Privacy Policy

Updated: 2 June 2026

This policy describes how Dalila Amoca, a sole trader (hereinafter “ Winslor”) collects, uses and protects the personal data of users of the winslor.com website and the online platform, in accordance with Regulation (EU) 2016/679 (GDPR) and the amended French Law No. 78-17 (Data Protection Act).

1. Data Controller

The data controller is Dalila Amoca, a sole trader, whose registered office is located at 6 rue des Vergers, 67116 Reichstett, France.

Contact: contact@winslor.com.

2. Data collected

Winslor collects the following categories of data:

• Identity and contact details: surname, first name, email address, telephone number (optional).
• Account data: login details, password (hashed), role, associated workspace(s).
• Billing data: company name, billing address, Stripe Customer ID (bank details are processed exclusively by Stripe and do not pass through our servers).
• Usage data: connection logs, IP address, device type, usage traces of features.
• User content: products, orders, shop settings, uploaded media.
• Communications: emails exchanged with support, contact forms.

With regard to our Clients’ end customers (buyers from hosted shops), Winslor acts as a data processor within the meaning of the GDPR on behalf of the Client, who remains the data controller.

3. Purposes and legal bases

• Provision of the Service (performance of a contract): account management, order processing, content hosting.
• Invoicing and fraud prevention (legal obligation and legitimate interest).
• Technical support (performance of a contract).
• Improvement of the Service (legitimate interest), with aggregation/anonymisation measures.
• Marketing communications (consent, which may be withdrawn at any time).
• Security and logging (legitimate interest).

4. Recipients and processors

Data may only be disclosed to authorised persons (internal Winslor teams) and to the following data processors, selected for their compliance with GDPR standards:

• Stripe Payments Europe Ltd (Ireland) — payment processing and invoicing.
• Resend Inc. (USA) — sending transactional emails and newsletters.
• Cloudflare, Inc. (USA, R2 network) — storage of uploaded files.
• Neon Inc. (USA / EU instance — Frankfurt) — PostgreSQL database.
• Vercel Inc. (USA) — frontend hosting.
• Railway Corp. (USA) — API hosting.
• DeepL SE (Germany) — machine translation of content produced.

5. Transfers outside the European Union

Some processors are located outside the European Union (notably in the United States). These transfers are governed by: adherence to the EU-US Data Privacy Framework, standard contractual clauses adopted by the European Commission, and/or additional technical safeguards (encryption at rest and in transit).

6. Retention period

• Account data: duration of the contractual relationship + 3 years for marketing purposes, unless you object.
• Billing data: 10 years (accounting and tax requirements).
• Log files: 12 months (LCEN requirement).
• Shop content: for the duration of the subscription, then 30 days after termination, followed by permanent deletion.
• Newsletter: until you unsubscribe.

7. Your rights

In accordance with the GDPR, you have the following rights:

• Access to your data and a copy thereof;
• Correction of inaccurate or incomplete data;
• Erasure under the conditions set out in Article 17 of the GDPR;
• Restriction of processing;
• Objection to processing on legitimate grounds and to direct marketing;
• Portability of your data in a structured format;
• Setting guidelines regarding the handling of your data after your death.

To exercise these rights, please write to contact@winslor.com, providing proof of your identity. We will respond within one month.

You also have the right to lodge a complaint with the CNIL (cnil.fr).

8. Cookies and trackers

The website uses cookies that are strictly necessary for its operation (session, theme preference, language selection). No third-party advertising or audience measurement cookies are placed without prior consent.

You can configure your browser settings to manage cookies at any time. Refusing cookies may affect the proper functioning of certain features.

9. Security

Winslor implements appropriate technical and organisational measures to protect your data: TLS encryption in transit, encryption at rest, role-based access control, access logging, regular backups, and multi-tenant isolation at the application level.

In the event of a data breach likely to pose a risk to your rights and freedoms, you will be notified in accordance with Article 34 of the GDPR.

10. Changes to the policy

This policy may change. Any substantial changes will be posted on the website, and users with an account will be notified by email.