Last updated: March 2025

1. Introduction

Transipal ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use our warehouse management services via our website, mobile applications (iOS and Android), or API. By using Transipal, you agree to the practices described in this policy.

2. Data Controller

The data controller responsible for your personal data is: Transipal, 16 rue Bellot, 75019 Paris, France. For any privacy-related requests, you may contact us at the email address provided in the Contact section below.

3. Data We Collect

We collect the following categories of data:

• Account data: email address, first name, last name, language preference, and password (stored in hashed form).
• Session and authentication data: cookies and session identifiers necessary for login and service delivery.
• Analytics data: we use Google Analytics 4 with IP anonymization enabled. User and company identifiers are hashed (SHA-256) before transmission. No personally identifiable information is sent to analytics.
• Business data: missions, tasks, packs, items, and exported files stored on our infrastructure (Heroku, AWS S3) as part of the service.

4. Purposes of Processing

We process your data to: provide and maintain our warehouse management services; manage your account and authentication; improve our services through aggregated analytics; store and process business data you create (missions, tasks, exports); and comply with legal obligations.

5. Legal Basis

For users in the EEA/UK: we rely on (i) performance of a contract for account and service data; (ii) legitimate interest for analytics (anonymized); and (iii) consent where required by law. You may withdraw consent or object to processing where applicable.

6. Third-Party Services

We use the following subprocessors:

• Google (Google Analytics 4): web analytics, with IP anonymization and hashed identifiers.
• Heroku (Salesforce): application hosting and database (PostgreSQL).
• AWS: file storage (S3) for exports and attachments.

7. Data Retention

We retain your personal data for as long as your account is active. After you request account deletion, we delete or anonymize your data within 90 days, except where we must retain it for legal obligations (e.g. invoicing records).

8. Your Rights

Depending on your location, you may have the right to:

• Access: obtain a copy of your personal data.
• Rectification: correct inaccurate data.
• Erasure: request deletion of your data.
• Portability: receive your data in a portable format.
• Objection: object to processing based on legitimate interest.
• Complaint: lodge a complaint with a supervisory authority (e.g. CNIL in France, ICO in the UK).

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of Transipal after changes constitutes acceptance of the updated policy.

10. Contact

For any privacy-related questions or to exercise your rights, please contact us at contact@transipal.com.