Privacy Policy

ViralFlow SAS ("ViralFlow", "we", "us") publishes the platform accessible at app.viralfllow.com. This policy describes how we collect, use and protect the personal data of service users, in accordance with the General Data Protection Regulation (GDPR, EU 2016/679) and applicable local legislation.

1. Data controller

The data controller is ViralFlow SAS. Contact: [email protected]

2. Data we collect

2.1 Data you provide

• Account: email address, name, profile photo (optional).
• Payments: billing information processed by our payment providers (Stripe, PayPal, Wave, Orange Money). We do not store your card numbers.
• Content: images, videos, texts and other files you upload to use our tools.
• Support: messages you send us by email or via the chat.

2.2 Data collected automatically

• Usage: pages visited, tools used, credits consumed, session duration.
• Technical: IP address, browser type, operating system, approximate geolocation.
• Cookies: see section 7.

3. How we use your data

• Providing, improving and securing the service.
• Processing payments and managing credits.
• Sending transactional emails (confirmation, invoices, expiry alerts).
• Sending service communications (new features, important updates) — you can unsubscribe at any time.
• Complying with our legal and regulatory obligations.
• Analyzing usage to improve our products (anonymized/aggregated data).

4. Legal basis for processing

• Contract performance: to provide the service you have subscribed to.
• Legal obligation: accounting, invoicing, fraud prevention.
• Legitimate interest: security, service improvement, fraud prevention.
• Consent: marketing communications and non-essential cookies.

5. Data sharing

We do not sell your data. We share it only with:

• Service providers: hosting (Hetzner/Coolify), payments (Stripe, PayPal, Wave, Orange Money), emails (Resend), AI models (Google, Runway, Kling, ElevenLabs) — only as necessary to provide the service.
• Authorities: if required by law or to protect our rights.

6. Data retention

• Account and usage data: retained for 3 years after last use, then deleted.
• Generated content: retained for 12 months after generation, then automatically deleted unless you export it.
• Invoicing data: retained for 10 years (legal obligation).
• Deleted account: data deleted within 30 days, except data subject to legal retention obligations.

7. Cookies

We use:

• Strictly necessary cookies: authentication session, language preference (vf-lang) — no consent required.
• Analytics cookies: anonymized usage statistics — consent required.

You can manage cookies from your browser settings.

8. Your rights

You have the right to: access, rectify, erase, port and restrict the processing of your data. You can also object to processing based on our legitimate interest. To exercise these rights: [email protected]. We respond within 30 days. You may also lodge a complaint with your national supervisory authority (ICO in the UK, CNIL in France, etc.).

9. Data transfers outside the EU

Some of our service providers are located outside the EU (USA). These transfers are governed by standard contractual clauses approved by the European Commission.

10. Security

We implement appropriate technical and organizational measures: HTTPS encryption, access restricted to authorized personnel, security monitoring. No system is infallible — in the event of a breach affecting your data, we will notify you and the relevant authority within the legally required timeframe.

11. Minors

The service is not intended for persons under 16 years of age. If we become aware that we have collected data from a minor, we will delete it promptly.

12. Changes to this policy

We may modify this policy. Any material change will be notified by email at least 15 days before it takes effect.

13. Contact

Data Protection Officer (DPO): [email protected]