Privacy Policy
Last updated: April 1, 2026
1. Introduction
This Privacy Policy explains how INTEK CENTER SASU ("the Company"), registered at 369Q Avenue de Verdun, 33700 Mérignac, France (RCS Bordeaux 844 849 174), collects, uses, stores, and protects personal data in connection with the PrintFix service at printfix.app ("the Service").
The Company acts as Data Controller within the meaning of Regulation (EU) 2016/679 ("GDPR") and French Law No. 78-17 of 6 January 1978 ("Loi Informatique et Libertés").
We apply GDPR standards globally to all users, regardless of their location, for consistency and transparency.
Data protection contact: [enable JavaScript].
While the Company is not legally required to appoint a Data Protection Officer (Article 37 GDPR — fewer than 250 employees, no large-scale processing of sensitive data), the above contact serves as the designated point of contact for all data protection matters and will handle all requests with the same diligence as a formal DPO.
2. Data Collected and Legal Basis
2.1. Account Data
| Data | Purpose | Legal Basis |
|---|---|---|
| Email address | Account creation, communication | Contract performance |
| Display name (optional) | Personalization | Contract performance |
| Authentication provider | Login method (email or Google) | Contract performance |
| Language preference | Interface localization | Contract performance |
2.2. Purchase Data
| Data | Purpose | Legal Basis |
|---|---|---|
| Purchase history (key type, date, amount) | Service delivery, invoicing | Contract performance |
| Payment information | Payment processing (handled by Stripe) | Contract performance |
| Invoices | Accounting, tax compliance | Legal obligation (Art. L123-22 Code de commerce) |
The Company does not store credit card numbers. All payment data is processed exclusively by Stripe in a PCI-DSS compliant environment.
2.3. Printer Data
| Data | Purpose | Legal Basis |
|---|---|---|
| Printer serial number | Bind Reset Key to printer | Contract performance |
| Printer model | Compatibility check, reset config | Contract performance |
| Waste ink level (before/after) | Diagnostic display, reset verification | Contract performance |
Local network IP addresses of printers are used only within the desktop agent for SNMP communication and are never transmitted to or stored on our servers.
2.4. Technical and Audit Data
| Data | Purpose | Legal Basis |
|---|---|---|
| Operating system, agent version | Support, compatibility diagnostics | Legitimate interest |
| Reset logs (success/failure, timestamps) | Audit trail, fraud prevention | Legitimate interest |
| Support ticket content | Customer support | Contract performance |
2.5. Analytics Data (consent required)
| Data | Purpose | Legal Basis |
|---|---|---|
| Page views, feature usage, conversions | Service improvement, ad measurement | Consent |
Analytics data is collected via Google Analytics 4 (GA4) only after explicit consent via the cookie consent banner.
3. How We Use Your Data
We use your data exclusively to:
- Provide, operate, and improve the Service.
- Process payments, generate invoices, and handle refunds.
- Communicate with you (purchase confirmations, reset confirmations, support replies).
- Detect and prevent fraud, abuse, and unauthorized access.
- Comply with legal obligations (accounting, tax, law enforcement requests).
- Analyze usage patterns with anonymized data (only with consent).
We never sell, rent, or trade your personal data.
Automated decision-making and profiling (Art. 22 GDPR): The Service does not engage in any automated decision-making or profiling that produces legal effects or similarly significantly affects you. No algorithmic scoring, behavioral profiling, or automated eligibility assessments are performed on your data.
4. Recipients and Sub-processors
Your data may be shared with the following service providers, strictly for the purposes described above:
| Provider | Purpose | Location | Safeguard |
|---|---|---|---|
| Google Cloud Platform | Hosting, database, authentication | EU (Belgium) | DPA, EU data residency |
| Stripe, Inc. | Payment processing | USA | PCI-DSS, EU-US DPF |
| Twilio SendGrid | Transactional emails | USA | EU-US DPF |
| Google Analytics (GA4) | Analytics (consent only) | USA | EU-US DPF, consent gated |
We only work with sub-processors that provide adequate safeguards under GDPR. Your data is never shared with advertisers, data brokers, or any other third party.
