Privacy Policy

The data controller is EHMP SYSTEM, a French SAS, registered under SIRET 520 902 669 00024, with its registered office in Yerres (France). EHMP SYSTEM operates the ChangerApp platform and mobile application. For any data-related inquiry, please contact our Data Protection Officer at privacy@changerapp.fr.

We only collect data that is necessary to deliver the service:

• Identity and contact details: email address, name, company name, professional phone number.
• KYC documents: identification document, company registration certificate (KBIS), licensing evidence — required to verify professionals and comply with AML/CFT obligations (anti-money laundering and counter-terrorism financing).
• Usage data: login history, actions performed on the platform, orders viewed or published, messages exchanged — strictly limited to what is needed for operation and security.
• Technical data: IP address, device type, operating system, technical identifiers of the application, anonymised error logs.

The Android app only requests permissions that are strictly necessary for its operation:

• Push notifications: to alert you about a new order matching your criteria, an incoming message, or an action required on your account. You can disable them at any time in the settings.
• Internet access: required to communicate with our secured servers.
• Temporary storage: local caching to speed up rendering. No sensitive data is stored in plain text on the device.

No additional permission (camera, location, contacts, microphone) is requested without an explicit action on your part — for instance, camera access is only requested if you choose to photograph a KYC document.

Your data is processed in order to: (i) perform your subscription contract, (ii) verify your professional eligibility (KYC), (iii) handle billing and support, (iv) secure the platform and prevent fraud, (v) comply with our legal and regulatory obligations. The applicable legal bases are the performance of the contract, compliance with a legal obligation, and our legitimate interest in protecting the platform.

Data is hosted securely by Supabase via Amazon Web Services EMEA SARL (Dublin, Ireland). All communications are encrypted in HTTPS (TLS 1.2+). Databases are encrypted at rest. Access to data is strictly limited to authorised personnel and is logged.

Some technical processing is carried out by sub-processors located in the United States: Vercel (application hosting), Stripe (payments), Resend (transactional emails). These transfers are framed by the Data Privacy Framework (European Commission adequacy decision of 10 July 2023). No sensitive data (KBIS, identification documents, IBAN) leaves the European Union — it remains hosted on AWS Dublin.

Your data is kept for the time strictly necessary to perform the contract and to comply with our legal obligations. As a guideline: account data is kept for up to 3 years after the last login; KYC documents are kept for 5 years after the end of the business relationship (AML/CFT requirement); accounting data is kept for 10 years (tax requirement). Beyond these periods, your data is deleted or anonymised.

Pursuant to Articles 15 to 22 of the GDPR, you have the following rights at all times:

• Access — obtain a copy of your data.
• Rectification — correct inaccurate information.
• Erasure — request the deletion of your data, within the limits set by law.
• Restriction — temporarily restrict processing.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on our legitimate interest.

To exercise these rights, write to us at privacy@changerapp.fr. You will receive a reply within a maximum of one month. You may also lodge a complaint with the French data protection authority, the CNIL (www.cnil.fr).

ChangerApp is a service strictly reserved for professional adults (currency exchange offices, foreign-exchange companies, licensed institutions). We do not knowingly collect any data relating to minors. If you believe a minor has provided us with personal data, please contact us immediately at privacy@changerapp.fr — we will promptly delete it.

The site and the application only use cookies and technical identifiers that are strictly necessary for their operation (session, authentication, language preferences). No advertising or third-party measurement cookie is set without your explicit consent.

We may update this policy to reflect changes to the service or to applicable regulations. The update date is shown at the top of the page. Any substantial change will be notified to you by email or via the application before it takes effect.

For any question, request or complaint regarding your personal data, please contact our Data Protection Officer: privacy@changerapp.fr — EHMP SYSTEM, Yerres, France.