Privacy Policy
Last updated: May 2026
1. Data controller
The controller of the personal data collected through the IZZI DEVIS application is:
SIREN: 451 202 048 — Registered office: 191 chemin des Sources, 83170 Brignoles, France
Email: contact@izzidevis.com
For the end-customer data entered by the garage user, the publisher acts as a processor within the meaning of Article 28 of the GDPR, the garage remaining the data controller. The full identity is set out in the legal notice.
2. Data collected
As part of the use of the IZZI DEVIS application, we collect the following data:
- Account data: email address, garage name, SIRET, intra-community VAT number, postal address, logo.
- Operational data: diagnostics, quotes, invoices, credit notes, customer and vehicle information, price library.
- Browsing data: IP address, browser type (via Vercel server logs).
- Payment data: handled exclusively by Stripe — IZZI DEVIS does not store any banking data.
3. Purposes of processing
- Provision of the quote generation and management service.
- Sending transactional emails (quotes, reminders, purchase orders).
- Management of subscriptions and billing via Stripe.
- Improvement of the service and customer support.
- Compliance with legal and accounting obligations.
4. Legal basis for processing
The processing is based on the performance of the subscription contract (Article 6.1.b of the GDPR), compliance with legal obligations (Article 6.1.c) and, for marketing communications, your consent (Article 6.1.a).
5. Retention period
- Account and quote data: retained for the entire duration of the subscription, then deleted on request or 3 years after termination.
- Billing data: 10 years in accordance with French accounting obligations.
- Server logs: 12 months maximum.
6. Processors and transfers
Your data is hosted and processed by the following providers:
| Provider | Role | Location |
|---|---|---|
| Supabase (PostgreSQL) | Database | EU (Ireland) |
| Vercel | Application hosting | EU / United States (SCC) |
| Anthropic (Claude API) | AI processing (voice descriptions) | United States (SCC) |
| Resend | Email sending | United States (SCC) |
| Stripe | Payments | EU / United States (SCC) |
| Google (Analytics, Ads) | Audience measurement and advertising (marketing site, with consent) | EU / United States (SCC) |
| Meta (Pixel) | Advertising measurement (marketing site, with consent) | EU / United States (SCC) |
| LinkedIn (Insight Tag) | Advertising measurement (marketing site, with consent) | EU / United States (SCC) |
SCC = Standard Contractual Clauses of the European Commission.
7. Your rights (GDPR)
In accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act, you have the following rights:
- Right of access — obtain a copy of your personal data.
- Right of rectification — correct inaccurate data.
- Right of erasure — request the deletion of your data ("right to be forgotten").
- Right to portability — receive your data in a structured format.
- Right to object — object to certain processing.
- Right to restriction — request the temporary suspension of a processing operation.
In the event of an unsatisfactory response, you may lodge a complaint with the CNIL (French data protection authority).
8. Cookies
The application (app.izzidevis.com) uses only functional cookies necessary for authentication (Supabase session). The marketing site (www.izzidevis.com) uses, after obtaining your consent, audience measurement cookies (Google Analytics) and advertising cookies (Meta, Google Ads, LinkedIn). The details, durations and management of your choices are set out in the cookie policy.
9. Data security
Your data is encrypted in transit (TLS 1.3) and at rest. Access to the database is protected by Supabase Row Level Security (RLS) — each garage only accesses its own data. Passwords are hashed by Supabase Auth (bcrypt).
10. Changes to this policy
Any substantial change will be notified by email at least 30 days before it takes effect. The version in force is always accessible at /en/privacy-policy.
