Privacy policy

Content is available without an account. If you create one (optional), we collect only what is strictly needed to operate and secure it. No advertising trackers, no third-party analytics.

Data controller

Wariss Paraiso — contact: bonjour@neurosec.fr. See the legal notice.

Without an account

With an account (optional)

If you sign in (magic link or passkey), we process:

DataPurposeLegal basisRetention
E-mail addressIdentify the account, send the sign-in linkPerformance of the serviceUntil account deletion
Passkey public keysPasswordless sign-in (WebAuthn)Performance of the serviceUntil passkey/account deletion
Progress (scores, domains)Sync across your devicesPerformance of the serviceUntil account deletion
Sign-in timestampsAccount securityLegitimate interest (security)≤ 12 months
Last sign-in IP + countryDetect abnormal accessLegitimate interest (security)≤ 12 months (overwritten each sign-in)
Audit log (sign-in events)Security, traceabilityLegitimate interest≤ 12 months

No password is stored. Sign-in and session tokens are kept only as a hash. Any SMTP password is stored encrypted.

Cookies

Country geolocation

To show the last sign-in country, the IP address is sent to a third-party geolocation service (ipwho.is) at sign-in time. This feature can be disabled server-side.

Processors / recipients

Your rights (GDPR)

You have the rights of access, rectification, erasure, portability and objection:

Contact

bonjour@neurosec.fr