Enveloppe
Create my page

Privacy Policy

Last updated: April 24, 2026

Enveloppe ("we", "Enveloppe") respects your privacy. This policy explains what data we collect, for what purposes, how long we keep it, and how you can exercise your rights under the General Data Protection Regulation (GDPR).

1. Data controller

The data controller is the publisher of Enveloppe, reachable at contact@enveloppe.eu.

2. Data processed

Professional account holder

  • Account identifiers (email, name, organization).
  • Page settings (title, logo, color, retention, recipients).
  • Technical logs: timestamp, truncated IP, User-Agent.
  • Billing data (paid plans): handled by Stripe.

Anonymous drop-side clients

  • Uploaded files and their metadata (name, size, MIME type).
  • Drop timestamp.
  • Truncated IP for security (abuse prevention).
  • No account identifier is requested or stored.

3. Purposes and legal bases

  • Service delivery (contract performance): receive, store, transmit dropped files.
  • Security (legitimate interest): fraud prevention, abuse detection.
  • Billing (legal obligation): invoice retention 10 years.
  • Product improvement (legitimate interest): anonymous aggregates only.

4. Retention

  • Uploaded files: auto-deleted at the end of the retention window set by the pro (7 to 30 days per plan).
  • Pro accounts: until user deletion + 30 days (full purge).
  • Technical logs: 90 days.
  • Invoices: 10 years (legal obligation).

5. Recipients and sub-processors

  • Hyperfluid / CaaStor (hosting, France/EU).
  • Stripe (payments, SCC framework).
  • The email recipients configured by the pro receive drop notifications. No data is sold to third parties.

6. International transfers

Application infrastructure and file storage are in the EU. Some sub-processors (e.g. Stripe) may process data outside the EU, covered by the European Commission's Standard Contractual Clauses.

7. Your rights

You have the rights of access, rectification, erasure, restriction, objection, and portability. To exercise them, email contact@enveloppe.eu. You may also lodge a complaint with the CNIL (cnil.fr).

8. Security

  • Encryption in transit (TLS 1.2+) and at rest.
  • Keycloak authentication (SSO supported).
  • Logical tenant isolation.
  • Access logs monitored; alerting on anomalous behavior.

9. Cookies and analytics

The site uses only strictly necessary cookies (session, language preference). No advertising trackers.

For analytics we use Plausible Analytics, an EU-based, cookie-less service that collects no personal data, does not track visitors across sites, and stores no persistent identifier. No IP address is retained, and no consent is required (CNIL guidance on cookies and other trackers).

10. Contact

Questions: contact@enveloppe.eu.