Privacy Policy

Last updated: 13/06/2026

🇫🇷 Version française

1. Introduction

JudgeMyJPEG is committed to protecting your privacy and personal data. This policy explains how we collect, use and protect your information in accordance with the General Data Protection Regulation (GDPR).

By using our service, you consent to the practices described in this policy.

2. Data Controller

Controller: Cyril Paquier (CodeCraft Plus)

Address: 9 Allée de la Meilleraie, 85340 Les Sables-d'Olonne, France

Email: [email protected]

3. Data Collected

3.1 Identification data

  • First and last name (via Google OAuth or manual registration)
  • Email address
  • Profile picture (optional, via Google)
  • Unique account identifier

3.2 Usage data

  • Images uploaded for analysis
  • AI-generated analyses
  • Preferences (language, analysis mode)
  • Analysis history
  • Created collections
  • Usage statistics (number of analyses, frequency)

3.3 Technical data

  • IP address
  • Browser type and operating system
  • Pages visited and time spent
  • Approximate geolocation data (city)
  • Cookies and session identifiers

3.4 Payment data

  • Billing information (processed by Stripe)
  • Transaction history
  • Subscription status

⚠️ We never store your full banking details

4. Purposes of Processing

4.1 Service provision

  • AI analysis of your photographs
  • Generation of personalised reports
  • Saving your history
  • Creating collections

Legal basis: Contract performance

4.2 Account management

  • Account creation and authentication
  • Customer support
  • Important communications

Legal basis: Legitimate interest

4.3 Billing and payments

  • Subscription processing
  • Invoice issuance
  • Fraud prevention

Legal basis: Legal obligation and contract performance

4.4 Service improvement

  • Performance analysis
  • Bug detection
  • AI optimisation

Legal basis: Legitimate interest

5. Data Sharing

5.1 Technology partners

OpenAI (AI Analysis)

  • Your images are transmitted for AI analysis
  • Data deleted after processing
  • Location: OpenAI data centres (EU/US)
  • Protection: Encryption in transit and at rest

Cloudinary (Image Storage)

  • Secure storage of your images
  • Image optimisation and transformation
  • Location: European data centres
  • Duration: Automatic deletion after 90 days

Stripe (Payments)

  • Secure payment processing
  • Billing data only
  • PCI-DSS Level 1 compliant
  • We never store your banking details

5.2 Transfers outside the EU

Some of our partners (Google, Stripe) may process your data outside the EU. These transfers are governed by:

  • Standard contractual clauses of the European Commission
  • Adequacy decisions (where available)
  • Additional security measures

6. Retention Periods

Retention by data type

Uploaded images

  • • Free plan: 30 days
  • • Premium plan: 1 year
  • • Lifetime plan: Unlimited
  • • Manual deletion possible

Generated analyses

  • • Kept while the account exists
  • • Deleted with account
  • • Export possible before deletion

Account data

  • • During the period of use
  • • 3 years after last login
  • • Deletion on request

Billing data

  • • 10 years (legal obligation)
  • • Minimum data only
  • • Secure archiving

7. Your GDPR Rights

7.1 Right of access and rectification

  • View your personal data
  • Correct inaccurate information
  • Complete incomplete data
  • Deadline: Maximum 1 month

7.2 Right to erasure

  • Deletion of your data
  • Unless legally required to retain
  • Account deletion available
  • Action: Settings → Delete account

7.3 Right to portability

  • Export your data in JSON
  • Analyses and statistics included
  • Standard reusable format
  • Access: Dashboard → Export data

7.4 Right to object

🛡️ How to exercise your rights

Email: [email protected]
Subject: Exercise of my GDPR rights
Documents: Copy of ID (for verification)
Response: Within 1 month (2 months if complex)

8. Data Security

8.1 Technical measures

  • HTTPS/TLS encryption for all exchanges
  • Encryption of sensitive data at rest
  • Two-factor authentication available
  • Secure sessions with automatic timeout
  • Access monitoring and intrusion detection

8.2 Organisational measures

  • Strictly limited data access
  • Staff security training
  • Regular backup procedures
  • Incident response plan
  • Periodic security audits

🚨 In the event of a data breach

We undertake to notify you within 72 hours in the event of a personal data breach presenting a high risk to your rights and freedoms.

9. Cookies and Similar Technologies

For full details on our use of cookies, please see our Cookie Policy.

10. Minors' Data

⚠️ Age restrictions

  • • Service reserved for users aged 16 and over
  • • Age verification at registration
  • • Immediate deletion of detected minor accounts
  • • Parent contact: [email protected]

11. Changes to this Policy

We may update this privacy policy to reflect:

  • Changes to our service
  • Regulatory changes
  • Improvements to our practices

Notification: Significant changes will be notified to you by email 30 days before they take effect.

12. Contact and Complaints

📧 Contact us

⚖️ Complaints

If you are not satisfied with our response, you may contact the French data protection authority:

CNIL (Commission Nationale de l'Informatique et des Libertés)

3 Place de Fontenoy — 75334 Paris CEDEX 07

www.cnil.fr

Privacy Policy — Version 1.0
Last updated: 13/06/2026
Compliant with GDPR (EU Regulation 2016/679)