Privacy Policy
Attestaria — v1.0 — Effective April 21, 2026
Preamble
Attestaria is a cryptographic attestation infrastructure for AI-generated content. This policy describes, with precision, the personal data processing we operate in the context of our public waiting list (the "Waitlist"). It complies with the General Data Protection Regulation (GDPR) and the French Data Protection Act.
Our guiding principle: we collect only what is strictly necessary, we keep it only for as long as strictly necessary, and you remain in control at every step.
1. Data Controller
The controller responsible for processing your personal data is:
Benoît Estrangin, individual entrepreneur registered under the French micro-enterprise regime
- Registered address: 37 rue de la Tombe-Issoire, 75014 Paris, France
- SIREN: 847 741 246
- Contact email: privacy@attestaria.com
You may contact us at this address for any question regarding this policy or to exercise your rights (section 10).
2. Data Collected
When you sign up to the Waitlist, we collect only the following data:
| Data | Nature | Purpose |
|---|---|---|
| Email address | Required | Notify you of the launch |
| User type (developer, agency, creator, other) | Required | Segment communications |
| Tools used (WordPress, Shopify, etc.) | Optional | Prioritize integrations |
| Language (FR / EN) | Automatic | Adapt our communications |
| Consent date and time | Automatic | Legal proof of consent |
| Confirmation status (double opt-in) | Automatic | Email validation |
We do not collect any sensitive data as defined by Article 9 of the GDPR (origin, political opinions, health, etc.).
We use no tracking cookies, no behavioral analytics tools, no advertising pixels.
3. Purpose of Processing
Your data is processed exclusively for the following purpose: to notify you of the public launch of Attestaria.
At this stage (Waitlist phase), we send you no newsletter, no recurring commercial communication, no third-party solicitation. You will receive from us:
- A registration confirmation email (double opt-in)
- A notification email at the public launch of the product
Should we later wish to send you other communications (product newsletter, event invitations, etc.), we will ask for a dedicated, separate, and explicit consent.
4. Legal Basis
The legal basis for processing is your explicit consent, under Article 6(1)(a) of the GDPR.
Your consent is evidenced by:
- The checkbox on the sign-up form (not pre-checked by default)
- The active confirmation of your email via the link received (double opt-in)
- The timestamp and version of the consent text, archived as proof
You may withdraw your consent at any time, without justification (section 10).
5. Recipients of the Data
Your data is processed by the controller (section 1) and by a limited number of technical subprocessors strictly necessary for the operation of the Waitlist.
5.1 Subprocessor categories
| Category | Location | Legal framework |
|---|---|---|
| Database hosting provider | European Union (France) | Standard DPA, EU storage |
| Transactional email provider | United States | DPA + Standard Contractual Clauses (SCC) |
| Web application hosting | Multi-region | DPA + SCC |
| Content delivery and security network | Multi-region (EU-preferred) | DPA + SCC |
| Professional email service | France | Sovereign hosting |
On written request at privacy@attestaria.com, the up-to-date named list of our subprocessors can be provided to any data subject.
5.2 Transfers outside the European Union
The delivery of your emails transits through a provider located in the United States. This transfer is governed by the Standard Contractual Clauses (SCC) adopted by the European Commission (decision 2021/914), complemented by technical measures including encryption in transit (TLS 1.3) and at rest (AES-256).
No other personal data is transferred outside the EU without equivalent guarantees.
5.3 No commercial transfer
We do not sell your data. We do not rent your data. We do not share it with any third party for commercial, advertising, or statistical purposes.
6. Retention Period
Your data is retained according to the following schedule:
- Unconfirmed sign-up (pending double opt-in): automatically deleted after 30 days
- Confirmed sign-up: kept until your voluntary unsubscription
- Unsubscribed: retained for 12 months after unsubscription, solely to prove the deletion in the event of an audit and to prevent unintentional re-subscription, then permanently erased
An automated script applies these retention periods. Deletions are final and irreversible.
7. Data Security
We implement the following technical and organizational measures:
- Encryption at rest: all stored data is encrypted (AES-256)
- Encryption in transit: all communications use TLS 1.3
- Strict access control: database access is restricted to the service role only
- No IP address storage: your IP is used in memory for rate limiting, never persisted
- Email masking in server logs: emails cannot be reconstructed from technical logs
- Daily backups: 7-day retention, encrypted
- Single administrator access: only the data controller accesses the database
In the event of a data breach likely to result in a risk to your rights and freedoms, we will notify the French data protection authority (CNIL) within 72 hours and inform you directly if the risk is high (GDPR Articles 33 and 34).
8. Hosting
Your personal data is hosted in France, on servers located in Paris.
No copy of the database is replicated outside the European Union.
9. Cookies and Trackers
Attestaria uses a minimal number of cookies, all strictly necessary to the operation of the service and therefore exempt from consent under the French data protection authority (CNIL) guidelines.
Cookies used
| Cookie | Purpose | Duration | Basis |
|---|---|---|---|
NEXT_LOCALE | Remember your language choice (FR/EN) | 1 year | Exempt |
__cf_bm | Anti-bot security (delivery network) | 30 minutes | Exempt |
We use no analytics, advertising, or third-party tracking cookies. No audience analytics tool (Google Analytics, Plausible, PostHog, Meta or LinkedIn pixels) is integrated on the site.
No consent banner is therefore required. You may delete these cookies at any time from your browser settings, without impact on your Waitlist registration.
10. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
10.1 Right of access (Article 15)
Obtain a copy of the data we hold about you.
10.2 Right to rectification (Article 16)
Request correction of inaccurate data.
10.3 Right to erasure (Article 17)
Request the permanent deletion of your data. This right can be exercised at any time, including via the unsubscription link in our emails.
10.4 Right to restriction (Article 18)
Request the temporary suspension of data processing.
10.5 Right to portability (Article 20)
Receive your data in a structured, commonly used, and machine-readable format (JSON or CSV).
10.6 Right to object (Article 21)
Object to processing on legitimate grounds.
10.7 Right to withdraw consent
Withdraw your consent at any time, without affecting the lawfulness of prior processing.
10.8 How to exercise your rights
To exercise any of these rights, write to us at privacy@attestaria.com.
We commit to responding within 30 days maximum (GDPR Article 12(3)). For complex requests, this period may be extended by 2 months, with prior notice.
To verify your identity, we may ask you to confirm your request from the email address registered on the Waitlist.
11. Right to Lodge a Complaint
If you believe we are not respecting your rights, you may lodge a complaint with the French supervisory authority:
Commission Nationale de l'Informatique et des Libertés (CNIL) 3 place de Fontenoy — TSA 80715 75334 PARIS CEDEX 07, France Phone: +33 1 53 73 22 22 Website: www.cnil.fr
You may also lodge a complaint with the supervisory authority of your country of residence within the European Union.
12. Automated Decision-Making
We perform no profiling and no automated decision-making having legal or significant effects on you.
13. Policy Updates
This policy may be amended to reflect legal, technical, or operational changes. In the event of a substantial change, we will notify you by email and archive the previous version. The current version is always accessible at attestaria.com/privacy.
Current version: v1.0, April 21, 2026
Attestaria — Authenticity, as infrastructure.