Privacy Policy
Compliant with the GDPR (EU Regulation 2016/679) and the French Data Protection Act of 6 January 1978 as amended.
Last updated: February 2026
Article 1 — Data Controller
The data controller is:
- Name: Benoit Estrangin — Cynegis
- Legal form: Sole trader — SIREN: 847 741 246 00049
- Address: 37 rue de la Tombe-Issoire, 75014 Paris, France
- Email : benoit@cynegis.com
Article 2 — Data Collected
2.1 — Agency data (professional accounts)
- Identity: name, company name, SIRET number
- Contact details: email address, phone number, postal address, website
- Visual elements: logo, profile photo
- Authentication data: password (stored in encrypted form)
- Payment data: processed exclusively by Stripe (Cynegis stores no credit card numbers)
2.2 — Listing data
- Property information: title, description, price, surface area, location, features
- Media: photos and videos of the property
- Contact details associated with the listing
2.3 — Visitor data
- Navigation data: pages visited, visit duration, clicks (only if cookie consent accepted)
- IP address: used for language detection (FR/EN)
- Wishlist: saved locally in your browser (localStorage), no data transmitted to Cynegis
- Contact form: name, email, phone, message
Article 3 — Purposes and Legal Bases
| Purpose | Data concerned | Legal basis |
|---|---|---|
| Agency account management | Identity, contact details, authentication | Contract performance |
| Listing publication | Property info, photos, contact | Contract performance |
| Payment processing | Transaction data (via Stripe) | Contract performance |
| Audience measurement (Google Analytics) | Navigation, page views, clicks | Consent |
| Responding to contact requests | Name, email, phone, message | Legitimate interest |
| Accounting and tax obligations | Invoices, transactions | Legal obligation |
Article 4 — Data Recipients
Your personal data may be transmitted to the following data processors, strictly within the scope of the purposes described above:
| Processor | Service | Location | Safeguards |
|---|---|---|---|
| Supabase | Database and authentication | UE | DPA GDPR compliant |
| Vercel | Website hosting | EU / USA | DPA + CCT |
| Cloudinary | Image storage and optimisation | EU / USA | DPA + CCT |
| Stripe | Payment processing | EU / USA | DPA + CCT |
| Google Analytics | Audience measurement | USA | Consent + SCCs |
| OVH | Domain name and emails | France | DPA GDPR compliant |
SCCs = Standard Contractual Clauses of the European Commission, governing data transfers outside the European Union.
Article 5 — Retention Periods
| Data type | Retention period |
|---|---|
| Active agency account | Contract term + 3 years |
| Inactive account (no login) | 3 years then automatic deletion |
| Published listing | Duration of subscribed package (3, 6 or 12 months) |
| Navigation data (analytics) | Maximum 13 months |
| Contact forms | 3 years after last exchange |
| Accounting data and invoices | 10 years (legal obligation) |
| Wishlist (localStorage) | Until deleted by the user |
Article 6 — Cookies
The website uses cookies to ensure its operation and measure its audience. On your first visit, a consent banner allows you to choose which cookies you accept. You may modify your preferences at any time via the "Cookie settings" link accessible from the website footer.
| Cookie | Purpose | Duration | Consent |
|---|---|---|---|
| Essential cookies | Website operation (authentication, session) | Session | Not required (exempt) |
| Google Analytics 4 | Audience measurement and statistics | 13 months | Required — enabled after acceptance |
| Cookie preferences | Remembering your choice | 12 months | Not required (functional) |
Article 7 — Your Rights
In accordance with the GDPR (Articles 15 to 22), you have the following rights:
- Right of access to your data
- Right of rectification
- Right to erasure (“right to be forgotten”)
- Right to data portability
- Right to object
- Right to restriction of processing
To exercise your rights, contact us at benoit@cynegis.com or via the contact form. Response within 1 month (extendable to 3 months if necessary).
Article 8 — Data Security
- Passwords encrypted via bcrypt
- HTTPS/TLS connections throughout the website
- Secure authentication via Supabase Auth
- Row Level Security (RLS) on the database
- Automatic daily backups
- No credit card numbers stored on our servers
Article 9 — International Transfers
Some data processors (Vercel, Cloudinary, Stripe, Google) are established outside the European Union, notably in the USA. These transfers are governed by Standard Contractual Clauses (SCCs) adopted by the European Commission, in accordance with Article 46 of the GDPR.
Article 10 — Complaint to the CNIL
If you believe your rights are not being respected, you have the right to lodge a complaint with the CNIL (French Data Protection Authority):
3 Place de Fontenoy, 75334 Paris Cedex 07 — www.cnil.fr
Article 11 — Amendments
Cynegis reserves the right to amend this Privacy Policy at any time. In the event of a material change, users will be notified by email or via an information banner on the website. The version in force is the one published on this page.