Nelyx — logoNelyx
Switch to French

Privacy Policy

Last updated: September 17, 2025

1) Data Controller

The Nelyx App is published by Triven Kadiata, Sole Proprietor, SIREN 889890141, registered address: 66 Avenue des Champs-Élysées, 75008 Paris. DPO contact: dpo@nelyx.fr.

2) Scope

This policy applies to processing performed via the Nelyx website/app and our APIs (authentication, HR management, support, billing).

3) Data we collect

  • Account: first name, last name, email, role(s), company.
  • Usage: technical logs (timestamps, User-Agent), application events (audit log), truncated IP addresses.
  • Payment: subscription/billing metadata via Stripe (we do not store card numbers).
  • Support: content of tickets / emails.
  • Security & anti-abuse: hashed identifiers (email) in a block list, strictly necessary technical signals (see §8).
  • Cookies: see our Cookies Policy.

4) Purposes & legal bases (GDPR art. 6)

  • Service provision: account creation/management, HR management — contract performance.
  • Billing & subscriptions: Stripe, receipts, accounting — contract performance and legal obligation.
  • Support: customer assistance — legitimate interest.
  • Security, fraud & abuse prevention:legitimate interest.
  • Audience measurement (if enabled):consent.
  • Legal obligations: tax/accounting compliance — legal obligation.

5) Recipients & processors

We rely on service providers for specific functions:

  • Hosting: Vercel (app/infra), [+ your DB provider if different].
  • Payments: Stripe (subscriptions, invoices).
  • Transactional email: Resend.
  • Cache / realtime / queues: Upstash/Redis.
  • OAuth: Google (if enabled).

The up-to-date list and our DPA are available here: /subprocessors & /dpa.

6) Transfers outside the EU

For certain providers located outside the EU (e.g., United States), we use appropriate safeguards (Standard Contractual Clauses “SCCs” and supplementary measures). You may request a copy: dpo@nelyx.fr.

7) Retention periods

  • Account: for the duration of the contractual relationship, then 24 months after closure (unless a legal obligation applies).
  • Billing: records/logs required for up to 10 years (accounting).
  • Support: 24 months after the last interaction.
  • Technical logs: up to 12 months (unless a security incident occurs).
  • Anti-abuse / bans: ban duration then deletion or reassessment, no later than 36 months after the last access attempt.
  • Cookies: see the Cookies Policy.

8) Security & abuse prevention

We apply reasonable measures: encryption in transit (HTTPS), backups, logging, role-based access control. To prevent circumvention of a definitive ban (serious ToS breach), we may retain hashed identifiers (e.g., email) and minimized technical signals (truncated IP, User-Agent) to block abusive re-signups. No marketing purpose.

9) Your rights (GDPR)

You have the rights of access, rectification, erasure, restriction, objection and portability. You can withdraw consent at any time for processing based on consent. To exercise your rights: dpo@nelyx.fr.

If you believe your rights are not respected, you may lodge a complaint with your supervisory authority (in France: CNIL — cnil.fr).

10) Cookies

The cookies we use and your consent choices are described in the Cookies Policy. Non-essential cookies are set only after your consent. You can change your preferences at any time:

11) Underage users

The service is intended for individuals aged 18 or older. We do not knowingly collect data relating to minors.

12) Changes to this policy

We may update this policy in case of legal, technical, or functional changes. In case of substantial change, a notice will be displayed on the website and/or sent by email.

13) Contact

Personal data / DPO: dpo@nelyx.fr • Support: support@nelyx.fr