Privacy Policy

Last updated: February 12, 2026

1. Data Controller

The data controller responsible for processing personal data is:

• MADRA, SAS (simplified joint-stock company), SIREN 990 410 391
• Registered office: 200 Rue de la Croix Nivert, 75015 Paris, France
• Represented by its President
• Email: hello@madra.io
• Data Protection Officer (DPO): hello@madra.io

2. Data Collected

As part of our service, we collect the following data:

Data	Purpose	Legal Basis
First name	Website personalization and communication	Performance of contract
Email	Website delivery, communication, billing	Performance of contract
Phone number	Contact if needed (optional)	Legitimate interest
Professional activity	Website content creation	Performance of contract
Logo and uploaded files	Integration into the website	Performance of contract
Social media accounts	Integration of links on the website	Performance of contract
Payment data	Payment processing via Stripe	Performance of contract

3. Use of Data

Your data is used exclusively for:

• The creation and delivery of your website
• Managing your subscription and billing
• Communication related to your order (website preview, modification requests)
• Improving our services

We never sell your data to third parties. Your account data (orders, billing) is not used for advertising purposes. The use of audience-measurement and advertising cookies on the website is described in section 7 and subject to your consent.

4. Data Sharing

Your data may be shared with the following service providers, strictly necessary for the performance of the service:

• Stripe (United States), online payment processing
• Netlify (United States), website hosting and server function execution
• Google (United States), audience measurement (Google Analytics) and advertising (Google Ads), only with your consent
• Meta (United States), advertising and conversion measurement (Meta Pixel), only with your consent

Stripe and Netlify are strictly necessary for the performance of the service. Google and Meta are only activated with your consent (see section 7). Transfers to the United States are governed by the Data Privacy Framework (DPF), to which these companies are certified, or by standard contractual clauses.

5. Data Retention Period

• Customer data: retained for the duration of the subscription, then 3 years after the end of the contract (legal obligation)
• Payment data: retained by Stripe in accordance with their own policies
• Uploaded files: retained for the duration of the subscription, deleted within 30 days after cancellation

6. Your Rights

In accordance with the GDPR, you have the following rights:

• Right of access: obtain a copy of your personal data
• Right of rectification: correct inaccurate data
• Right to erasure: request the deletion of your data
• Right to data portability: receive your data in a structured format
• Right to object: object to the processing of your data
• Right to restriction: restrict the processing of your data

To exercise your rights, contact us at hello@madra.io. We commit to responding within 30 days.

7. Cookies

The madra.io website uses the following categories of cookies and trackers:

• Strictly necessary cookies: session cookies (maintaining navigation) and localStorage (temporary saving of form data). Exempt from consent.
• Audience measurement: Google Analytics 4, to analyze traffic and improve the site.
• Advertising: Google Ads and Meta Pixel, to measure the effectiveness of our campaigns and conversions.

In the European Union, the EEA, the United Kingdom, and Switzerland, audience-measurement and advertising cookies are only placed after your consent, collected via the banner shown on your first visit. You can accept, decline, or withdraw your consent at any time, with no impact on your browsing. If you decline, audience measurement continues in an aggregated and anonymous way (without cookies or identifiers), in accordance with Google's consent mode.

Outside these regions, tracking may be active by default, in accordance with applicable local regulations.

8. Security

We implement the following technical and organizational measures to protect your data:

• SSL/TLS encryption across the entire website
• Secure payments via Stripe (PCI-DSS certified)
• Data access restricted to authorized personnel
• Hosting on a secure infrastructure (Netlify)

9. Transfers Outside the EU

Some data may be transferred to the United States (Netlify hosting). These transfers are governed by standard contractual clauses in accordance with the GDPR.

10. Complaints

If you believe that the processing of your data is not compliant, you may file a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertes), the French data protection authority:

• Website: www.cnil.fr
• Address: 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, France

11. Changes

We reserve the right to modify this policy at any time. Changes take effect upon publication on this page. We encourage you to review it regularly.

12. Contact

For any questions regarding this privacy policy: hello@madra.io