app logoSalesTouch

Privacy Policy

Version 1.0 – Effective 23 May 2025

1. PURPOSE

This Privacy Policy explains how SalesTouch (sole proprietorship of Antoine Deschamps), located at 38 place Maria Callas, 34660 Cournonterral, France ("SalesTouch", "we", "our"), collects, uses, discloses, and protects personal data when you ("you", "User") use the SalesTouch platform and related services available at https://salestouch.io (the "Service"). It also describes your rights under Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR), the French Data Protection Act (Loi 78-17) and other applicable laws.

2. DATA CONTROLLER

For all data identified in this Policy, SalesTouch acts as data controller. You can reach us at antoine@salestouch.io.

Hosting of the Service is provided by Vercel Inc., which stores production data in Vercel-managed data centers located in the European Economic Area (EEA) by default. Vercel acts as sub-processor under our data-processing agreement.

3. SCOPE

This Policy applies to:

  • Visitors to the salestouch.io website;
  • Registered Users of the SalesTouch SaaS application;
  • Prospects whose data is imported into the platform by Users.

4. CATEGORIES OF PERSONAL DATA

| Category | Examples | Source | | ---------------------------- | ------------------------------------------------------------------------- | --------------------------------------------- | | Identification & Contact | Name, business email, phone, employer, job title | Provided by User, enriched via public sources | | Account Credentials | Login email, hashed password, authentication tokens | Provided by User | | Billing & Payment | Billing address, VAT number; payment data processed by Stripe (tokenised) | Provided by User / Stripe | | Usage Data | Log files, feature interactions, session metadata, emails sent | Collected automatically | | Prospect Data | Lead lists imported by User, AI-generated messages | Provided by User | | Support Data | Chat transcripts, tickets, feedback | Provided by User | | Technical Data | IP address, browser, device, cookies, localStorage | Collected automatically |

5. LEGAL BASES FOR PROCESSING

| Purpose | Legal Basis (Art. 6 GDPR) | | -------------------------------- | --------------------------------------------------------------------------------- | | Provide and secure the Service | b) Contract | | Improve and develop new features | f) Legitimate interest | | Direct marketing to Users | f) Legitimate interest | | Email marketing to prospects | a) Consent or f) Legitimate interest when GDPR e-privacy exemptions apply | | Billing & compliance | c) Legal obligation | | Respond to support requests | b) Contract |

6. DATA RETENTION

  • Account Data: stored for the lifetime of the account and 12 months after closure.
  • Prospect Data & AI outputs: retained until deleted by the User or 90 days after account closure.
  • Logs: retained 6 months for security, up to 24 months aggregated for analytics.
  • Invoices & transactional records: retained 10 years under French accounting law.

7. RECIPIENTS & SUB-PROCESSORS

We share data only with trusted partners bound by GDPR-compliant agreements:

  • Vercel Inc. – hosting & CDN (EU data centers)
  • OpenAI Ireland Ltd. – AI text generation (EEA region or SCCs)
  • Stripe Payments Europe Ltd. – payments (EU)
  • Postmark (ActiveCampaign) – transactional email (EU data center)
  • Plausible Analytics OÜ – privacy-friendly analytics (EU) A current list is maintained at https://salestouch.io/subprocessors. We will notify Users at least 30 days before adding or replacing a sub-processor.

8. INTERNATIONAL TRANSFERS

Where data is transferred outside the EEA (e.g., to OpenAI US), SalesTouch relies on Standard Contractual Clauses (SCCs) and supplementary technical measures (encryption in transit and at rest, strict access controls).

9. SECURITY MEASURES

  • TLS 1.3 encryption in transit; AES-256 at rest
  • Principle of least privilege & role-based access
  • Regular penetration tests & automated security scans
  • 24/7 monitoring, rate limiting, WAF on Vercel edge network
  • Daily encrypted backups stored in EU region

10. COOKIES & TRACKING TECHNOLOGIES

SalesTouch uses only:

  • Essential cookies (session, CSRF, authentication) – cannot be disabled;
  • Analytics cookies from Plausible – first-party, cookieless by default;
  • No third-party advertising cookies. A detailed cookie banner is displayed on first visit.

11. YOUR RIGHTS

Under Articles 12-22 GDPR you have the right to:

  1. Access your personal data;
  2. Rectify inaccurate or incomplete data;
  3. Erase data (“right to be forgotten”);
  4. Restrict processing;
  5. Object to processing, including direct marketing;
  6. Portability of data you provided;
  7. Withdraw consent at any time;
  8. File a complaint with the CNIL (www.cnil.fr) or your local supervisory authority.

12. EXERCISING YOUR RIGHTS

Send your request to antoine@salestouch.io or by mail to the address above. We may ask for proof of identity and will respond within one (1) month, extendable by two months for complex requests.

13. CHILDREN

The Service is designed for business professionals and is not intended for minors under 18. We do not knowingly collect personal data from children.

14. CHANGES TO THIS POLICY

We may update this Policy to reflect legal, technical or business changes. We will notify Users via email and in-app at least 15 days before the change becomes effective. Continued use of the Service after that date constitutes acceptance.

15. CONTACT

Questions about this Policy? Email antoine@salestouch.io.

PrivacyTermsapp icon