Privacy Policy

Last updated: July 5, 2026

1. Data Controller

The data controller is the Publisher identified in the Legal Notice.

2. Data We Collect

  • Account data: email address, authentication identifiers.
  • Usage data: events viewed, unlocks, share actions.
  • Payment data: handled directly by Stripe. We only store the transaction ID and status — never your card details.
  • Technical data: IP address, browser, device (via server logs).

3. Purposes and Legal Bases

  • Providing the Service (contractual necessity).
  • Processing payments (contractual necessity).
  • Security and fraud prevention (legitimate interest).
  • Complying with legal obligations (accounting, tax).

4. Retention

Account data is retained for as long as the account is active, plus up to 3 years of inactivity. Payment and accounting data is retained for 10 years as required by law.

5. Recipients

Data is shared only with our technical processors: Stripe (payments), our cloud host, and our authentication provider. All are bound by GDPR-compliant data processing agreements.

6. International Transfers

Some processors may be located outside the EU. In such cases, we rely on Standard Contractual Clauses approved by the European Commission.

7. Your Rights

Under the GDPR, you have the right to access, rectify, erase, restrict, port and object to the processing of your personal data. You may exercise these rights at any time by emailing privacy@sunnyday.app. You also have the right to lodge a complaint with the CNIL (cnil.fr).

8. Cookies

See our Cookie Policy.