Privacy Policy

1. Introduction

Data Controller: Abas Konaté, Sole Proprietorship, registered in France.

2. Data Controller and Contact

  • Data Controller: NLTS
  • Registered Office: 170 Bd de la 1er armee, 60280 Venette
  • Company Registry / SIRET: 99116931900019
  • Email for Privacy / GDPR Requests: support@nlts.app

3. Categories of Personal Data Collected

We may collect and process:

  • Identification and Account Data: email, username, password (hashed), profile information
  • Subscription and Billing Data: plan, status, billing history, limited payment details, transaction IDs (e.g. Stripe)
  • Usage and Analytics Data: IP, browser, device, access dates, pages viewed, features used
  • AI Interaction Data: prompts, AI responses, conversation context
  • Support and Communication Data: messages sent via contact form or email
  • Cookies and Similar Technologies: see Cookies section below

4. Purposes and Legal Bases

  • Provision of the Service and Account Management, Legal basis: performance of a contract (Art. 6(1)(b) GDPR)
  • Subscription and Payment Management, Legal basis: contract and legitimate interest (fraud prevention)
  • Customer Support and Communication, Legal basis: contract and legitimate interest
  • Analytics, Service Improvement, AI Optimization, Legal basis: legitimate interest
  • Marketing / Newsletters, Legal basis: consent (where required) or legitimate interest with opt‑out
  • Compliance with Legal Obligations, Legal basis: legal obligation (Art. 6(1)(c))

5. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy and in accordance with applicable law:

- Account data: retained for the duration of the account and deleted or anonymized within 12 months after account closure.
- Subscription and billing data: retained for up to 10 years for accounting purposes under French law.
- Usage and analytics data: retained for up to 24 months.
- AI interaction data: retained as long as necessary to provide and improve the Service, and then deleted or irreversibly anonymized.

6. Data Recipients and International Transfers

We may share personal data with authorized internal personnel and trusted third-party service providers, including Stripe (acting as Merchant of Record and payment processor), hosting providers such as DigitalOcean, analytics providers, and AI/data infrastructure providers.

Some of these providers may be located outside the European Economic Area (EEA), including in the United States. Where such transfers occur, appropriate safeguards are implemented in accordance with GDPR, including adequacy decisions or Standard Contractual Clauses adopted by the European Commission.

7. Your Rights

Under GDPR and applicable data protection laws, you have the right of access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, objection, and withdrawal of consent where processing is based on consent.

You also have the right to lodge a complaint with a supervisory authority. In France, the competent authority is the CNIL (Commission Nationale de l’Informatique et des Libertés).

To exercise your rights, please contact us at: support@nlts.app.

8. Security

We implement appropriate technical and organizational measures to protect personal data, including secure hosting environments, encrypted HTTPS connections, access controls, and authentication safeguards. However, no method of transmission or storage is completely secure, and absolute security cannot be guaranteed.

9. Cookies and Similar Technologies

We use strictly necessary cookies required for authentication and security. We may also use preference and analytics cookies to improve user experience and performance.

Where required by applicable law, we request consent before placing non-essential cookies and provide users with a mechanism to manage cookie preferences.

10. Third-Party Services

The Service relies on third-party providers, including Stripe (payment processing as Merchant of Record), hosting providers, analytics services, and AI/data infrastructure providers. These entities process personal data either as processors acting on our behalf or as independent controllers under their own privacy policies.