Privacy Policy

ARTICLE 1 - PREAMBLE

Personal data means any information that makes it possible to identify, directly or indirectly, a natural person (e.g., email address, IP address, account identifier).

This policy aims to inform users:

• about the personal data collected;
• about the purposes and legal basis of processing;
• about data recipients;
• about their rights;
• about the Platform's cookie policy.

ARTICLE 2 - PRINCIPLES APPLICABLE TO DATA PROCESSING

In accordance with Article 5 of the GDPR, personal data are:

• processed lawfully, fairly, and transparently;
• collected for specified, explicit, and legitimate purposes;
• adequate, relevant, and limited to what is necessary;
• accurate and kept up to date where necessary;
• kept for a limited period;
• protected by appropriate security measures.

Processing is lawful only if it is based on at least one of the following grounds:

• the user's consent;
• performance of a contract;
• a legal obligation;
• the legitimate interest of the data controller.

ARTICLE 3 - DATA COLLECTED AND PROCESSED

Article 3.1 - Collected data

As part of the use of the Platform, the following data may be collected:

Identification data

• Email address
• Username
• Password (encrypted)
• Identifiers from third-party services (Google, Discord)

Usage data

• Campaigns, sessions, notes, characters, and preferences created by the user
• Text content, images, documents, or audio files provided by the user
• Content made public voluntarily via sharing features

Technical data

• IP address
• Connection logs
• Browsing data
• Browser and device type
• Anonymized browsing data used for minimal audience measurement

Billing data

• Subscriptions, credits, invoices
• Payment history

(Banking data is never stored by Volog)

Article 3.2 - Purposes of processing

Personal data is collected for the following purposes:

• creation and management of user accounts;
• provision of Platform features;
• backup, organization, and retrieval of content;
• management of subscriptions, payments, and credits;
• security and abuse prevention;
• user support and service-related communications;
• continuous improvement of the Platform;
• minimal and anonymized audience measurement to improve the user experience.

Article 3.3 - Collection method

Some data is collected automatically during browsing:

• IP address;
• session and security data;
• technical logs;
• anonymized browsing data for minimal audience measurement.

Other data is collected when the user:

• creates an account;
• enters, imports, or generates content;
• subscribes to a plan or purchases credits;
• uses sharing or search features;
• browses public or private pages of the Platform.

Article 3.4 - Retention period

Data is retained:

• as long as the user account is active;
• until the account is deleted by the user;
• then deleted or anonymized within a reasonable period.

Certain data is kept longer to meet legal obligations:

• billing data: 10 years;
• technical and security logs: 12 months maximum.

Article 3.5 - Hosting and subprocessors

The Platform is hosted by professional providers that meet security and GDPR compliance requirements.

Data may be transferred to subcontractors strictly necessary for the operation of the service, including:

• hosting and infrastructure;
• payment provider (Stripe);
• transactional email delivery services;
• file processing services;
• a privacy-friendly audience measurement service.

These providers act only on Volog's instructions.

Article 3.6 - Transfers outside the European Union

The use of certain third-party services integrated into the Platform may involve data transfers to countries located outside the European Union.

Where applicable, these transfers are governed by the legal mechanisms provided for by the GDPR, including the standard contractual clauses approved by the European Commission.

Article 3.7 - Automated processing

Some Platform features rely on automated processing intended to organize, rephrase, or search the content provided by the user.

They are triggered at the user's request or when strictly necessary for the relevant features to function.

These processes:

• are not intended to produce legal effects with regard to the user;
• do not constitute automated decision-making within the meaning of Article 22 of the GDPR.

ARTICLE 4 - DATA CONTROLLER

The data controller is:
Volog
Website: https://volog.app
contact@volog.app

Volog is not required to appoint a Data Protection Officer (DPO).

ARTICLE 5 - USERS' RIGHTS

In accordance with the GDPR, the user has the following rights:

• right of access;
• right to rectification;
• right to erasure;
• right to restriction of processing;
• right to object;
• right to data portability;
• right to determine the fate of their data after death;
• right to lodge a complaint with the competent supervisory authority (CNIL).

Rights may be exercised by email at: contact@volog.app

When the user relies on a third-party authentication service (for example Google or Discord), some associated data may also be managed from the relevant third-party account.

ARTICLE 6 - COOKIES

The Platform uses only cookies strictly necessary for its operation, together with minimal audience measurement configured without advertising cookies or cross-site tracking.

Audience measurement relies on anonymized usage data and does not involve a marketing consent banner.

The user may configure their browser to limit certain technical cookies, subject to possible degradation of the service.

ARTICLE 7 - POLICY CHANGES

Volog reserves the right to modify this policy at any time to ensure compliance with applicable legislation.

Users are encouraged to consult this page regularly.