CubeLaps
CubeLaps
Pricing
LoginCreate

Privacy Policy

Last updated: 2026-02-23

1. Data Controller

CubeLaps SAS ("we", "our") is the data controller for your personal data under the General Data Protection Regulation (GDPR).

This privacy policy explains how we collect, use, store, and protect your data when you use the CubeLaps service at cubelaps.com.

2. Data Collected

We collect the following data:

  • Identification data: name, email address, password (hashed)
  • Payment data: processed by Stripe (we do not store your card numbers)
  • Usage data: projects created, descriptions submitted, audit results
  • Technical data: IP address, user agent, access logs
  • Cookies: language preferences, authentication (httpOnly JWT)

3. Purpose of Processing

Your data is used to:

  • Provide and improve the Service (legal basis: contract performance)
  • Manage your account and subscriptions
  • Ensure the security of the Service and prevent abuse
  • Send Service-related communications (legal basis: legitimate interest)
  • Comply with legal obligations

4. Hosting & Transfers

Your data is hosted on:

  • MongoDB Atlas (database) — AWS EU hosting (Ireland)
  • Railway (backend API) — US/EU infrastructure
  • Vercel (frontend) — global CDN
  • Stripe (payments) — PCI DSS certified

We only transfer data outside the EU to providers offering adequate safeguards (standard contractual clauses, adequacy decisions).

5. Data Retention

  • Account data: retained for the duration of your account + 3 years after deletion
  • Payment data: 10 years (French accounting obligations)
  • Technical logs: 12 months
  • Cookies: see our Cookie Policy

6. Your Rights

Under the GDPR, you have the following rights:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time

To exercise your rights: privacy@cubelaps.com

You may also file a complaint with the CNIL (www.cnil.fr).

7. Security

We implement technical and organizational measures to protect your data: encryption in transit (TLS) and at rest, password hashing (bcrypt), restricted data access, access logging, and regular audits.

8. Changes

We may update this policy at any time. Material changes will be communicated by email. The date of the last update appears at the top of this page.

DPO contact: dpo@cubelaps.com