Privacy Policy

Last updated: 29 April 2026

  • Preamble

    This privacy policy describes how HomeOpen SAS ("HomeOpen", "we") collects, uses and protects the personal data of users of the Zone Chalandise platform ("the Platform"), available at zonechalandise.fr. It is drafted in compliance with Regulation (EU) 2016/679 (GDPR) and the French Data Protection Act n° 78-17 of 6 January 1978 as amended.

  • Data controller

    The data controller is HomeOpen SAS, a simplified joint-stock company with share capital of €1,000, whose registered office is at 60 rue François 1er, 75008 Paris, registered with the Paris Trade and Companies Register under number 978 338 366. For any question regarding the processing of your data, you may contact us at [email protected].

  • Data collected

    We collect the following categories of data: (i) account data provided at sign-up (first name, last name, email address, hashed password); (ii) billing data processed by our service provider Stripe (card details do not transit our servers); (iii) usage data generated by your use of the Platform (catchment zones drawn, demographic queries, polygon identifiers, Google Maps searches launched); (iv) technical logs (API paths called, query parameters, timestamp, user identifier). The body of POST requests is not retained.

  • Purposes of processing

    Your data is processed for the following purposes: (a) provision of the service (account creation, authentication, execution of requested analyses); (b) billing and subscription management; (c) user support; (d) product improvement and aggregated usage statistics; (e) compliance with legal and accounting obligations; (f) fraud prevention and enforcement of free-tier limits.

  • Legal bases

    Processing relies on: (i) performance of the contract entered into when you sign up, for the provision of the service and billing; (ii) compliance with legal obligations for retention of accounting records; (iii) HomeOpen's legitimate interest for internal usage statistics, security of the Platform and enforcement of the free tier; (iv) your consent where applicable for any optional processing presented to you.

  • Recipients and processors

    Your data may be transmitted to our technical sub-processors acting on our instructions and bound by an agreement compliant with Article 28 GDPR: Stripe Payments Europe Ltd. (Ireland, payments); DigitalOcean LLC (United States, application and database hosting — transfers covered by Standard Contractual Clauses); Lobstr.io (France, Google Maps scraping); Google LLC via the Geocoding API (United States, address geocoding — transfers covered by Standard Contractual Clauses); Mapbox and IGN (mapping). Your data is not sold or otherwise commercially transferred to third parties.

  • Retention periods

    Account data is retained for as long as your account is active, then deleted within 30 days following your deletion request. Technical logs are retained for a maximum of 12 months, with the exception of counters required to enforce the free tier which are retained for the lifetime of the account. Accounting records (invoices) are retained for 10 years pursuant to Article L.123-22 of the French Commercial Code. Data needed for fraud prevention is retained for 13 months following the last interaction.

  • Your rights

    In accordance with the GDPR, you have rights of access, rectification, erasure, restriction, objection and portability regarding your data, as well as the right to set instructions regarding the fate of your data after your death. You may exercise these rights by writing to [email protected]; we may ask you for proof of identity. You also have the right to lodge a complaint with the French Data Protection Authority (CNIL), 3 place de Fontenoy, 75007 Paris, or via cnil.fr.

  • Cookies and trackers

    The Platform only uses cookies strictly necessary for its operation (authentication, language preference, in-progress analysis cart), exempt from prior consent under CNIL deliberation n° 2020-091. No advertising or third-party audience-measurement cookies are placed.

  • Security

    We implement technical and organisational measures to protect your data against loss, alteration and unauthorised access: TLS encryption of communications, password hashing, database access controls, regular backups and access logging.

  • Changes to this policy

    This policy may be modified to reflect legal, technical or functional developments. Any substantial change will be notified to you by email or by a notice on the Platform. The last-updated date is shown at the top of this document.

  • Contact

    For any question regarding this policy or the exercise of your rights: [email protected].