Privacy Policy
Locaible is committed to protecting the privacy of its users in strict compliance with EU Regulation 2016/679 (GDPR) and French Data Protection Act (Loi Informatique et Libertés).
1. Data Controller
Controller: [TO COMPLETE — company name / full name]
Address: [TO COMPLETE]
Contact: privacy@locaible.com
2. Data We Collect and Why
Locaible processes only the minimum data necessary (data minimization principle). AI conversations, documents and model weights run exclusively on your machine and are never transmitted to our servers.
| Données | Finalité | Base légale | Durée |
|---|---|---|---|
| Email address | Account creation, authentication, billing | Contract performance | Duration of subscription + 3 years |
| Display name | Personalisation of interface | Contract performance | Duration of subscription + 3 years |
| Device identifier (UUID) | Multi-device access control per subscription | Legitimate interest | Duration of subscription |
| Billing data (plan, status) | Subscription management, invoicing | Contract performance + legal obligation | 10 years (accounting documents) |
| Agent configuration (name, type) | Provision of Locaible service | Contract performance | Duration of subscription |
3. Cookies and Local Storage
Locaible uses browser localStorage (not cookies) to store functional preferences:
locaible_device_id— unique device identifier for access control (essential)locaible-theme— display theme preference (functional)locaible-lang-storage— language preference (functional)locaible-cookie-consent— memorises your cookie preferences (essential)
Authentication session cookies are set by Supabase (our authentication provider) and are strictly necessary for the service to function.
We use self-hosted fonts (Space Grotesk, Inter) — no data is transmitted to third-party font providers.
4. Data Processors (Sub-processors)
| Processor | Role | Location | DPA |
|---|---|---|---|
| Supabase, Inc. | Auth, database | EU (Frankfurt) | supabase.com/privacy |
| Stripe, Inc. | Payment processing | USA (SCCs) | stripe.com/privacy |
| Vercel, Inc. | Frontend hosting | USA/EU (SCCs) | vercel.com/legal |
Transfers to the USA are governed by Standard Contractual Clauses (SCCs) approved by the European Commission.
5. Your Rights (GDPR)
Under the GDPR and French law, you have the following rights regarding your personal data:
- Right of access — obtain a copy of your data
- Right of rectification — correct inaccurate data
- Right to erasure — delete your account and data
- Right to portability — receive your data in a structured format
- Right to restriction — restrict processing in certain cases
- Right to object — object to processing based on legitimate interest
To exercise these rights, contact us at: privacy@locaible.com. We will respond within 30 days. If you are not satisfied with our response, you may file a complaint with the CNIL (cnil.fr).
6. Data Security
Locaible implements appropriate technical and organisational measures to protect your data: data encryption in transit (TLS 1.3), row-level security policies in Supabase, access restricted to authorised personnel, regular security reviews.
In the event of a personal data breach, Locaible will notify the CNIL within 72 hours and affected users where required.
7. Data Retention
Account and subscription data are retained for the duration of the contract and 3 years thereafter for evidentiary purposes. Accounting documents are retained for 10 years as required by French law. Device identifiers are deleted upon subscription expiry.
8. Updates to this Policy
We may update this Privacy Policy. Any material change will be notified by email to registered users at least 30 days before taking effect.
Last updated: 29/05/2026 — Legal notice · Terms of Service