5. International Data Transfers
Primary data storage is within the European Union (Google Cloud, Belgium, europe-west1). Some sub-processors are based in the United States. These transfers are secured by:
- The EU-U.S. Data Privacy Framework (DPF) adequacy decision by the European Commission (July 10, 2023), to which our U.S. sub-processors adhere and are certified.
- Where DPF does not apply, Standard Contractual Clauses (SCCs) adopted by the European Commission (Decision 2021/914), supplemented by appropriate technical and organizational measures (encryption in transit and at rest, access controls, pseudonymization).
6. Data Retention
| Data Category | Retention Period | Basis |
|---|---|---|
| Account data | While account is active + 90 days after deletion | Contract + grace period |
| Reset logs | 12 months, then anonymized | Legitimate interest |
| Invoices | 10 years | Legal obligation (Art. L123-22 Code de commerce) |
| Support tickets | While account active, anonymized on deletion | Contract |
| Analytics data | 14 months (GA4 default), then auto-deleted | Consent |
| Rate limiting data | 24 hours (auto-expire) | Legitimate interest |
7. Your Rights
Under GDPR and French law, you have the following rights:
- Access (Art. 15 GDPR): Obtain a copy of all data we hold about you.
- Rectification (Art. 16): Correct inaccurate or incomplete data.
- Erasure (Art. 17): Request deletion (subject to legal retention obligations).
- Restriction (Art. 18): Request limitation of processing.
- Portability (Art. 20): Receive your data in a structured, machine-readable format.
- Objection (Art. 21): Object to processing based on legitimate interest.
- Withdraw consent (Art. 7): Withdraw analytics/marketing consent at any time via "Manage cookies" in the footer.
- Post-mortem directives (French law): Define directives regarding the fate of your data after death.
To exercise your rights: use the in-app support module or contact [enable JavaScript]. We will respond within 30 days (extendable to 60 days for complex requests, with notification).
You have the right to lodge a complaint with a supervisory authority. In France: Commission Nationale de l'Informatique et des Libertés (CNIL) — cnil.fr.
8. Data Security
We implement industry-standard technical and organizational measures:
- All communications encrypted via TLS 1.2+ (HTTPS enforced, .app HSTS preloaded).
- Passwords hashed (bcrypt) — we never store plain-text passwords.
- Database access controlled by strict security rules (principle of least privilege).
- SNMP keys (readKey/writeKey) never exposed client-side — transmitted only via encrypted server-to-agent channel after Reset Key validation.
- Webhook signatures verified cryptographically to prevent tampering.
- Rate limiting on all API endpoints to prevent brute-force and abuse.
- Regular security reviews and dependency updates.
In the event of a data breach likely to result in a risk to your rights and freedoms, we will notify the CNIL within 72 hours (Art. 33 GDPR) and inform affected users without undue delay (Art. 34 GDPR).
9. Cookies and Tracking
9.1. Strictly Necessary (no consent required)
- Authentication session — Maintains login state (localStorage).
- UI preferences — Theme (light/dark) and language (localStorage keys:
theme,printfix-locale). - Consent choice — Records your cookie consent decision.
9.2. Analytics (consent required)
- Google Analytics 4 — Cookies:
_ga,_ga_*. Duration: up to 14 months. Purpose: understand website usage patterns. Only activated after explicit consent.
9.3. Marketing (consent required)
- Google Ads — Cookies:
_gcl_*. Purpose: measure advertising campaign effectiveness. - Microsoft Advertising — Cookies:
_uetmsclkid,_uetvid. Purpose: conversion tracking.
9.4. Consent Management
We implement Google Consent Mode v2. All analytics and marketing trackers are blocked by default and only activated after your explicit, affirmative consent via the cookie banner. You can modify your choices at any time by clicking "Manage cookies" in the website footer.
10. Children's Privacy
The Service is not directed to children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16 without parental consent, we will delete it promptly. If you believe this has occurred, please contact us.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Changes will be posted on this page with an updated "Last updated" date. For material changes affecting your rights, we will notify registered users by email at least 15 days before the changes take effect.