HelloSocials

Privacy Policy

Last updated: 2026 — Compliant with GDPR (EU) 2016/679

1. Data controller

Hello Factory, a French SASU, is the data controller for personal data collected via the HelloSocials platform.

DPO contact: privacy@hellosocials.fr

2. Data collected

We collect the following data:

  • Identity data: first name, last name, email address, password (hashed)
  • Connection data: IP address, browser, date and time of connection
  • Content data: text, images and videos uploaded for publication
  • Billing data: payment information processed by Stripe (we do not store card numbers)
  • OAuth tokens: access tokens for connected social networks (encrypted)

3. Purposes of processing

  • Providing and improving the HelloSocials service
  • Managing subscriptions and billing
  • Automatic publishing to connected social networks
  • Sending transactional notifications (via Resend)
  • Fraud prevention and security
  • Compliance with our legal obligations

4. Legal basis

  • Contract performance: processing necessary to provide the service
  • Legitimate interest: security, fraud prevention, service improvement
  • Legal obligation: retention of billing data
  • Consent: marketing communications (explicit opt-in)

5. Sub-processors and recipients

ProviderPurposeCountry
VercelHostingUSA (SCC)
SupabaseDatabaseEU
StripePaymentsUSA (SCC)
ResendTransactional emailsUSA (SCC)
Trigger.devTask orchestrationEU

SCC = Standard Contractual Clauses approved by the European Commission.

6. Retention periods

  • Account data: duration of subscription + 3 years
  • Billing data: 10 years (accounting obligation)
  • Connection logs: 12 months
  • Published content: deleted upon account closure

7. Security

We implement the following technical measures:

  • HTTPS/TLS encryption for all communications
  • Hashed passwords (bcrypt)
  • OAuth tokens encrypted at rest (AES-256)
  • Data access restricted to authorised personnel
  • Daily encrypted backups

8. Your rights

Under the GDPR, you have the following rights:

  • Access: obtain a copy of your data
  • Rectification: correct inaccurate data
  • Erasure: delete your account and data
  • Portability: receive your data in a structured format
  • Objection: object to certain processing activities
  • Restriction: restrict processing in certain cases

To exercise these rights: privacy@hellosocials.fr
Response time: maximum 30 days.
Complaint authority: ICO (UK) / your national data protection authority

9. Cookies

HelloSocials only uses cookies essential to the service:

  • Session: maintaining user login
  • Preferences: theme (light/dark), language

No advertising or third-party tracking cookies are used.

10. Changes

Any material change to this policy will be notified by email with 30 days' notice. The current version is always available on this page.