Attestaria

Privacy Policy

Attestaria — v1.0 — Effective April 21, 2026


Preamble

Attestaria is a cryptographic attestation infrastructure for AI-generated content. This policy describes, with precision, the personal data processing we operate in the context of our public waiting list (the "Waitlist"). It complies with the General Data Protection Regulation (GDPR) and the French Data Protection Act.

Our guiding principle: we collect only what is strictly necessary, we keep it only for as long as strictly necessary, and you remain in control at every step.


1. Data Controller

The controller responsible for processing your personal data is:

Benoît Estrangin, individual entrepreneur registered under the French micro-enterprise regime

You may contact us at this address for any question regarding this policy or to exercise your rights (section 10).


2. Data Collected

When you sign up to the Waitlist, we collect only the following data:

DataNaturePurpose
Email addressRequiredNotify you of the launch
User type (developer, agency, creator, other)RequiredSegment communications
Tools used (WordPress, Shopify, etc.)OptionalPrioritize integrations
Language (FR / EN)AutomaticAdapt our communications
Consent date and timeAutomaticLegal proof of consent
Confirmation status (double opt-in)AutomaticEmail validation

We do not collect any sensitive data as defined by Article 9 of the GDPR (origin, political opinions, health, etc.).

We use no tracking cookies, no behavioral analytics tools, no advertising pixels.


3. Purpose of Processing

Your data is processed exclusively for the following purpose: to notify you of the public launch of Attestaria.

At this stage (Waitlist phase), we send you no newsletter, no recurring commercial communication, no third-party solicitation. You will receive from us:

  1. A registration confirmation email (double opt-in)
  2. A notification email at the public launch of the product

Should we later wish to send you other communications (product newsletter, event invitations, etc.), we will ask for a dedicated, separate, and explicit consent.


4. Legal Basis

The legal basis for processing is your explicit consent, under Article 6(1)(a) of the GDPR.

Your consent is evidenced by:

You may withdraw your consent at any time, without justification (section 10).


5. Recipients of the Data

Your data is processed by the controller (section 1) and by a limited number of technical subprocessors strictly necessary for the operation of the Waitlist.

5.1 Subprocessor categories

CategoryLocationLegal framework
Database hosting providerEuropean Union (France)Standard DPA, EU storage
Transactional email providerUnited StatesDPA + Standard Contractual Clauses (SCC)
Web application hostingMulti-regionDPA + SCC
Content delivery and security networkMulti-region (EU-preferred)DPA + SCC
Professional email serviceFranceSovereign hosting

On written request at privacy@attestaria.com, the up-to-date named list of our subprocessors can be provided to any data subject.

5.2 Transfers outside the European Union

The delivery of your emails transits through a provider located in the United States. This transfer is governed by the Standard Contractual Clauses (SCC) adopted by the European Commission (decision 2021/914), complemented by technical measures including encryption in transit (TLS 1.3) and at rest (AES-256).

No other personal data is transferred outside the EU without equivalent guarantees.

5.3 No commercial transfer

We do not sell your data. We do not rent your data. We do not share it with any third party for commercial, advertising, or statistical purposes.


6. Retention Period

Your data is retained according to the following schedule:

An automated script applies these retention periods. Deletions are final and irreversible.


7. Data Security

We implement the following technical and organizational measures:

In the event of a data breach likely to result in a risk to your rights and freedoms, we will notify the French data protection authority (CNIL) within 72 hours and inform you directly if the risk is high (GDPR Articles 33 and 34).


8. Hosting

Your personal data is hosted in France, on servers located in Paris.

No copy of the database is replicated outside the European Union.


9. Cookies and Trackers

Attestaria uses a minimal number of cookies, all strictly necessary to the operation of the service and therefore exempt from consent under the French data protection authority (CNIL) guidelines.

Cookies used

CookiePurposeDurationBasis
NEXT_LOCALERemember your language choice (FR/EN)1 yearExempt
__cf_bmAnti-bot security (delivery network)30 minutesExempt

We use no analytics, advertising, or third-party tracking cookies. No audience analytics tool (Google Analytics, Plausible, PostHog, Meta or LinkedIn pixels) is integrated on the site.

No consent banner is therefore required. You may delete these cookies at any time from your browser settings, without impact on your Waitlist registration.


10. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

10.1 Right of access (Article 15)

Obtain a copy of the data we hold about you.

10.2 Right to rectification (Article 16)

Request correction of inaccurate data.

10.3 Right to erasure (Article 17)

Request the permanent deletion of your data. This right can be exercised at any time, including via the unsubscription link in our emails.

10.4 Right to restriction (Article 18)

Request the temporary suspension of data processing.

10.5 Right to portability (Article 20)

Receive your data in a structured, commonly used, and machine-readable format (JSON or CSV).

10.6 Right to object (Article 21)

Object to processing on legitimate grounds.

10.7 Right to withdraw consent

Withdraw your consent at any time, without affecting the lawfulness of prior processing.

10.8 How to exercise your rights

To exercise any of these rights, write to us at privacy@attestaria.com.

We commit to responding within 30 days maximum (GDPR Article 12(3)). For complex requests, this period may be extended by 2 months, with prior notice.

To verify your identity, we may ask you to confirm your request from the email address registered on the Waitlist.


11. Right to Lodge a Complaint

If you believe we are not respecting your rights, you may lodge a complaint with the French supervisory authority:

Commission Nationale de l'Informatique et des Libertés (CNIL) 3 place de Fontenoy — TSA 80715 75334 PARIS CEDEX 07, France Phone: +33 1 53 73 22 22 Website: www.cnil.fr

You may also lodge a complaint with the supervisory authority of your country of residence within the European Union.


12. Automated Decision-Making

We perform no profiling and no automated decision-making having legal or significant effects on you.


13. Policy Updates

This policy may be amended to reflect legal, technical, or operational changes. In the event of a substantial change, we will notify you by email and archive the previous version. The current version is always accessible at attestaria.com/privacy.

Current version: v1.0, April 21, 2026


Attestaria — Authenticity, as infrastructure.