Privacy Policy

Last updated: June 2025 — GDPR compliant

1. Data controller

[NOM DE LA SOCIÉTÉ], [ADRESSE COMPLÈTE]
Contact DPO : contact@app-thelma.com

2. Data collected

We collect the following data:

  • Identification data: name, first name, email address
  • Financial data: portfolio, investment strategy, objectives
  • Connection data: IP address, browser, timestamp
  • Usage data: pages visited, features used

3. Purposes and legal bases

PurposeLegal basis
Account creation and managementContract performance
Personalisation of AI analysesContract performance
Service improvementLegitimate interest
Sending transactional emailsContract performance
Sending marketing emailsConsent
Audience analyticsLegitimate interest
Legal complianceLegal obligation

4. Retention period

Your data is retained for the entire duration of your relationship with Thelma, then 3 years after the closure of your account to comply with our legal obligations.

5. Your rights

In accordance with the GDPR, you have the following rights:

  • Right of access to your data
  • Right of rectification
  • Right to erasure (right to be forgotten)
  • Right to data portability
  • Right to object to processing
  • Right to restriction of processing

To exercise your rights: contact@app-thelma.com

You may also lodge a complaint with your national data protection authority. www.cnil.fr

6. Security

Your data is encrypted (AES-256), stored on servers located in the European Union and is never sold to third parties. We apply best practices in information security.

7. Cookies

For more information on our use of cookies, please consult our cookie policy.