Privacy Policy
Last updated: May 25, 2026
1. Data Controller
Vitaly Skorokhodoff, entrepreneur individuel (EI)
Trade name : Softoryx — SIREN 104 533 914
14 rue de la Cour des Noues, 75020 Paris
Email : contact@auditcopy.com
2. Data Collected
2.1 Anonymous visitor
No personal data is collected. The text submitted for a quick audit (Readability and SEO scores) is processed in memory server-side and returned in the response. It is neither stored in a database, nor transmitted to a third-party service, nor recorded in any form. No cookies are set.
2.2 Registered user
| Data | When collected | Purpose | Legal basis |
|---|---|---|---|
| Email address | Registration | Authentication, communication | Contract performance |
| Display name | Account page (optional) | Personalization | Consent |
| Preferred language | Account page (optional) | Interface display | Consent |
| Submitted product listing content | Each full audit | Providing the service | Contract performance |
| Analysis results | Each full audit | User history | Contract performance |
| AI-rewritten text | Upon rewriting | Later consultation | Contract performance |
| Target keywords | Each audit | SEO scoring | Contract performance |
| Product category | Each audit | Contextual scoring | Contract performance |
| Subscription plan | Registration + payment | Access management | Contract performance |
| Stripe Customer ID | First payment | Link with Stripe for billing | Contract performance |
2.3 Data NOT collected
AuditCopy does not collect:
- Passwords (magic link authentication only)
- First or last name (display name is optional)
- Postal address
- Phone number
- IP address (the application does not log IPs — Vercel may retain them in its infrastructure logs)
- Browsing or behavioral data
- Banking details (managed exclusively by Stripe)
3. Sub-processors and Data Transfers
3.1 Supabase — Authentication and database
- Function : User authentication (magic link), storage of profiles and audits
- Data processed : Email, profile, audit content, results
- Location : Paris region, AWS eu-west-3 — European Union
- GDPR guarantees : DPA available, standard contractual clauses
- Privacy policy : https://supabase.com/privacy
3.2 Anthropic — AI analysis and rewriting
- Function : Calculating Persuasion and Conversion scores, automatic rewriting of product listings
- Data transmitted : The product listing text, category, language, target keywords. The user's identity (email, name) is never transmitted to Anthropic.
- Location : United States — outside European Union
- GDPR guarantees : DPA including SCCs Module 2. Anthropic contractually commits not to use data transmitted via the API to train its models.
- Privacy policy : https://www.anthropic.com/privacy
3.3 Stripe — Payment
- Function : Payment processing, subscription management, customer portal
- Data processed : Banking details, email (for Stripe receipts), billing history. AuditCopy stores no banking data — only the stripe_customer_id is retained in the database.
- Location : United States + Ireland (mixed processing) — partially outside EU
- GDPR guarantees : DPA with standard contractual clauses available
- Privacy policy : https://stripe.com/privacy
3.4 Vercel — Hosting
- Function : Application hosting (Next.js), CDN, serverless functions
- Data processed : Access logs (IP addresses in Vercel infrastructure logs), application code
- Location : Global network, potentially outside European Union
- GDPR guarantees : DPA available
- Privacy policy : https://vercel.com/legal/privacy-policy
4. Retention Periods
| Data category | Retention period | Mechanism |
|---|---|---|
| User account (email, profile) | Until account deletion | "Delete my account" button on the Account page |
| Audit content (texts, results, rewrites) | Until account deletion | Cascade deletion with account |
| Stripe Customer ID | Until account deletion | Deleted with profile |
| Payment data (Stripe side) | Per legal accounting obligations (10 years) | Managed by Stripe |
| Vercel logs (IPs, requests) | ~30 days | Managed by Vercel |
| Authentication sessions | Until logout or expiry | Managed by Supabase Auth |
| Anonymous audits (visitors) | Not stored | In-memory processing only |
Note: It is currently not possible to delete an individual audit without deleting the entire account. Account deletion results in the erasure of all associated audits.
5. User Rights
In accordance with Regulation (EU) 2016/679 (GDPR) and the French Data Protection Act, each user has the following rights over their personal data:
- Right of access: obtain a copy of personal data held
- Right of rectification: correct inaccurate or incomplete data
- Right to erasure: request deletion of data (via the "Delete my account" button or by email)
- Right to portability: receive data in a structured, machine-readable format
- Right to object: object to processing for reasons relating to the user's particular situation
- Right to restriction of processing: request temporary suspension of processing
To exercise these rights: contact@auditcopy.com
Softoryx commits to responding within one month of receiving the request.
6. Cookies and Trackers
AuditCopy uses a single technical cookie:
| Cookie | Type | Purpose | Duration | Consent |
|---|---|---|---|---|
| sb-* (Supabase Auth) | Technical / session | Maintain the user's login session | Session duration | Not required |
This cookie is strictly necessary for the authentication service to function. It is exempt from consent in accordance with the CNIL recommendations on cookies and trackers. No other cookies are used. AuditCopy does not set any advertising, tracking, audience analytics or third-party social network cookies.
7. Complaints
If you believe that the processing of your personal data does not comply with applicable regulations, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL):
Sources: Regulation (EU) 2016/679 (GDPR) — CNIL cookie recommendations — French Data Protection Act 1978