This policy describes how Des Clics aux Clients (“we”, “our” or “Prospea”) collects, uses and protects personal data of people using prospea.co. It complies with the General Data Protection Regulation (GDPR).
1. Who we are
Des Clics aux Clients, SAS, registered under number SIREN à compléter (RCS à compléter), operates the Prospea service. Registered office: Adresse à compléter, France.
For any question about the protection of your data, write to us at privacy@prospea.co. We answer within 30 days.
2. Data we collect
2.1 Data you give us
- Identification: first and last name, email address, password (stored as a hash).
- Billing: banking details processed directly by our provider Stripe. We never store card numbers or CVCs.
- Sending configuration: SMTP credentials, SMS API keys - stored encrypted at rest.
- Product content: campaigns, email templates, call scripts, notes about your prospects.
2.2 Data collected automatically
- Technical logs: IP address, timestamps, page viewed, browser type. Kept for 12 months for security and debugging.
- Product analytics: anonymized events (e.g. campaign created, email sent). Contains no message content.
2.3 Data about prospects you import
When you use Prospea to prospect local businesses, we collect from public sources (Google Maps, public websites) professional data: business name, address, phone, professional email. You are the data controller for this data; we act as a processor.
3. Purposes and legal bases
| Purpose | Legal basis |
|---|---|
| Deliver the service and manage your account | Contract performance (Art. 6.1.b GDPR) |
| Billing and fraud prevention | Legal obligation and legitimate interest |
| Product improvement (anonymized analytics) | Legitimate interest |
| Customer support and transactional communications | Contract performance |
| Security and abuse detection | Legitimate interest |
4. Who we share your data with
Your data is never sold. It may be shared with the subprocessors listed on our subprocessors page, and with public authorities when required by law. Each subprocessor is bound by a contract imposing the same GDPR guarantees.
5. Retention periods
- Account data: while the contract is active + 30 days after deletion.
- Billing data: 10 years (French accounting obligation).
- Technical logs: 12 months.
- Transactional emails: 3 years, for evidence.
6. Your rights
Under GDPR Articles 15 to 22 you have the rights of: access, rectification, erasure, restriction, objection, portability and definition of post-mortem directives. You can exercise them from your “GDPR & data” space or by email to privacy@prospea.co.
You can also file a complaint with the CNIL (www.cnil.fr).
7. Security
We apply appropriate technical and organizational measures: TLS 1.2+ for all exchanges, encryption at rest for secrets (SMTP, API keys), per-user isolation at the database level, admin access logging, and regular security reviews.
8. International transfers
Some of our subprocessors are located outside the European Economic Area. Such transfers rely on Standard Contractual Clauses approved by the European Commission, ensuring an adequate level of protection.
9. Minors
Prospea is a professional tool. We do not knowingly collect data from anyone under 16. If you become aware of such a case, please contact us immediately.
10. Changes
Any material change will be notified to you by email at least 30 days before it takes effect. The current version is always available on this page.