Privacy Policy

Last updated: February 12, 2026

1. Data Controller

The data controller responsible for processing personal data is:

MADRA — SAS (simplified joint-stock company), SIREN 990 410 391
Registered office: 200 Rue de la Croix Nivert, 75015 Paris, France
Represented by its President
Email: hello@madra.io
Data Protection Officer (DPO): hello@madra.io

2. Data Collected

As part of our service, we collect the following data:

Data	Purpose	Legal Basis
First name	Website personalization and communication	Performance of contract
Email	Website delivery, communication, billing	Performance of contract
Phone number	Contact if needed (optional)	Legitimate interest
Professional activity	Website content creation	Performance of contract
Logo and uploaded files	Integration into the website	Performance of contract
Social media accounts	Integration of links on the website	Performance of contract
Payment data	Payment processing via Stripe	Performance of contract

3. Use of Data

Your data is used exclusively for:

The creation and delivery of your website
Managing your subscription and billing
Communication related to your order (website preview, modification requests)
Improving our services

We never sell your data to third parties. We do not use it for advertising purposes.

4. Data Sharing

Your data may be shared with the following service providers, strictly necessary for the performance of the service:

Stripe (United States) — Online payment processing
Netlify (United States) — Website hosting and server function execution

These providers are GDPR-compliant and have adequate safeguards in place for data protection.

5. Data Retention Period

Customer data: retained for the duration of the subscription, then 3 years after the end of the contract (legal obligation)
Payment data: retained by Stripe in accordance with their own policies
Uploaded files: retained for the duration of the subscription, deleted within 30 days after cancellation

6. Your Rights

In accordance with the GDPR, you have the following rights:

Right of access: obtain a copy of your personal data
Right of rectification: correct inaccurate data
Right to erasure: request the deletion of your data
Right to data portability: receive your data in a structured format
Right to object: object to the processing of your data
Right to restriction: restrict the processing of your data

To exercise your rights, contact us at hello@madra.io. We commit to responding within 30 days.

7. Cookies

The madra.io website uses only cookies strictly necessary for the operation of the site:

Session cookies: maintaining navigation
localStorage: temporary saving of form data to prevent loss in case of accidental closure

No advertising tracking, remarketing, or profiling cookies are used.

8. Security

We implement the following technical and organizational measures to protect your data:

SSL/TLS encryption across the entire website
Secure payments via Stripe (PCI-DSS certified)
Data access restricted to authorized personnel
Hosting on a secure infrastructure (Netlify)

9. Transfers Outside the EU

Some data may be transferred to the United States (Netlify hosting). These transfers are governed by standard contractual clauses in accordance with the GDPR.

10. Complaints

If you believe that the processing of your data is not compliant, you may file a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertes), the French data protection authority:

Website: www.cnil.fr
Address: 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, France

11. Changes

We reserve the right to modify this policy at any time. Changes take effect upon publication on this page. We encourage you to review it regularly.

12. Contact

For any questions regarding this privacy policy: hello@madra.io