Back to homepage

Privacy policy

Last updated :

This policy describes how guestalia.io collects and processes your personal data, in compliance with EU Regulation 2016/679 (GDPR) and the French Data Protection Act.

Data controller

The data controller for personal data collected via guestalia.io is the site publisher (see Legal notice).

Contact for any question regarding your data: contact@guestalia.io

Data collected

We collect only the data you voluntarily provide via our contact form:

  • Name (required)
  • Email address (required)
  • Message (optional)
  • Browser language (detected automatically: « en » or « fr »)
  • Visit source (utm_source parameter if present in the URL, optional)

We collect no other data automatically: no tracking cookies, no analytics, no advertising pixels.

Purposes of processing

Data collected via the contact form is used exclusively to:

  • Reach back to you in response to your request for information or waitlist access.
  • Notify you of access openings to the Guestalia product, in invitation waves.

We never use your data for third-party commercial purposes. We never sell, rent, or share your email with third parties.

Legal basis

Processing relies on your explicit consent (GDPR Article 6.1.a), given when you fill in the contact form, and on the publisher's legitimate interest (Article 6.1.f) to respond to your request.

Retention periods

Your data is retained:

  • As long as the commercial relationship is active (ongoing exchanges for product access).
  • At most 3 years after the last contact, in line with the French CNIL recommendations for B2B prospecting.

After this period, data is permanently deleted from our systems.

Location and transfers

Your data is stored on Railway Corp. infrastructure (United States), under the European Commission's Standard Contractual Clauses (SCCs), in compliance with GDPR Article 46.2.c.

Notification emails sent to the Guestalia team are routed via Resend Inc. (United States), also under SCCs. No other third party has access to your data.

Your rights

In accordance with GDPR, you have the following rights:

  • Access: obtain a copy of your data.
  • Rectification: correct inaccurate data.
  • Erasure: request the deletion of your data.
  • Objection: object to the processing of your data.
  • Portability: retrieve your data in a structured format.
  • Restriction: temporarily suspend processing.

To exercise these rights, write to us at contact@guestalia.io, specifying your request. We will reply within 30 days.

You may also lodge a complaint with the French Data Protection Authority (CNIL — cnil.fr) or your local supervisory authority.

Security

We implement technical and organisational measures to protect your data: systematic TLS encryption, restricted access within the team, regular dependency updates, encrypted backups.

Changes

This policy may be amended to reflect legal or technical developments. Any substantial change will be notified to affected persons by email.