1. Data controller

The data controller is Beva Agency, reachable at contact@rephrase.fr.

2. Data collected

  • Email address and account identifiers;
  • Original and humanized texts (encrypted at rest);
  • Text samples used to create a personalized writing style (encrypted at rest);
  • Payment data (handled by Stripe; Rephrase stores no banking data);
  • Strictly anonymized technical logs (IP, user-agent) for security and anti-abuse purposes;
  • Usage preferences (language, history, emails).

3. Purposes

  • Provision of the humanization service;
  • Billing and accounting obligations;
  • Security and fraud prevention;
  • Service improvement (aggregated statistics);
  • Transactional communication and, with consent, marketing.

4. Legal basis

Performance of the contract (Terms of Use/Terms of Sale), legitimate interest (security, improvement), legal obligation (accounting) and consent (marketing newsletter).

5. Retention period

Data is kept for as long as the account exists. If the account is deleted, the data is erased immediately, with the exception of invoices, which are kept for 12 months to meet accounting obligations.

6. Sub-processors

  • OpenAI (United States): generation of humanized texts. We request the "Zero Data Retention" arrangement, which excludes your texts from OpenAI’s monitoring systems.
  • Stripe (Ireland/United States): payment processing.
  • Contabo (Germany): server hosting.
  • OVH (France): sending of transactional emails.

7. Security

Original texts, humanized texts and the samples used for personalized writing styles are encrypted at rest with the AES-256-GCM algorithm, the key being stored server-side in a protected location. All communications are encrypted with TLS 1.3.

8. GDPR rights

You have the rights of access, rectification, erasure, objection and portability. You may exercise them from your Settings area or by writing to contact@rephrase.fr.

The "Delete my account" button performs a complete and immediate deletion, with no anonymization or backup retention.

9. Cookies

Rephrase only uses cookies that are strictly necessary for operation (session, theme). See Cookies.

10. Complaint

In the event of a disagreement, you may lodge a complaint with the CNIL, the French data protection authority (www.cnil.fr).