Privacy Policy

1) Who We Are (Data Controller)

ELITE-TECH (“Elite-Tech”, “we”, “us”) is the controller for the processing described in this policy. Company identifiers: SIREN 839 542 917 (RCS Créteil), VAT FR95839542917. For any privacy questions or to exercise your rights, contact us via the Contact page or at contact@kcmhub.io.

2) Data We Collect

• Technical & usage data: basic logs produced when you browse our website (e.g., IP address, browser, pages viewed, timestamps) for security and diagnostics.
• Contact form data: your name, professional email, and message content. We also record the date/time of submission and your consent choice.
• Configuration/diagnostic metadata (only if you choose to share it with us for support): high-level, non-content information that helps us troubleshoot.

3) Purposes & Legal Bases

• Operate and secure the website (legitimate interests).
• Respond to contact/support requests (legitimate interests or pre-contractual steps at your request).
• Comply with legal obligations (where applicable).
• Improve KCM via aggregated, non-identifying analytics (legitimate interests).

4) Processors (Sub-processors)

We use trusted service providers acting as processors under a data processing agreement. In particular:

• Tally – we use Tally to collect and manage contact form submissions on our behalf. According to Tally’s documentation, submissions are stored within the European Union. Tally acts as our data processor.
• Hosting & infrastructure – our web hosting and security providers process technical/operational data strictly to provide the service.
• Email delivery – if you request an email reply, your email provider and ours will necessarily process your email address and message.

5) Where We Store Data

We seek to store and process personal data within the EU/EEA whenever possible. Contact form submissions collected via Tally are stored in the EU. If an international transfer is required (for example, email routing), we rely on appropriate safeguards (see Section 8).

6) Retention

• Contact form submissions: retained for up to 12 months after last activity related to your request, then deleted or anonymized.
• Technical logs: retained for up to 12 months for security and diagnostics, unless a longer period is required by law or to investigate incidents.

7) Security

We apply organizational and technical measures designed to protect your data (access controls, encryption in transit, least-privilege practices). No method is 100% secure, but we continuously improve our posture.

8) International Transfers

We do not intend to transfer your contact form data outside the EU/EEA. If certain processing (e.g., email delivery paths or infrastructure failovers) results in a transfer, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) or an equivalent lawful mechanism.

9) Sharing

We do not sell personal data. We only share it with processors listed above or when required by law or to defend our legal rights.

10) Your Rights

Subject to applicable law, you may have the right to access, rectify, erase, object to or restrict processing, and port your data. You also have the right to define directives regarding your data after death where applicable. To exercise your rights, contact us via the Contact page or at contact@kcmhub.io. We may ask you to verify your identity.

11) Supervisory Authority

If you are located in the EU, you also have the right to lodge a complaint with your local supervisory authority. In France, this is the CNIL.

12) Third-Party Assets & Cookies

We do not use non-essential cookies for the contact form. If third-party assets are loaded from external providers (e.g., web fonts or CDNs), those providers will receive your IP address to deliver the asset. Where feasible, we self-host or minimize third-party calls.

13) Updates

We may amend this policy from time to time. The most recent version is always published on this page.

14) Payments (Stripe)

When you purchase KCM, we use Stripe to process your payment. We share with Stripe only the data required to perform the transaction, such as your name or company name, email, billing address, VAT number (if provided), country, IP address, amount and currency, and order/subscription references. We receive from Stripe payment status and limited payment instrument details (e.g., brand and last 4 digits), invoice identifiers and subscription identifiers. We do not receive or store full card numbers or CVC codes.

Roles & legal bases. Stripe acts as our processor for payment processing; for certain activities (e.g., fraud prevention, regulatory compliance), Stripe may act as an independent controller. Processing is based on contract necessity (to take payment and provide the service), legitimate interests (fraud prevention and service security), and legal obligation (accounting and tax compliance).

International transfers. Payments are handled by Stripe Payments Europe (Ireland). Data may be transferred to Stripe, Inc. (USA) with appropriate safeguards (e.g., Standard Contractual Clauses). See Stripe’s privacy notice for details.

Retention. We keep subscription metadata (Stripe customer, subscription, invoice IDs, lifecycle events like renewals and cancellations) for the life of the subscription and for a short operational period thereafter (up to 36 months). Accounting records (including invoices) are retained for the period required by law (which can be up to 10 years).

Stripe Cookies (Strictly Necessary)

Stripe may set strictly necessary cookies to enable secure payment processing and fraud prevention. These cookies are essential for the payment service and do not require consent. For details, see Stripe Privacy Policy.