Privacy Policy

SocietyPopUp is a development project (MVP) without commercial activity.

The controller of personal data collected on this site is the publication director.

GDPR Contact: contact@societypopup.com

Important note: This site is a technical demonstration. No payment data is collected. No real financial transactions are processed.

As part of this MVP, we only collect data necessary for the demonstration's functionality:

⚠️ No payment data is collected (no credit cards, no IBAN, no identity documents).

In accordance with GDPR Article 6, we process your data on the following legal bases:

• Service execution: account creation, booking simulations, user communication via messaging.
• Legitimate interest: platform improvement, feature testing, anonymized statistical analysis.
• Consent: use of non-essential analytics cookies, browsing preferences.

• Right of access: obtain a copy of your personal data.
• Right of rectification: correct your data from your personal space.
• Right to erasure: request deletion of your account and data.
• Right to object: object to direct marketing via unsubscribe link.
• Right to portability: receive your data in a structured format.
• Right to lodge a complaint: with the CNIL (www.cnil.fr) or your local data protection authority.

As an MVP project, we apply limited retention periods:

Account data: retained during active service use.

Activity data (searches, booking simulations): retained during the test project.

Messages between users: retained while the account is active.

Account deletion: your data is permanently deleted within 30 days maximum.

You can request immediate deletion of all your data at any time.

Your data is shared only with technical providers necessary for site operation:

Firebase (Google Cloud Platform): hosting, Firestore database, authentication, and file storage.

Location: Firebase is hosted in Europe (GDPR compliant).

No third-party commercial sharing: your data is never sold or shared for marketing purposes.

Competent authorities: only in case of legal obligation or judicial request.

Firebase (Google) is GDPR compliant and has appropriate certifications.

• Essential cookies: necessary for site operation (authentication, session).
• Analytics cookies: with your consent, to improve our services.
• Marketing cookies: with your consent, for personalized advertising.

You can manage your cookie preferences at any time from your browser settings or our cookie banner.

• SSL/TLS encryption of all communications between your browser and our servers.
• Restricted access to personal data, limited to authorized personnel.
• Regular and secure backups of our databases.
• Data breach notification procedure within 72 hours in compliance with GDPR.