BaaS

Privacy Policy

This privacy policy describes how BAAS.SH collects, uses and protects your personal data when you use the coffre-fort-numerique.baas.sh website (and more broadly the online services under the baas.sh domain), including when cookies and analytics tools are enabled.

1. Collection of information

1.1 Account information

  • Professional email address and login credentials
  • Company information and, where applicable, billing data
  • Usage preferences and account settings
  • Technical identifiers (IP addresses, technical logs, metadata)

1.2 Service data

  • Data relating to infrastructure performance and monitoring
  • Usage statistics for APIs and exposed services
  • Resource usage data (capacity, load, availability)
  • Error logs and debugging information

2. Use of information

2.1 Main purposes

  • Provision and operation of the BaaS Service
  • Management of user accounts and security
  • Optimization of service performance and reliability
  • Technical support and user assistance

2.2 Analysis and continuous improvement

  • Improvement of the Service and development of new features
  • Analysis of usage in an aggregated and anonymous way where possible
  • Prevention of fraud, detection of abnormal or malicious activities
  • Production of performance and availability metrics

3. Data retention

3.1 Account data

  • Retention of data for as long as the account is active or necessary for the provision of the Service
  • Retention limited to a reasonable period after account closure, unless a longer period is required by law
  • Ability to request early deletion within the limits set by applicable regulations
  • Retention of technical backups for business continuity and disaster recovery purposes

3.2 Operational and blockchain data

  • Retention periods adapted to the nature of technical logs and regulatory obligations
  • Provision of export and portability mechanisms where relevant
  • No access to the business content of customer transactions where the architecture allows it
  • Limited retention of infrastructure logs necessary for security monitoring and support

4. Data protection

4.1 Security measures

  • Use of industry-standard encryption protocols for data in transit
  • Implementation of encryption or pseudonymisation measures where appropriate
  • Access controls, monitoring and logging of security events
  • Regular testing, audits and improvements of security mechanisms

4.2 Access to data

  • Access limited to duly authorized persons and within the scope of their duties
  • Confidentiality undertakings for relevant employees and service providers
  • Contractual framework for any processors involved in the data
  • Regular review of access rights and activity logs

5. Your rights

5.1 Rights of access and rectification

  • Right to obtain confirmation that data concerning you is being processed and to receive a copy of such data
  • Right to request the rectification of inaccurate or incomplete data
  • Right, in certain cases, to request the restriction of the processing of your data
  • Right, under certain conditions, to request the erasure of your data

5.2 Choices and control

  • Ability to manage certain preferences in your account where such options are offered
  • Ability to object to certain processing operations, in particular for marketing purposes
  • Right to portability of certain data where required by law
  • Right to lodge a complaint with a competent supervisory authority

6. Data controller and legal bases

6.1 Data controller

  • The controller of the personal data collected via the baas.sh website and its subdomains (including coffre-fort-numerique.baas.sh) and in connection with the use of the Service is BAAS.SH, a simplified joint stock company (SAS) registered with the Angers Trade and Companies Register under number 942 224 189, whose registered office is located at 8 PLACE MONSEIGNEUR RUMEAU, 49100 ANGERS, France.
  • For any question relating to the protection of personal data, you can contact BAAS.SH at the following address: [email protected]

6.2 Legal bases for processing

  • Contract performance: where the processing is necessary for the provision of the Service and the performance of contractual commitments made to the Customer.
  • Legitimate interest: in particular to ensure systems security, improve the Service and prevent abuse or fraud.
  • Legal obligations: to comply with legal or regulatory obligations applicable to BAAS.SH.
  • Consent: for certain specific operations (for example, sending marketing communications or placing certain analytics cookies where required).

7. Recipients, processors and transfers

7.1 Internal recipients

  • Personal data is accessible only to duly authorized members of BAAS.SH teams (technical, support, product and, where applicable, sales) within the limits of their duties and solely for the purposes described in this policy.

7.2 Service providers and processors

  • BAAS.SH may use third-party service providers for hosting, security, monitoring, billing or analytics (for example Cloudflare for hosting and CDN, Google Analytics for audience measurement).
  • These providers act as processors within the meaning of data protection regulations and are bound by strict confidentiality and security obligations.
  • Where these providers process personal data, their interventions are governed by a contract that complies with GDPR requirements.

7.3 Transfers of data outside the European Union

  • Some providers, such as hosting or analytics solution providers (including Cloudflare, Inc. and Google LLC), may be located outside the European Union, in particular in the United States.
  • In such cases, BAAS.SH ensures that these transfers are covered by appropriate protection mechanisms (such as the standard contractual clauses approved by the European Commission) or any other safeguards in line with applicable regulations.
  • Further information on these transfers can be obtained by contacting BAAS.SH at the address indicated above.

For any question regarding this privacy policy or the exercise of your rights, you can contact us at the following address: [email protected]