Privacy policy

Last updated: 2026-03-01

1. Data controller

The data controller for personal data collected on the website framistik.com is:
Frédéric Fillon, individual acting in a personal capacity.
Hosting provided by DBL France, 38 B Boulevard Victor Hugo – 06000 NICE – France.

2. Data collected

In the course of using the Website, the following personal data may be collected:

  • During registration: first name, last name, e-mail address, password (stored as a cryptographic hash).
  • During login: e-mail address, IP address, date and time of connection.
  • During use of the service: data relating to projects created (frame parameters, saved presets).
  • Technical data: IP address, browser type, operating system, pages visited, date and time of access (server logs).

3. Purposes of processing

Personal data is collected and processed for the following purposes:

  • Creation and management of the user account;
  • Provision and improvement of the service;
  • E-mail address verification;
  • Securing access to the service (anti-bot protection via Cloudflare Turnstile);
  • Service-related communications (technical notifications);
  • Compliance with legal obligations.

4. Legal basis for processing

Data processing is based on the following legal grounds (Article 6 of the GDPR):

  • Performance of a contract: creating an account and providing the service require the processing of registration data.
  • Legitimate interest: securing the website, preventing fraud and improving the service.
  • Legal obligation: retention of certain data in accordance with French legislation.
  • Consent: for any processing not falling into the above categories (where applicable).

5. Data retention period

  • Account data: retained for the duration of registration, then deleted within 3 months after account deletion.
  • Connection data and logs: retained for 12 months in accordance with French legal obligations (LCEN).
  • Project data: retained for the duration of the account, deleted along with the account.

6. Data recipients

Personal data is not sold, exchanged or rented to third parties. It may be shared with technical service providers necessary for the operation of the service (hosting provider). Data may be disclosed to the competent authorities upon lawful request.

7. Data transfers outside the EU

The service uses Cloudflare Turnstile for anti-bot protection. This service may result in data transfers to the United States. Cloudflare participates in the EU-U.S. Data Privacy Framework. Apart from this, data is hosted and processed within the European Union.

8. Cookies and trackers

The Website uses the following cookies:

  • Strictly necessary cookies: session cookies for website operation and user authentication. These cookies do not require consent (Article 82 of the French Data Protection Act).
  • Cloudflare Turnstile: technical security cookie for anti-bot verification.

The Website does not use advertising cookies or third-party tracking cookies for analytics purposes. No audience analysis tools (Google Analytics, etc.) are used.

9. Your rights

Under the General Data Protection Regulation (GDPR) and the French Data Protection Act, you have the following rights:

  • Right of access (Article 15 GDPR): obtain confirmation that your data is being processed and receive a copy.
  • Right to rectification (Article 16): request correction of inaccurate or incomplete data.
  • Right to erasure (Article 17): request deletion of your data under the conditions provided by the regulation.
  • Right to restriction of processing (Article 18): request suspension of data processing in certain cases.
  • Right to data portability (Article 20): receive your data in a structured, commonly used and machine-readable format.
  • Right to object (Article 21): object to the processing of your data on legitimate grounds.
  • Right to withdraw consent at any time, when processing is based on consent.
  • Right to define directives regarding the fate of your data after death (French Data Protection Act).

To exercise your rights, you may contact the data controller by e-mail. A response will be provided within a maximum of one month. Proof of identity may be requested in case of doubt.

10. Data security

The publisher implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration or disclosure. Passwords are stored as cryptographic hashes and are never stored in plain text.

11. Complaints to the CNIL

If you believe that the processing of your personal data constitutes a violation of the GDPR, you have the right to lodge a complaint with the French Data Protection Authority (CNIL):
CNIL – 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
Website: www.cnil.fr

12. Related pages