Privacy Policy

Last updated: 28 April 2026. Your data is processed transparently and in compliance with the GDPR.

1. Data controller

The controller of personal data is EHMP SYSTEM (French SAS, SIRET 520 902 669 00024, registered office in Yerres, France), publisher of the ChangerApp platform. <strong>DPO contact:</strong> privacy@changerapp.fr.

2. Data collected

We collect the following data:

  • Identity and contact details: email address, name (or company name), profile information required for B2B activity.
  • KYC (Know Your Customer) documents: identification documents and supporting evidence requested for the verification of professionals and for compliance purposes (anti-money laundering and counter-terrorism financing). These documents are stored securely and used solely for the intended purposes.
  • Technical and usage data: authentication logs, history of actions performed on the platform (to the extent necessary for proper operation and security).

3. Purposes and legal basis

Data is processed for: providing the subscription service and the marketplace, KYC verification, billing, support, security and legal compliance. The legal bases are the performance of the contract, compliance with legal obligations and, where applicable, our legitimate interest (security, service improvement).

4. Hosting and security

Data is hosted securely with Supabase via Amazon Web Services EMEA SARL, Dublin, Ireland (infrastructure that complies with security and data-protection best practices). Access is restricted and communications are encrypted (HTTPS, database security).

5. Data transfers outside the European Union

Some of your data is hosted or processed by sub-processors located in the United States: Vercel (application hosting), Stripe (payments) and Resend (transactional emails). These transfers are framed by the Data Privacy Framework (DPF) — European Commission adequacy decision of 10 July 2023. No sensitive data (KBIS, IBAN) leaves the European Union: such data is hosted by Supabase on AWS Dublin (Ireland).

6. Retention period

Data is kept for the duration necessary to perform the contract and to comply with legal obligations (accounting, KYC, disputes). KYC documents and personal data are deleted or anonymised upon expiry of the applicable legal retention periods, unless further retention is justified.

7. Your rights (GDPR)

In accordance with the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access: obtain a copy of your data.
  • Right to rectification: have inaccurate data corrected.
  • Right to erasure: request the deletion of your data within the limits set by law.
  • Right to restriction of processing: request a restriction in certain cases.
  • Right to data portability: receive your data in a structured format.
  • Right to object: object to processing based on legitimate interest.

To exercise these rights or for any questions, contact our DPO at <strong>privacy@changerapp.fr</strong> (EHMP SYSTEM — Yerres, France). You may also lodge a complaint with the CNIL (the French data protection authority).

8. Cookies and trackers

The site uses cookies and trackers that are strictly necessary for its operation (session, authentication, preferences). Detailed information is available in the site's cookie management tools, where applicable.

For any privacy-related inquiries: privacy@changerapp.fr — EHMP SYSTEM — Yerres, France.