Privacy Policy

This Privacy Policy explains how Edensia Flow (the “CRM” or “we”) collects, uses, and protects your personal data. By using our services, you agree to the practices described below.

1. Data Controller

Edensia
12 rue des Devezes
34660 Cournonterral, France
Email: contact@edensia.fr

2. Personal Data We Collect

Depending on the features you use, we may process:

• Account information: first name, last name, email address, password (hashed).
• Professional information: company, job title, phone number.
• CRM records: opportunities, customers, invoices, quotes, expenses, documents.
• OAuth connections (e.g., Google): email, basic profile, and OAuth tokens (access/refresh) strictly required for the features you explicitly authorize (e.g., Gmail, Google Calendar, Google Contacts).
• Technical data: IP address, login logs, browser/user agent, timestamps.

3. Purposes of Processing

We use your data to:

• Provide and operate the CRM (manage deals, clients, billing, etc.).
• Enable integrations you choose to activate (e.g., Gmail, Calendar, Contacts).
• Ensure security, reliability, and provide user support.
• Comply with legal and contractual obligations.

4. Legal Bases

Processing is based on one or more of the following legal grounds:

• Your consent (e.g., connecting a Google account via OAuth).
• Performance of a contract (use of the CRM).
• Compliance with legal obligations (e.g., invoicing and accounting).
• Our legitimate interests (secure operation and service improvement).

5. Data Sharing

We never sell your data. We may share it only with:

• Technical processors (hosting, maintenance, monitoring) under contract and confidentiality.
• Third-party providers you explicitly connect (e.g., Google Workspace via OAuth).
• Public authorities when required by law.

6. Storage and Retention

We retain your data while your account remains active and for the legally required period thereafter (e.g., up to 10 years for invoices). Expired or revoked OAuth tokens are deleted.

7. Security

We implement technical and organizational measures to protect your data, including TLS encryption, hashed passwords (BCrypt), access controls, and logging/monitoring.

8. Your Rights

Under the GDPR, you have the right to:

• Access your personal data.
• Rectify or erase your data.
• Restrict or object to processing.
• Withdraw consent at any time (e.g., disconnect/revoke a Google account).
• Request data portability.

To exercise your rights, contact us at contact@edensia.fr.

9. Cookies

We use only essential session cookies required for the application to function. No third-party advertising cookies are used.

10. International Transfers

When you activate third-party integrations (e.g., Google), certain data may be transferred outside the EU/EEA. We ensure such transfers rely on appropriate safeguards, including the European Commission’s Standard Contractual Clauses where applicable.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The date of the latest update is indicated below.