Privacy Policy
1. Data controller
The Page Zero service is published by PROJECT ZERO, a French simplified joint-stock company (société par actions simplifiée) with a share capital of €1,000, registered with the French Trade and Companies Register under SIREN number 100 598 994, whose registered office is at 60 rue François Ier, 75008 Paris, France ("PROJECT ZERO", "we").
PROJECT ZERO acts as the data controller within the meaning of Regulation (EU) 2016/679 (the "GDPR") for all processing described in this policy. As a company established in France, PROJECT ZERO applies the GDPR to all of its users, wherever they live — including users in the United States.
Contact: arthur@pagezero.club
2. Data we collect
We only collect the data needed to provide the Service:
- Account data: email address, password (stored exclusively in hashed form — never in plain text), preferred language, email verification status. If you sign in with Google, the identifier of the linked Google account.
- Billing data: subscribed plan, subscription status and your customer identifier with our payment provider Stripe. Card details are collected and processed directly by Stripe; they never pass through our servers.
- Session and security data: IP address, device identifier, user agent (browser), sign-in timestamps, failed sign-in counters. This data is used to keep your account secure (unauthorized-access detection, anti-intrusion lockout, rate limiting).
- Content you enter in the Service: the product information you provide to generate your listings (titles, descriptions, keywords) and the generated listings.
- Newsletter: email address and proof of consent (accepted wording, date, IP address, user agent, language), as required to demonstrate that consent was collected.
- Support exchanges: the content of emails you send us.
We do not collect any "special category" data within the meaning of Article 9 GDPR, and we do not carry out any fully automated decision-making producing legal effects concerning you.
3. Purposes and legal bases
| Purpose | Data involved | Legal basis (Art. 6 GDPR) |
|---|---|---|
| Providing the Service (account, listing generation, sharing) | Account, content | Performance of the contract |
| Billing and subscription management | Billing | Performance of the contract; legal obligation (invoice retention) |
| Account security and fraud prevention | Session and security | Legitimate interest (protecting the Service and its users) |
| Sending the newsletter | Email, proof of consent | Consent (withdrawable at any time via the unsubscribe link) |
| Transactional emails (email verification, password reset, billing notifications) | Account | Performance of the contract |
| Support | Support exchanges | Performance of the contract; legitimate interest |
4. Recipients and processors
Your data is never sold or rented. It is processed only by the technical processors required to operate the Service, each bound by a data processing agreement (DPA):
- Vercel (application hosting);
- Neon (database hosting);
- Stripe (payments and billing);
- Resend (transactional and newsletter email delivery);
- Google ("Sign in with Google" authentication, where applicable; processing of generations through the Gemini API — the product information you submit for generation is transmitted to that API);
- Inngest (technical orchestration of generation jobs).
5. Transfers outside the European Union
Some of our processors are established in the United States or may process data there. These transfers are governed by the mechanisms provided for in Chapter V of the GDPR: an adequacy decision (EU-U.S. Data Privacy Framework) for certified providers, or the European Commission's Standard Contractual Clauses.
6. Retention periods
- Account data and content: for the duration of the subscription, then 3 (three) years from the end of the contractual relationship, unless a longer retention period is required by law.
- Data generated during the free trial: 30 (thirty) days after the trial ends, then permanently deleted.
- Invoices: 10 (ten) years (statutory accounting obligation).
- Newsletter: until you unsubscribe; proof of consent is kept while the subscription is active, then for 3 (three) years.
- Security logs and sessions: only as long as strictly necessary for the security purpose.
7. Your rights
Under Articles 15 to 22 GDPR, you have the rights of access, rectification, erasure, restriction of processing, data portability and objection, as well as the right to withdraw your consent at any time for processing based on it (newsletter).
To exercise these rights, contact us at arthur@pagezero.club. We respond within one month. You also have the right to lodge a complaint with the French supervisory authority, the Commission Nationale de l'Informatique et des Libertés (CNIL), 3 place de Fontenoy, 75007 Paris, France — www.cnil.fr, or with your local supervisory authority.
8. Cookies
The Platform uses cookies that are strictly necessary for its operation: a session cookie (authentication), a device identifier (session security) and a language preference. These technical cookies do not require consent. The Platform does not use advertising cookies or third-party tracking.
9. Security
We implement appropriate technical and organizational measures: strong password hashing, encrypted communications (TLS), revocable sessions with rotation on IP address change, account lockout after failed sign-in attempts, rate limiting, and segregated administrator access.
10. Changes to this policy
Any material change to this policy will be published on this page, with the date at the top of the document updated. If a change significantly affects your rights, we will notify you by email.
11. Contact
For any question about this policy or your personal data: arthur@pagezero.club, or by post: PROJECT ZERO, 60 rue François Ier, 75008 Paris, France.