Privacy Policy

Last updated: May 2026

Compliant with the General Data Protection Regulation (GDPR — EU 2016/679)

Important: this English version is provided for information. ONELIX is operated by a French company and the French version is the reference version where required.
View the French reference version

1. Data controller

The controller of personal data collected through ONELIX is:

  • Controller: Kevin LEQUET, President of ONELIX
  • Company: ONELIX — Société par actions simplifiée (SASU)
  • SIRET: 10388711300019
  • Email: contact@onelix.io
  • Address: 782 chemin des mauvares, 13840, ROGNES, FRANCE

2. Data collected

2.1 Data provided directly

  • Upon registration: email address, password stored as a bcrypt hash and never in plain text.
  • Upon subscription: payment information processed exclusively by Stripe. ONELIX never stores bank card data.
  • When using the profile: language preferences and personalized alert thresholds.

2.2 Data collected automatically

  • Connection data: IP address, browser, date and time of connection through server logs retained for 30 days.
  • Aggregated usage data: visited pages and technical events required for audience measurement through self-hosted Matomo, without analytics cookies, without advertising cookies and without nominative individual tracking.

2.3 What we do not collect

  • No bank card data, managed by Stripe.
  • No advertising tracking cookies.
  • No precise location data.
  • No special category data within the meaning of Article 9 GDPR.

3. Purposes and legal bases

  • User account management — Legal basis: performance of a contract (Article 6.1.b GDPR).
  • Payment processing — Legal basis: performance of a contract (Article 6.1.b GDPR).
  • Transactional emails including confirmations, password resets, subscription and automatic-renewal notifications — Legal basis: performance of a contract (Article 6.1.b GDPR).
  • Market alerts where enabled — Legal basis: explicit consent (Article 6.1.a GDPR).
  • Service improvement through aggregated privacy-friendly audience measurement, subject to consent through tarteaucitron where required — Legal basis: consent (Article 6.1.a GDPR) or legitimate interest within the limits authorized by applicable regulations.
  • Legal and accounting obligations — Legal basis: legal obligation (Article 6.1.c GDPR).

4. Retention periods

  • Active account data: duration of the contractual relationship plus 3 years after termination.
  • Billing data: 10 years for accounting legal obligations.
  • Connection logs: 30 days.
  • Marketing or newsletter emails: until consent is withdrawn.
  • Deleted account data: permanent deletion within 30 days, subject to legal obligations.

5. Your rights

Under the GDPR, you have rights of access, rectification, erasure, restriction, portability and objection regarding your personal data.

To exercise these rights, contact us at: contact@onelix.io. We will respond within one month from receipt of the request, which may be extended under the conditions provided by the GDPR in case of complex requests.

You also have the right to lodge a complaint with the CNIL: www.cnil.fr

6. Data recipients

Your data may be transmitted to the following processors strictly for the provision of the service:

  • Stripe for payment, billing and subscription management — Privacy policy: stripe.com/privacy
  • Brevo for transactional emails — Hosted in Europe — Brevo policy
  • OVHcloud for hosting — Hosted in France — OVH policy
  • Self-hosted Matomo for privacy-friendly audience measurement — a statistical analytics solution controlled by ONELIX, configured without analytics cookies, with IP address anonymization, without individual profiling and without data resale.

Matomo is a website traffic statistics service self-hosted by ONELIX. It helps us understand, in aggregate form, which pages are viewed and how the service is used, without identifying visitors by name, without creating advertising profiles and without transmitting audience data to an advertising network.

No data is sold to third parties. No transfer outside the European Union is carried out without appropriate safeguards within the meaning of the GDPR.

7. Cookies

ONELIX uses a minimal number of cookies:

  • Session cookie: strictly necessary to maintain your login session and does not require consent.
  • Preference cookie: remembers display preferences such as language and theme and does not require consent.
  • No advertising or third-party tracking cookies.

ONELIX uses Matomo to measure website traffic and improve the service. Matomo is configured in a privacy-friendly manner: self-hosting, IP address anonymization, no analytics cookies, no nominative user identification and no advertising profiling.

Matomo loading is managed by the tarteaucitron consent tool. You may accept, refuse or change your choice at any time from the cookie management module.

8. Data security

  • HTTPS/TLS encryption for communications.
  • Passwords stored as irreversible bcrypt hashes.
  • JWT tokens with limited lifetime.
  • Firewall and SSH key-based access only.
  • Encrypted daily backups.

9. Changes to this policy

We reserve the right to modify this policy. In case of material change, you will be informed by email. The last update date is shown at the top of this page.

10. Contact

For any question about this policy or to exercise your rights: contact@onelix.io