Privacy Policy
Last updated: June 2025 — GDPR compliant
1. Data controller
[NOM DE LA SOCIÉTÉ], [ADRESSE COMPLÈTE]
Contact DPO : contact@app-thelma.com
2. Data collected
We collect the following data:
- Identification data: name, first name, email address
- Financial data: portfolio, investment strategy, objectives
- Connection data: IP address, browser, timestamp
- Usage data: pages visited, features used
3. Purposes and legal bases
| Purpose | Legal basis |
|---|---|
| Account creation and management | Contract performance |
| Personalisation of AI analyses | Contract performance |
| Service improvement | Legitimate interest |
| Sending transactional emails | Contract performance |
| Sending marketing emails | Consent |
| Audience analytics | Legitimate interest |
| Legal compliance | Legal obligation |
4. Retention period
Your data is retained for the entire duration of your relationship with Thelma, then 3 years after the closure of your account to comply with our legal obligations.
5. Your rights
In accordance with the GDPR, you have the following rights:
- Right of access to your data
- Right of rectification
- Right to erasure (right to be forgotten)
- Right to data portability
- Right to object to processing
- Right to restriction of processing
To exercise your rights: contact@app-thelma.com
You may also lodge a complaint with your national data protection authority. www.cnil.fr
6. Security
Your data is encrypted (AES-256), stored on servers located in the European Union and is never sold to third parties. We apply best practices in information security.
7. Cookies
For more information on our use of cookies, please consult our cookie policy.