. For these transfers, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Sub-processor certifications (SOC 2, ISO 27001)
- Additional security measures (encryption, pseudonymization)
11. Changes
We may update this privacy policy. In case of significant changes, we will notify you by email at least 30 days before they take effect. The last update date is shown at the top of this page.
12. Contact
For any questions about this policy or your personal data:
- Use our contact form
- Select "Privacy / Legal" as the subject for privacy-related inquiries
We are committed to responding to any request within 30 days.