Privacy Policy

Effective date: February 25, 2026

Data Controller & Privacy Framework

Data Controller: AdminLanding SASU — RCS Annecy 101 595 734 — 431 Route des Chateaux, 74250 La Tour, France

Legal Bases:

Art. 6(1)(b) GDPR — Performance of contract (account management, service delivery, billing)
Art. 6(1)(c) GDPR — Legal obligation (tax records, invoice retention)
Art. 6(1)(a) GDPR — Consent (marketing communications, analytics cookies)
Art. 6(1)(f) GDPR — Legitimate interest (security, fraud prevention, service improvement)

Privacy Contact: privacy@adminlanding.com

President: Julien Maurice

Sensitive Identifiers — Processed Locally

We apply a privacy-by-design approach to regulated personal identifiers such as your social security number (NIR), Swiss social insurance number (AVS/AHV), bank IBAN/BIC, tax identification number, passport number, and residence permit number. The architecture varies by document type, and we describe each case honestly below.

Most document types — client-side only.

For cross-border health insurance forms (CERFA 14445) and French health insurance CERFA forms, your NIR and AVS numbers are entered on your device and written into the final PDF's form fields entirely in your browser, using local JavaScript. Our servers fill every non-sensitive field but leave the NIR/AVS slots empty — your device fills them before you see the download. These values are never transmitted to our servers, never stored in our databases, never recorded in our logs.

For French CERFA health insurance forms specifically, the NIR and CAF number fields arrive on the PDF as empty, editable form fields. You type them directly into the PDF using Adobe Acrobat, Preview, or any PDF reader after download. Our servers never see the values.

Administrative letters (Courrier) — not collected.

For the bank-related letter templates (account closure, fee contest, transaction dispute, certificate request), bank account numbers and IBAN values for transfer are not collected by our server. If you type them into the form, the value is stripped before the letter is sent for rendering. The downloaded letter shows a blank where your number would go — you fill it in by hand on the printed copy.

Rental deposit-return letter — interim state.

One document type retains a server-side transit path as of April 2026: the rental deposit-return request letter, which embeds your refund IBAN and BIC. In this flow, the values reach our Cloud Function in memory during PDF generation, are embedded into the rendered letter, and are discarded when the function returns. They are NOT written to Firestore, NOT written to Storage under your account metadata, and NOT logged. The PDF itself is stored with a 24-hour automatic deletion TTL. We are migrating this flow to the same client-side pattern as the other documents in a future release.

What we never persist, regardless of flow.

Your NIR, AVS/AHV, CAF number, tax identification number, passport number, and residence permit number are not stored in your user profile, not included in your account export, and not written to any AdminLanding database. Our user profile form does not contain input fields for these identifiers, and the data export feature (Article 20 RGPD right to portability) defensively strips them from any legacy data.

What Data We Collect

Account Information (Required)

Email address (for authentication and communication)
Display name (for personalization)
Password (encrypted, never stored in plain text)
Account creation and last login timestamps

Profile Data (Optional)

Personal information for form autofill (name, address, phone, etc.)
Additional user profiles (Pro plan)
Document preferences and saved templates

Usage & Technical Data

Device information (browser, OS, screen resolution)
IP address and geolocation (country level only)
Usage analytics (pages visited, features used, session duration)
Error logs and performance metrics

How We Use Your Data

Service Operations

User authentication and account management
Form autofill and document generation
Documents are generated server-side using a headless browser technology. No personal data is transmitted to third parties during document generation.
Electronic signatures: when you use the e-signature feature, signer names and email addresses are transmitted to our EU-certified signature provider (Universign) to facilitate eIDAS-compliant signing. PDF documents are transmitted for cryptographic sealing.
AI assistant responses and guidance
Customer support and troubleshooting

Service Improvement

Analytics and usage patterns (anonymized)
Feature development and optimization
Security monitoring and fraud prevention
Performance monitoring and error tracking

AI Data Processing & Privacy

Privacy-First AI Processing

All personal data is redacted before AI processing
AI provider (Mistral AI, EU-based) processes only anonymized context
No personal information is stored by AI provider
AI responses are generated without accessing your profile data
EU-based data processing - no data transfer outside Europe

Certain features use artificial intelligence services to generate responses, explanations, and guidance for administrative procedures. No automated decisions are made without user intervention.

Data Retention & Storage

EU Data Storage

All data is stored exclusively within the European Union using Firebase (Google Cloud) EU regions. Built according to GDPR principles.

Retention Periods

Active accounts: Until account deletion
Inactive accounts: 3 years, then automatic deletion
Usage logs: 12 months maximum
Support tickets: 2 years after resolution
Billing and invoice records: 10 years (Art. L.123-22 French Commercial Code)

Data Portability

Export all your data in JSON format
Download generated documents and forms
Request data transfer to another service

Third-Party Processors & Data Sharing

Service Provider	Purpose	Data Location	Privacy Status
Firebase (Google)	Database, Authentication, Hosting	EU Only	EU-based
Cloudflare	CDN, Security, DNS	Global (EU edge nodes)	DPA signed
Stripe	Payment Processing	EU Only	EU-based
Brevo	Transactional Email	EU Only	EU-based
Mistral AI	AI Assistant (anonymized data only)	EU Only	EU-based
Universign (Signaturit)	Electronic Signatures (eIDAS EU-SES)	EU Only	EU-based, eIDAS TSP

All processors are bound by Data Processing Agreements (DPAs) ensuring privacy principles and data protection.

Your Privacy Rights

Right of Access (Art. 15)

Request a copy of all personal data we hold about you

Right to Rectification (Art. 16)

Correct inaccurate or incomplete personal data

Right to Erasure (Art. 17)

Request deletion of your personal data ('right to be forgotten')

Right to Portability (Art. 20)

Export your data in a machine-readable format

Right to Restriction (Art. 18)

Limit how we process your personal data

Right to Object (Art. 21)

Object to processing based on legitimate interests

How to Exercise Your Rights

Self-service: Use account settings for data export/deletion
Email request: Contact privacy@adminlanding.com with your request
Response time: Within 30 days (may be extended to 60 days for complex requests)
Complaint: Contact your national data protection authority if unsatisfied

Contact Information

Data Protection Officer

Email: privacy@adminlanding.com

Response time: 48 hours for urgent matters

General Privacy Inquiries

Email: privacy@adminlanding.com

Postal Address: AdminLanding SASU, 431 Route des Chateaux, 74250 La Tour, France

Supervisory Authority

If you're not satisfied with our response, you can lodge a complaint with the CNIL or your local data protection authority (Art. 77 GDPR):

CNIL — Commission Nationale de l'Informatique et des Libertés

3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07

Website: www.cnil.fr

Updates to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We will notify you of material changes by email and update the effective date above. Continued use of our service after changes constitutes acceptance of the updated policy.