Privacy Policy

This Privacy Policy describes how CODALUX SARL-S collects, uses, retains and protects the personal data of users of the website monavisfacile.com and the Mon Avis Facile mobile application.

It complies with the General Data Protection Regulation (GDPR), Luxembourg data protection law, and the requirements of the App Store and Google Play.

1. Data Controller

Personal data processing is carried out by:

CODALUX SARL-S
Share capital: €12,000, with registered office at:
51 rue Pierre Schuetz
L-4946 Bascharage
Luxembourg

Luxembourg Trade and Companies Register: B297712
Registration number: 20252437933
Intra-community VAT: LU36711175

Publication director: Matthieu POULIN
Contact: Contact form

2. Data Collected

2.1. Data Provided Directly by the User

When logging in or using the service, the following data may be collected:

  • First and last name
  • Company name
  • Postal address
  • Email address
  • Landline and/or mobile phone number

Login is passwordless.
The user authenticates solely via a one-time code (OTP) sent by email, securely managed by Supabase Auth.
No password is created, stored or processed by CODALUX.

2.2. Data Related to NFC Plates / QR Codes

When an NFC plate or QR Code is scanned, the following data may be recorded:

  • scan date,
  • scan time,
  • device type used (e.g., Android, iOS),
  • browser type used (e.g., Safari, Chrome, Firefox, etc.).

This data is completely anonymous and cannot in any way identify an end user. No personal identifier is collected during a scan.

2.3. Technical and Usage Data

  • IP address
  • Device type and operating system
  • Connection logs
  • Actions performed on the website or in the application (e.g., modification of review links)

2.4. Location Data

No geolocation data is collected.
The application does not access the user's GPS location.

2.5. Data Collected via the Mobile Application

  • Push notifications: yes
  • Camera access: yes (solely for scanning QR Codes)
  • Storage access: no
  • NFC access: no
  • Advertising tracking (ATT): no

3. Purposes of Data Collection

The data collected is used to:

  • enable the creation and management of the account,
  • configure and administer NFC plates / QR Codes,
  • ensure the operation, security and improvement of the service,
  • analyze usage of the service,
  • provide assistance and communication with the user.

Data is never used for targeted advertising.

4. Legal Basis for Processing

Data is processed in accordance with the following legal bases:

  • performance of a contract (use of the service),
  • consent (push notifications),
  • legitimate interest (service security, abuse prevention),
  • legal obligations (invoicing, security).

5. Subcontractors and Service Providers

The following service providers may process certain data on behalf of CODALUX:

Supabase (European Union)

  • Authentication
  • Database
  • Storage and logs

Stripe

  • Payment processing

No banking data is processed by CODALUX.

Google Analytics

  • Website audience measurement

Data is anonymized as much as possible.

Firebase

  • Push notifications
  • Technical features of the application

Sentry

  • Technical error tracking

Cloudflare

  • Protection against attacks
  • CDN and performance optimization

No other third party receives the data.

6. Data Sharing

Personal data is neither sold nor rented.
It is only shared with:

  • the subcontractors listed above,
  • competent authorities when required by law.

7. Data Retention

Data is retained as long as the user account is active.
In case of inactivity, data is retained until the user requests the deletion of their account.
The user may request the permanent deletion of their data at any time.

8. User Rights

In accordance with the GDPR, the user has the following rights:

  • right of access,
  • right of rectification,
  • right of objection,
  • right to erasure,
  • right to restriction of processing,
  • right to data portability.

To exercise these rights, the user may use the contact form.

9. Security

CODALUX implements technical and organizational measures to ensure data security:

  • encrypted communications (HTTPS),
  • secure storage via Supabase,
  • Cloudflare protection,
  • error tracking via Sentry,
  • secure generation and management of temporary OTP codes by Supabase Auth.

The user does not have a password associated with their account.
However, they must ensure the security of their email inbox, as it is used to receive the OTP code for login.

10. Transfers Outside the European Union

No transfer is voluntarily made outside the European Union.
Some services (e.g., Firebase, Google Analytics) may occasionally use servers located outside the EU.
In such cases, the legal safeguards provided by the GDPR (standard contractual clauses) are applied.

11. Children

The service is exclusively intended for adult professionals.
No data concerning minors is intentionally collected.

12. Changes to the Privacy Policy

CODALUX may modify this policy at any time.
The applicable version is the one published on the website or in the application.

13. Contact

For any questions regarding privacy or personal data: Contact form

Last updated: 03/12/2025