Pimster Logo

Privacy Policy

Effective date: 10 July 2025

1. Controller

Krafter App, 9 rue Guynemer, 78150 Le Chesnay, France (“Krafter App”, “we”, “our”, “us”) is the data controller for the software-as-a-service platform Pimster (the “Service”).

2. Data we collect

2.1 Personal data you provide

  • Account data — name, business e-mail, company name, hashed password (legal basis: contract performance – GDPR 6 §1 b).
  • Billing data — VAT number, invoicing address, last 4 digits + tokenised card reference held by our PCI-DSS-certified payment processor; we never store full card numbers (legal basis: contract performance – GDPR 6 §1 b).

2.2 Data generated by your use

  • Usage metrics (features clicked, session length, tenant-ID) collected via first-party analytics (legal basis: legitimate interest – GDPR 6 §1 f to improve the Service; you can object at any time).
  • Log data (IP, browser, OS, request timestamps) kept for security/debugging (legal basis: legitimate interest – GDPR 6 §1 f).

2.3 Cookies & trackers

We use essential session cookies and optional analytics/marketing cookies. Full details and opt-out controls are available in our Cookie Policy. Optional cookies load only after consent (e-Privacy & CNIL guidelines).

3. How we use the data

  1. Deliver the Service & manage accounts.
  2. Improve features, UX and security (aggregated statistics, no profiling).
  3. Communicate operationally – e.g. security alerts, renewal reminders (contractual necessity).
  4. Marketing (newsletters, feature launches) only with prior opt-in consent; you may unsubscribe anytime.
  5. Legal compliance & fraud prevention.

4. Sharing

  • Service providers — hosting (AWS EU-FR), payments (GoCardless EU), error management (Sentry EU). All are bound by data-processing agreements.
  • Corporate events — merger/acquisition where data transfer is part of the assets, with advance notice.
  • Legal — when required to comply with court orders or law-enforcement requests.

We never sell or rent personal data.

5. International transfers

Primary storage is in France (AWS eu-west-3 - Paris). If support tickets or sub-processors require access from outside the European Economic Area, we rely on the European Commission’s SCCs or an adequacy decision, and apply supplementary encryption.

6. Retention

  • Account data – kept for the life of the subscription plus 5 years (French Commercial Code L123-22).
  • Logs – 12 months max (LCEN art.6-II).
  • Marketing opt-in data – until you withdraw consent.
  • Upon account deletion we delete live data within 30 days and backups within 90 days.

7. Security

Controls include TLS 1.3 in transit, AES-256-GCM at rest, least-privilege IAM, quarterly penetration tests, and 24/7 monitoring. No method of transmission is 100% secure, but we follow ISO/IEC 27001 practices.

8. Your rights

You may exercise access, rectification, erasure, restriction, objection, and data portability (GDPR Arts 15-20). We answer within one month.

Contact our DPO at dpo@pimster.app or by mail: Krafter App — DPO, 9 rue Guynemer, 78150 Le Chesnay, France.

9. Supervisory authority

You can lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL): 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, France – cnil.fr.

10. Changes

Material changes will be announced 30 days in advance via email and banner in-app. Archived versions remain available at https://admin.pimster.app/legal/pimster/privacy-policy.

11. Contact

General enquiries: contact@pimster.app

© 2025 Pimster SAS. All rights reserved.