Privacy Policy
La version française prévaut.
This privacy policy describes how AviarySoft collects, uses, and protects your personal data. This policy is established in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act.
1. Data Controller
Otteryx, Sole Proprietorship (Entrepreneur individuel) — SIRET 879 787 521 00027 — Registered office: refer to the trade registry (RCS Périgueux 879 787 521). Email: contact@aviarysoft.com
2. Personal Data Collected
2.1 Data provided by the user
| Data | Purpose |
|---|---|
| First and last name | Account identification |
| Email address | Authentication, communications |
| Password | Authentication (hashed with bcrypt) |
| Farm name and location | Personalization (optional) |
| Animal photos | Breeding management |
2.2 Automatically collected data
| Data | Purpose |
|---|---|
| IP address | Security, rate limiting |
| Device type and browser | Internal statistics |
| Pages visited | Service improvement (authenticated users only) |
| Connection timestamps | Security and audit |
3. Purposes and Legal Basis
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Provision and management of the Service | Contract performance |
| Application security | Legitimate interest |
| Internal statistics | Legitimate interest |
| Payment management | Contract performance |
4. Data Recipients
Your personal data is never sold or shared for commercial purposes.
| Subprocessor | Role | Location |
|---|---|---|
| OVHcloud SAS | Hosting | France (Roubaix) |
| Stripe, Inc. | Payments | EU / United States (standard contractual clauses) |
5. Data Retention Periods
| Data type | Duration |
|---|---|
| Account data | Account lifetime + 3 years after deletion |
| Business data (animals, eggs…) | Account lifetime + 3 years |
| Animal photos | Deleted upon account deletion |
| Security logs | 12 months |
| Payment data | Legal duration (10 years) |
| Usage statistics | Anonymized after 24 months |
6. Transfers Outside the EU
Your data is hosted in France (OVH, Roubaix). No systematic transfer outside the EU. When using Stripe, data may be transferred to the United States under the standard contractual clauses approved by the European Commission.
7. Cookies and Local Storage
AviarySoft does not use any cookies.
The application exclusively uses the browser's local storage (localStorage) for your authentication token and interface preferences. This data remains on your device and is not transmitted to third parties.
No third-party tracking service (Google Analytics, Facebook Pixel, etc.) is used.
8. Data Security
- Password encryption with bcrypt
- Encrypted communications via HTTPS/TLS
- JWT token authentication with automatic expiration
- Rate limiting
- Security headers (Helmet) against XSS and clickjacking
- Restrictive CORS policy
- Regular database backups
9. Your Rights
Under the GDPR, you have the following rights:
| Right | Description |
|---|---|
| Access (Art. 15) | Obtain a copy of your data |
| Rectification (Art. 16) | Correct inaccurate data |
| Erasure (Art. 17) | Request deletion of your data |
| Portability (Art. 20) | Receive your data in a readable format |
| Objection (Art. 21) | Object to the processing |
| Restriction (Art. 18) | Request restriction of processing |
To exercise your rights: contact@aviarysoft.com. Response within 30 days.
You may also file a complaint with the CNIL (3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France).
10. Modifications
We reserve the right to modify this policy. In case of substantial changes, we will inform you by email or notification within the application.