The data controller for personal data collected via zaineka.com is:
Thomas BERNARD
Entreprise individuelle
SIREN: 922 664 735
Email: contact@zaineka.com
The following data is collected when using ZAINEKA:
Identity data: first name, last name, email address, phone number, billing address.
Session data: content of exchanges with ZAINEKA, clarity scores, identified pressure type, daily intentions, session number.
Technical data: timezone, navigation data (via Vercel), IP address (used solely for rate limiting).
Processing is carried out on the following legal bases under the GDPR:
Performance of contract (Art. 6.1.b): processing of data necessary to provide the ZAINEKA service (sessions, profile, progression).
Consent (Art. 6.1.a): processing of session data by AI, marketing communications (separate opt-in, revocable at any time).
Legitimate interest (Art. 6.1.f): service security (rate limiting, abuse detection), product improvement based on aggregated and anonymised data.
ZAINEKA uses the following technical subprocessors, each subject to strict confidentiality and security obligations:
Anthropic, PBC (United States) — AI processing of sessions via the Claude API. Session data is never used to train AI models. Transfer governed by Standard Contractual Clauses (SCCs) of the European Commission.
Supabase Inc. (United States) — Secure storage of user data and sessions. Transfer governed by SCCs.
Vercel Inc. (United States) — Hosting of the site and application. Transfer governed by SCCs.
All three ZAINEKA subprocessors are based in the United States. These transfers outside the European Union are governed by Standard Contractual Clauses (SCCs) adopted by the European Commission under Article 46 of the GDPR, ensuring an adequate level of protection for your data.
Data is retained for the following periods:
Account and session data: for the duration of the subscription, then 30 days after cancellation (to allow possible reactivation).
Following an erasure request: permanent and irreversible deletion within 30 days of the request.
Billing data: 10 years, in accordance with legal accounting obligations.
Under the GDPR, you have the following rights:
Right of access: obtain a copy of your personal data.
Right to rectification: correct inaccurate data.
Right to erasure: delete all your data (right to be forgotten).
Right to data portability: receive your data in a structured format.
Right to object: object to certain processing activities.
Right to withdraw consent: revoke any consent given at any time.
To exercise these rights: contact@zaineka.com
Response time: maximum 30 days.
You also have the right to lodge a complaint with the CNIL (French Data Protection Authority): cnil.fr
ZAINEKA implements appropriate technical and organisational measures to protect your data against unauthorised access, loss or alteration: encryption of data in transit (HTTPS), access control via Row Level Security (Supabase), input validation and sanitisation, API rate limiting.
ZAINEKA uses only functional cookies necessary for the proper operation of the service (authentication, language preferences). No advertising or third-party tracking cookies are placed. You can manage your preferences via the cookie consent banner displayed on your first visit.
For any questions regarding this privacy policy: contact@zaineka.com
This policy may be updated. The date of the last update is indicated below. Any substantial change will be notified to users by email.
Last updated: March 2026