Privacy Policy
- Zevra collects only the data necessary to run its services and never sells it to third parties.
- Your data is retained for limited, specific periods depending on its nature (from 13 months for cookies to 10 years for billing data).
- When you use the AI tools with client files, you remain the data controller: Zevra acts solely as a processor, governed by a DPA.
- You have 8 rights over your data (access, rectification, erasure, etc.) and can exercise them with a simple email.
- This policy complies with the GDPR (EU 2016/679) and the French Data Protection Act of 6 January 1978.
Data controller
The company that collects and uses your personal data is:
- Legal name
- ZEVRA, SAS
- Share capital
- 1,000 euros
- Registration
- Toulon Trade and Companies Register — SIREN 101 202 216
- Registered office
- Le Pradet (83), France
- Personal data contact
- contact@zevra.tech
The "data controller" is the entity that decides why and how your data is used. That's Zevra. If you have a question about your data, Zevra is who you contact.
Data collected and purposes
Zevra collects data in five distinct situations, each governed by a specific legal basis.
The GDPR requires that every data processing rest on a legal justification known as a "legal basis". The three main ones are: your consent, the performance of a contract with you, and the company's legitimate interest (provided your rights take precedence).
2.1 Contact form and appointment booking
Zevra collects your last name, first name, email address, profession and your message. This data is used to respond to your requests and to organize business discussions.
Legal basis: legitimate interest (art. 6.1.f GDPR) or pre-contractual measures (art. 6.1.b GDPR).
2.2 Registration and access to services
For the Store, Club, Bootcamp and Studio services, Zevra collects your last name, first name, email address, billing data and professional information. This data is used to create your account, deliver the services and issue invoices.
Legal basis: performance of the contract (art. 6.1.b GDPR).
2.3 Browsing the site
Zevra collects your IP address, the type of browser used, the pages visited and the duration of your visit. This data is used to analyze site performance and improve your experience.
Legal basis: consent (art. 6.1.a GDPR) for non-essential cookies and trackers.
2.4 Use of the Store's AI tools
Zevra collects the documents and data you submit to the tools (MCP Factory, Supernovia, Lexform Pro, Plume). This data is used to perform the requested service and improve the tools.
Legal basis: performance of the contract (art. 6.1.b GDPR).
When you submit to the AI tools documents containing the personal data of third parties (parties to a dispute, case-file data, etc.), you act as the data controller and Zevra becomes your processor. A Data Processing Agreement (DPA) necessarily governs this relationship.
2.5 Applications and partner relationships
Zevra collects the professional information and contact details you provide voluntarily. This data is used to manage business and partnership relationships.
Legal basis: legitimate interest (art. 6.1.f GDPR).
Retention period
Zevra keeps your data only for as long as necessary for the purposes for which it was collected, or to comply with its legal obligations.
| Data category | Retention period |
|---|---|
| Contact and prospect data | 3 years from the last contact |
| Client data (accounts, contracts) | 5 years from the end of the contractual relationship |
| Billing data | 10 years — legal obligation (art. L.123-22 French Commercial Code) |
| Browsing data and cookies | 13 months maximum (CNIL recommendation) |
| Documents processed via the AI tools | Duration of the session or per the account settings, 12 months at most |
| Unsuccessful applications | 2 years maximum |
At the end of these periods, your data is deleted or anonymized. The 10-year retention of billing data is required by law and is not up to Zevra.
Data recipients
Zevra shares your data only with the categories of people strictly necessary:
- Authorized members of the Zevra team, within the limits of their duties.
- Technical providers acting as processors: Vercel hosting, payment solution, CRM tool, emailing tools, AI model providers.
- The competent authorities, solely in connection with legal obligations or a judicial request.
Zevra never sells or rents your personal data to third parties for commercial purposes. Ever.
Transfers outside the European Union
Some of Zevra's providers process data outside the European Union. Each transfer is governed by the safeguards set out in Chapter V of the GDPR.
- Vercel Inc. (hosting, United States): transfer governed by the European Commission's standard contractual clauses and the EU-US Data Privacy Framework.
- AI model providers (OpenAI, Anthropic, Google depending on the tools): transfer governed by the applicable standard contractual clauses.
"Standard contractual clauses" (SCCs) are standardized contracts approved by the European Commission. They require non-EU companies to protect your data to the same standards as in Europe.
Your rights
In accordance with articles 15 to 22 of the GDPR and the French Data Protection Act, you have eight rights over your personal data.
Right of access
Obtain confirmation that your data is being processed and receive a copy. (art. 15 GDPR)
Right to rectification
Have inaccurate data corrected or incomplete data completed. (art. 16 GDPR)
Right to erasure
Request the deletion of your data in the cases provided for by the GDPR. (art. 17 GDPR)
Right to restriction
Request the temporary suspension of the processing of your data. (art. 18 GDPR)
Right to portability
Receive your data in a structured, machine-readable format. (art. 20 GDPR)
Right to object
Object to processing based on legitimate interest or to processing for marketing purposes. (art. 21 GDPR)
Withdrawal of consent
Withdraw your consent at any time for processing based on that legal basis.
Post-mortem directives
Set instructions regarding the fate of your data after your death.
How to exercise your rights
Send your request by email, attaching a copy of a proof of identity.
Zevra undertakes to respond within one month.
Right to lodge a complaint with the CNIL
If you believe that the processing of your data does not comply with the regulations, you may lodge a complaint with the French Data Protection Authority (CNIL).
- Supervisory authority
- Commission Nationale de l'Informatique et des Libertés (CNIL)
- Postal address
- 3 Place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07, France
- Website
- www.cnil.fr
Data security
Zevra implements appropriate technical and organizational measures to ensure the security and confidentiality of your data, in accordance with article 32 of the GDPR.
These measures include in particular:
- Encryption of data in transit (HTTPS/TLS).
- Strict access control to systems and data.
- Pseudonymization of sensitive data via Lexform Pro.
- Regular security audits.
If a data breach is likely to result in a risk to your rights and freedoms, Zevra notifies the CNIL within 72 hours (art. 33 GDPR). If the risk is high, Zevra also informs you without undue delay (art. 34 GDPR).
Changes to this policy
Zevra reserves the right to amend this policy at any time to reflect legal, regulatory or technical developments.
The date of the latest update is shown at the top of the document. Any substantial change is notified to the users concerned by email or via a visible notice on the site.
If Zevra significantly changes the way your data is used, you will be informed before the change takes effect. You won't have to monitor this page regularly to stay informed.