inst(AI)tools.com
← Back to home

Privacy Policy

GDPR Compliant

Version 1.0 — Effective from 16/05/2026 — GDPR (EU) 2016/679 compliant

The French version is the official version. This English translation is provided for reference.

Only the French version has legal value.

Data controller

  • InstAItools.com
  • Registered office: France
  • DPO / GDPR contact: hello@instaitools.com
  • This policy applies to all users of instaitools.com and early.instaitools.com.

1. Data collected and purposes

1.1 Signup and account data

Data : First/last name or alias, email address, password (hashed — never in plain text).

Purpose : Creation and management of the user account.

Legal basis : Performance of the contract (Article 6.1.b GDPR).

1.2 Transaction data

Data : Amount, product purchased, date, transaction status, Stripe reference.

Purpose : Payment processing, invoice issuance, refund management.

Legal basis : Performance of the contract + legal obligation (10-year accounting retention).

Important : Banking data (card number, IBAN) is processed EXCLUSIVELY by Stripe Inc. and never transits InstAItools.com servers.

1.3 Seller data

Data : Display name, bio, profile URL, Stripe Connect information (payment onboarding), listed products, sales statistics.

Purpose : Seller profile management, revenue payouts, affiliate program.

Legal basis : Performance of the contract.

1.4 Early Builder data

Data : Name, email, product type, tool URL, declared audience, affiliate ref_code, signature timestamp, IP address, SHA-256 hash of the electronic signature.

Purpose : Early Builder program management, electronic signature of commitments, affiliate commission payouts.

Legal basis : Performance of the contract.

1.5 Browsing and analytics data

Data : Pages visited, session duration, device type, country of origin (anonymised).

Purpose : Platform improvement, audience measurement.

Legal basis : Legitimate interest.

Important : Tool used: Plausible Analytics — GDPR-compliant, cookieless, no full IP collection, no data cross-referencing. No cookie consent required.

1.6 Internal messaging data

Data : Content of messages exchanged between buyers and sellers via the platform's internal messaging.

Purpose : Facilitating communication, detecting violations (bypass, spam, prohibited content).

Legal basis : Performance of the contract + legitimate interest (platform security).

1.7 Transactional emails

Data : Email address, first name, email content.

Purpose : Account notifications, purchase confirmations, Early Builder sequence, commission alerts.

Legal basis : Performance of the contract.

Important : Tool used: Resend — data processed in accordance with their privacy policy.

2. Retention periods

Data typeDurationJustification
Account dataContract duration + 3 yearsLegal limitation period
Transaction data10 yearsLegal accounting obligation
Early Builder dataProgram duration + 5 yearsContractual evidence
Electronic signatures10 yearsLegal evidentiary value
Browsing analytics13 rolling monthsCNIL standard
Access logs30 daysPlatform security
Internal messaging2 years after last activityDispute resolution
Transactional emails3 yearsProof of consent

3. Data sharing

InstAItools.com never sells its users' personal data to third parties. Data may only be shared with:

  • Stripe Inc. (USA) — payment processing. Transfer covered by EU Standard Contractual Clauses. Policy: stripe.com/privacy
  • Supabase Inc. (USA) — database hosting. Transfer covered by EU Standard Contractual Clauses. Policy: supabase.com/privacy
  • Vercel Inc. (USA) — platform hosting. Policy: vercel.com/legal/privacy-policy
  • Resend Inc. — transactional email delivery. Policy: resend.com/privacy
  • Plausible Analytics — cookieless analytics. Anonymised data. Policy: plausible.io/privacy
  • Competent authorities — in case of legal obligation or judicial request.

All processors are bound by data processing agreements compliant with GDPR (Article 28).

4. Rights of data subjects

In accordance with GDPR, you have the following rights:

  • Right of access : Obtain a copy of all your processed personal data.
  • Right to rectification : Correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") : Request deletion of your data (subject to legal retention obligations).
  • Right to restriction of processing : Temporarily suspend the use of your data.
  • Right to portability : Receive your data in a structured, machine-readable format.
  • Right to object : Object to processing based on legitimate interest.
  • Right to withdraw consent : At any time, without retroactive effect.

To exercise these rights, contact: hello@instaitools.com (subject: "GDPR request — [your right]"). Response time: 30 calendar days. Without a satisfactory response, you may file a complaint with the CNIL: https://www.cnil.fr

Right to erasure — Important limitations

  • Transaction data (purchase, commission, billing) cannot be deleted before 10 years due to legal accounting retention obligations.
  • Account deletion results in anonymisation of data not subject to legal retention.

5. Cookies and trackers

5.1 Strictly necessary cookies

These cookies are essential for the platform to function (authentication session, cart, language preferences). They do not require consent.

5.2 Analytics cookies

Plausible Analytics is our analytics tool. It works WITHOUT cookies, collects only aggregated and anonymised data, and does not require a cookie consent banner under CNIL guidelines.

5.3 No advertising cookies

InstAItools.com does not use any advertising, remarketing or profiling cookies. No data is transmitted to advertising networks.

6. Data security

InstAItools.com implements the following technical and organisational measures:

  • Encryption of data at rest and in transit (TLS 1.3).
  • Row Level Security (RLS) on all database tables.
  • Secure authentication with mandatory email verification.
  • Password hashing (bcrypt).
  • Electronic signatures with SHA-256 hash + timestamp + IP.
  • Strict separation of API keys (never exposed client-side).
  • Access monitoring with logs retained 30 days.
  • Data breach notification process within 72h (Article 33 GDPR).

7. Transfers outside the EU

Some of our processors (Stripe, Supabase, Vercel, Resend) are established in the United States. These transfers are covered by:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • The EU-US Data Privacy Framework (DPF) for certified companies.

A detailed list of processors and associated safeguards is available on request at hello@instaitools.com.

8. Minors

The InstAItools.com platform is reserved for adults (18 years or older). We do not knowingly collect personal data from minors. If you are a parent or guardian and believe a minor has created an account, contact us immediately at hello@instaitools.com.

9. Changes to the policy

InstAItools.com reserves the right to modify this policy at any time. Users will be notified by email at least 30 days before any substantial change. The last update date is indicated at the top of the document.

10. Contact and supervisory authority

  • Data controller: InstAItools.com — hello@instaitools.com
  • GDPR requests: hello@instaitools.com (subject: "GDPR request")
  • French supervisory authority: CNIL — 3 Place de Fontenoy, 75007 Paris — www.cnil.fr

Online Dispute Resolution platform (EU): https://ec.europa.eu/consumers/odr/

InstAItools.com Privacy Policy — Version 1.0 — 16/05/2026 — GDPR Compliant·Terms·Legal