Privacy Policy
Last updated — March 30, 2026
Data Controller
Historis is operated by Sven Le Cann, sole proprietor, based in France.
For any privacy-related inquiry, contact us at contact@historis.app.
Data Collected
We collect only the data necessary to provide the Service:
- Account data: email address, name, password (hashed)
- Organization data: organization name, members
- Application data: events, contacts, tags, notes — the content you create
- Billing data: managed entirely by Stripe (we do not store card numbers)
- Technical data: IP address, user agent, timestamps (for server logs and error tracking)
We do not collect: geolocation, browsing history, social media profiles, or any data beyond what you explicitly provide.
How We Use Your Data
- Provide and maintain the Service (contract execution)
- Authenticate your sessions and secure your account
- Process payments through Stripe
- Monitor application stability and diagnose errors (legitimate interest)
- Respond to your support requests
We do not use your data for advertising, profiling, automated decision-making, or AI training. Historis does not integrate any AI on the server side.
Legal Basis (GDPR)
Contract execution (Article 6.1.b)
Providing the Service you subscribed to — account management, data storage, billing.
Legitimate interest (Article 6.1.f)
Application monitoring, error tracking, and security — necessary to ensure service stability.
Legal obligation (Article 6.1.c)
Responding to competent judicial authorities when legally required.
Sub-processors
| Sub-processor | Data processed | Location | Usage |
|---|---|---|---|
| Supabase | Database (events, contacts) | EU (Frankfurt) | Hosting & backups |
| Railway | Transient API requests | EU | API server execution |
| Vercel | Frontend pages, session cookies | EU / Global Edge | Frontend hosting |
| Vercel Analytics | Anonymized page views | EU / Global Edge | Cookieless analytics |
| Stripe | Payment data (card, billing email) | EU | Billing & subscriptions |
| Better Stack | Server logs (errors, stack traces, IP) | EU (Falkenstein) | Monitoring & error tracking |
| Proton Mail | Support emails | Switzerland | Support communication |
| OVH | DNS records, domain resolution | EU (France) | Registrar & DNS |
All primary data processing occurs within the European Union. No personal data is transferred outside the EU, except through Vercel's global CDN for static page delivery (no personal data involved).
Error Monitoring
Our error monitoring runs a lightweight client-side script that captures application errors only (crash reports, failed API calls). It does not record your screen, track your clicks, or monitor your browsing behavior. No session replays, no mouse tracking, no keystroke logging.
| Data type | Collected |
|---|---|
| React errors (crashes) | Yes |
| API errors (failed requests) | Yes |
| Session failures (auth) | Yes |
| Screen recording | No |
| Clicks / mouse movements | No |
| Keystrokes | No |
| Navigation / visited URLs | No |
| Form data | No |
Legal basis: legitimate interest (GDPR Article 6.1.f) — error tracking is necessary to ensure service stability. No consent required.
Analytics
Vercel Web Analytics collects anonymized and aggregated visit data (page views, referrer, country, device type) without cookies and without personally identifiable information. Individual visitors cannot be identified.
Your Rights
Under the GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data (right to be forgotten)
- Export your data (data portability)
- Object to processing based on legitimate interest
- Lodge a complaint with the CNIL (French data protection authority)
To exercise your rights, contact us at contact@historis.app or use the account deletion and data export features in the Settings page.
Data Retention & Security
Your application data is retained as long as your account is active. Upon account deletion, all data is permanently erased within 30 days.
Server logs and error reports are retained for 30 days.
Data is encrypted in transit (TLS) and at rest (Supabase managed encryption). Access to production systems is restricted and authenticated.
Changes to This Policy
We may update this policy. Significant changes will be communicated by email. The latest version is always available at historis.app/privacy.
Contact
For privacy inquiries: contact@historis.app
Data protection authority: cnil.fr