Last updated: Feb 2026

Privacy Policy

1. Purpose

This privacy policy explains how TesselUnits collects, uses, and protects personal data, in compliance with the General Data Protection Regulation (GDPR) and applicable French law.

2. Data Controller

The data controller is:

HS CONSEILS ET SERVICES IT
Single-member simplified joint-stock company (SASU)
Registered in France
Contact email: contact@tesselunits.art

*Note: The registered office address is not publicly disclosed but is available upon request.*

3. Personal Data Collected

The following personal data may be collected:

Email address: account creation
Billing information: first name, last name, postal address
Connection and usage data: IP address, technical logs
User-generated content: text-based content stored in the database

Uploaded files are not permanently stored.

No sensitive personal data is processed.

Billing-related data may be retained in accordance with applicable legal obligations, including after account deletion.

4. Purposes of Processing

Personal data is processed for the following purposes:

User account management
Access to service features
Payment, subscriptions, and credit management
Billing and legal compliance
Security, maintenance, and service improvement
Transactional communications

5. Legal Basis

Processing is based on:

Performance of a contract
Legal obligations
User consent where applicable
Legitimate interests of the data controller

6. Payments – Stripe

Payments are processed by Stripe, a PCI-DSS certified payment provider.

No payment card data is stored by the service.

Stripe acts as a data processor under GDPR.

7. Data Recipients and Processors

Personal data may be processed by the following service providers:

Hosting: OVH (France)
Database and authentication: Supabase (EU – eu-west-1 region)
Payments: Stripe (France / EU)

Personal data is never sold or shared for commercial purposes.

8. Data Transfers Outside the EU

Data is hosted within the European Union.

If transfers outside the EU occur in the future, appropriate safeguards will be implemented in accordance with GDPR.

9. Data Retention

Personal data is retained only for as long as necessary for the purposes pursued:

Account and user-generated data: retained for the duration of the account, then deleted or anonymized upon account closure.
Billing data: retained for the legally required period under French law.
Technical logs and security-related data: retained for a limited period for security, abuse prevention, and legal defense purposes.

10. User Rights

Users have the following rights under GDPR:

Right of access: view your data
Right to rectification: update inaccurate data
Right to erasure: request data deletion
Right to restriction: temporarily freeze processing
Right to object: object to processing for legitimate reasons
Right to data portability: retrieve your data in a structured format

Requests can be sent to: [contact@tesselunits.art](mailto:contact@tesselunits.art)

The right to erasure is not absolute and may be limited where data retention is required to comply with legal obligations or to defend the data controller’s legal rights.

11. Cookies

Only strictly necessary cookies are currently used.

Analytics or marketing tools may be added in the future and will require prior user consent in compliance with local guidelines.

12. Data Security

Appropriate technical and organizational measures are implemented, including:

Secure connections (HTTPS)
Controlled access mechanisms
Data isolation mechanisms

13. Data Breach

In the event of a personal data breach, the data controller will notify the competent authority and affected users when legally required.

14. Supervisory Authority

Users may lodge a complaint with the French Data Protection Authority (CNIL – www.cnil.fr).