Privacy Policy | CSC Safe-TX

Article 1 — Data controller

The data controller is CSC TX, SASU with a share capital of €100.00, registered with the Thonon-les-Bains Trade and Companies Register under number 995 072 535, EUID FR7402.995072535, registered office: 5 C Avenue de Mossingen, 74160 Saint-Julien-en-Genevois, France.

Article 2 — Data Protection Officer (DPO)

The Data Protection Officer can be contacted at: dpo@csc-safe-tx.com.

Article 3 — Data collected and processing

CSC TX collects and processes the following personal data, each for a specific purpose, on an identified legal basis and for a defined retention period:

Data	Purpose	Legal basis	Duration
Email, hashed password	Account creation and management	Contract performance (Art. 6.1.b GDPR)	Account duration + 1 year
Phone number	SMS alert sending	Contract performance (Art. 6.1.b GDPR)	Account duration + 1 year
GPS geolocation	Location upon alert triggering	Explicit consent (Art. 6.1.a GDPR)	90 days after the incident
Audio stream	Contextualised evidence during alert	Explicit consent (Art. 6.1.a GDPR)	90 days after the incident
Video stream	Contextualised evidence during alert	Explicit consent (Art. 6.1.a GDPR)	90 days after the incident
Photo	Contextualised evidence during alert	Explicit consent (Art. 6.1.a GDPR)	90 days after the incident
Device metadata (OS, model, IP)	Technical support and security	Legitimate interest (Art. 6.1.f GDPR)	Account duration + 1 year
Payment data	Payment processing via Stripe	Contract performance (Art. 6.1.b GDPR)	Legal accounting retention period
Email (communications)	Transactional notifications via SendGrid	Contract performance (Art. 6.1.b GDPR)	Account duration
Phone (SMS alerts)	Alert SMS sending via Twilio	Contract performance (Art. 6.1.b GDPR)	Account duration
Push identifier	Push notifications via Firebase	Contract performance (Art. 6.1.b GDPR)	Account duration
Error logs	Technical monitoring via Sentry	Legitimate interest (Art. 6.1.f GDPR)	90 days
Cookies and trackers	Site operation, statistics	Consent (Art. 6.1.a GDPR) / Legitimate interest	13 months maximum
Anonymised statistics	Service improvement	Legitimate interest (Art. 6.1.f GDPR)	Indefinite (anonymous data)
Email (waitlist)	Notification at service launch	Consent (Art. 6.1.a GDPR)	Until launch or unsubscription

Data collected by sensors (GPS, audio, video, photo) is only activated upon the User's individual opt-in. Each sensor is subject to specific and separate consent, revocable at any time.

Contextualised evidence is transmitted exclusively to the recipients designated by the User (trusted contacts and/or partner SOC).

Article 4 — Rights of individuals

In accordance with Articles 15 to 22 of the GDPR, you have the following rights:

Right of access to your personal data (Art. 15)
Right to rectification (Art. 16)
Right to erasure / right to be forgotten (Art. 17)
Right to restriction of processing (Art. 18)
Right to data portability (Art. 20)
Right to object (Art. 21)
Right to withdraw consent at any time for processing based on consent (Art. 7.3)

These rights may be exercised by email to dpo@csc-safe-tx.com or via the Application's dedicated features. CSC TX undertakes to respond within one (1) month, extendable by two (2) months in case of complexity.

Article 5 — Sub-processors

CSC TX uses the following sub-processors, with whom a Data Processing Agreement (DPA) has been concluded in accordance with Article 28 of the GDPR:

Sub-processor	Country	Service	DPA
OVH SAS	France (Gravelines, GRA)	Hosting, storage	Yes
Stripe	Ireland	Payments	Yes
Twilio	US (EU data residency)	Alert SMS	Yes
SendGrid (Twilio)	US (EU data residency)	Transactional emails	Yes
Firebase (Google)	Belgium	Push notifications	Yes
Sentry	US (EU data processing)	Error monitoring	Yes

Article 6 — Transfers outside the EU

Some sub-processors are located in the United States. Data transfers outside the European Economic Area are governed by Standard Contractual Clauses (SCC) adopted by the European Commission and, where applicable, by the EU-US Data Privacy Framework.

Article 7 — Security

CSC TX implements the following technical and organisational measures for data protection:

AES-256-GCM encryption of data at rest
TLS 1.3 encryption of data in transit
Ed25519 signature of collected evidence
Password hashing with Argon2id
Multi-factor authentication (MFA) available
Complete access logging (audit trail)
Scheduled automatic purge of temporary data

Article 8 — Cookies

The site and Application may use cookies. For details of the cookies used and to manage your preferences, please see our Cookie Policy at csc-safe-tx.com/legal/cookies.

Article 9 — Modifications

CSC TX reserves the right to modify this privacy policy at any time. In case of substantial modification, the User will be notified by email. The version in force is the one published on the website.

Article 10 — Complaint to the CNIL

If you believe that the processing of your personal data by CSC TX does not comply with the GDPR, you may lodge a complaint with the French Data Protection Authority (CNIL):

Commission Nationale de l'Informatique et des Libertés (CNIL) 3 Place de Fontenoy, 75007 Paris, France www.cnil.fr