Privacy Policy

1. Introduction

This privacy policy describes how Innovaweb (hereinafter "we") collects, uses, retains and protects your personal data when you use the Smartnote service.

By using our service, you accept the practices described in this policy. If you do not accept this policy, please do not use our service.

2. Data Collected

We collect different categories of data:

2.1. Identification Data

  • First and last name (optional)
  • Email address
  • Password (hashed and secured)
  • Profile photo (via Google OAuth if applicable)

2.2. Content Data

  • Audio transcriptions created via the service
  • AI analyses generated from your content
  • Organization by subjects and chapters
  • Tags and favorites associated with your content

2.3. Payment Data

  • Billing information (processed by Stripe)
  • Transaction history
  • Subscription plan type

2.4. Technical Data

  • IP address
  • Browser type and version
  • Connection and activity logs
  • Session cookies (see dedicated section)

3. Processing Purposes

Your data is used for the following purposes:

  • Service provision: transcription, AI analysis, content management
  • Account management: authentication, user profile, preferences
  • Billing: payment processing, subscription management
  • Security: fraud prevention, abuse protection
  • Improvement: usage analysis, bug fixes, new features
  • Communication: service notifications, customer support

4. Legal Basis for Processing

  • Contract performance: processing necessary for service provision
  • Consent: for non-essential cookies and marketing communications
  • Legitimate interest: for service improvement and security
  • Legal obligation: for billing data retention

5. Retention Period

  • Active account: your data is retained as long as your account exists
  • After deletion: your data is deleted within 30 days
  • Billing data: retained for 10 years (legal obligation)
  • Security logs: retained for a maximum of 12 months
  • Session cookies: 30-day duration

6. Data Recipients

Your data may be shared with the following recipients:

6.1. Technical Subcontractors

  • Vercel: application hosting (global CDN)
  • Supabase: database hosting (EU)
  • Stripe: payment processing (EU/US)
  • Anthropic (Claude): artificial intelligence services (US)
  • Google: OAuth authentication (if used)

6.2. Authorities

We may be required to disclose your data to competent authorities in case of legal obligation.

7. International Transfers

Some of your data may be transferred outside the European Union with the following safeguards:

  • Vercel: Standard Contractual Clauses (SCCs), SOC 2 Type 2 certification
  • Supabase: Main servers in EU, SCCs for transfers
  • AssemblyAI: DPA with Standard Contractual Clauses
  • Stripe: SCCs + EU-US Data Privacy Framework
  • Google: SCCs + EU-US Data Privacy Framework
  • Anthropic: European entity in Dublin, SCCs

For more information about these transfers, contact us at contact@innovaweb.fr.

8. Your Rights

In accordance with GDPR, you have the following rights over your personal data:

  • Right of access: obtain a copy of your personal data
  • Right of rectification: correct your inaccurate or incomplete data
  • Right to erasure: request deletion of your data
  • Right to portability: receive your data in a structured format
  • Right to object: object to the processing of your data
  • Right to restriction: limit the processing of your data

You can exercise these rights directly in your Settings or by contacting us at contact@innovaweb.fr.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Password encryption with bcrypt
  • Secure HTTPS/TLS connections
  • Protection against brute force attacks (rate limiting)
  • Account lockout after failed login attempts
  • Regular access and security audits
  • Restricted data access according to the principle of least privilege

10. Cookies

Our service uses cookies strictly necessary for its operation:

  • NextAuth session cookies: authentication management (duration: 30 days)
  • LocalStorage: temporary saving of your current transcriptions (data loss prevention)

For more details on our use of cookies, see our Cookie Policy.

11. Modifications

We reserve the right to modify this privacy policy at any time. Significant changes will be notified to you by email or through the service. We encourage you to check this page regularly.

12. Contact and Complaints

For any questions regarding this policy or your personal data:

You can also file a complaint with the CNIL: www.cnil.fr

Last updated: January 19, 2026