Last updated: May 2026
This is a courtesy translation. In the event of any discrepancy, the French version shall prevail.
This Privacy Policy describes how Georges Cosson, sole proprietor (hereinafter "we", "our", or "the Publisher"), collects, uses, and protects the personal data of users of staireditor.com and the StairEditor web application (hereinafter "the Service").
We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) and applicable French data protection law.
The data controller is:
| Data | Required | Purpose |
|---|---|---|
| Email address | Yes (to create an account) | Authentication via magic link, service-related communications |
| Name | Non / No | Account personalization |
| Data | Purpose |
|---|---|
| Staircase projects (design parameters) | Saving and retrieving user projects |
| Session data (authentication token) | Maintaining login state |
| Purchase data (Stripe ID, product, status, expiration date) | Managing purchases and subscriptions |
| Data | Tool | Purpose |
|---|---|---|
| IP address, pages visited, device type, browser | Google Analytics | Statistical audience analysis |
Google Analytics data is anonymized and is not cross-referenced with other processing. Google Analytics data collection only occurs after the user's explicit consent via the cookie banner.
We do not collect:
| Processing | Legal basis |
|---|---|
| Authentication and account management | Performance of contract (Art. 6.1.b GDPR) |
| Purchase and subscription management | Performance of contract (Art. 6.1.b GDPR) |
| Project storage | Performance of contract (Art. 6.1.b GDPR) |
| Transactional emails | Legitimate interest (Art. 6.1.f GDPR) |
| Audience analysis (Google Analytics) | Consent (Art. 6.1.a GDPR) |
| Legal obligations (invoicing, etc.) | Legal obligation (Art. 6.1.c GDPR) |
| Data | Duration |
|---|---|
| User account and projects | Until account deletion by the user |
| Purchase data | 10 years after the transaction (French accounting obligation) |
| Google Analytics data | 14 months (Google Analytics default setting) |
| Session logs | 12 months |
| Subprocessor | Purpose | Data location | Safeguards |
|---|---|---|---|
| Vercel Inc. | Website and database hosting | European Union | Vercel DPA, Standard Contractual Clauses |
| Stripe Inc. | Payment processing | United States | PCI-DSS certified, Stripe DPA, Standard Contractual Clauses |
| Resend Inc. | Transactional emails (magic links) | United States | Resend DPA, Standard Contractual Clauses |
| Google LLC | Audience analysis (Google Analytics) | United States | Google DPA, Standard Contractual Clauses |
Data transfers outside the EU are governed by Standard Contractual Clauses (SCCs) in accordance with Article 46 of the GDPR.
Regarding payments: your credit card information is processed exclusively by Stripe. No banking data is stored on our servers.
Cookie usage is detailed in our Cookie Policy.
Under the GDPR, you have the following rights:
To exercise your rights, contact us at: contact@staireditor.com
We will respond within one month. This period may be extended by two months for complex requests, in which case you will be informed.
We implement appropriate technical and organizational measures to protect your personal data, including:
The Service is not intended for children under 16 years of age. We do not knowingly collect data from minors under 16. If you are a parent or guardian and are aware that your child has provided us with personal data, please contact us.
We may modify this policy at any time. The last updated date at the top of this page will be updated. In the event of a substantial change, we will inform users with an account by email.
If you believe that the processing of your personal data constitutes a violation of the GDPR, you have the right to lodge a complaint with the French Data Protection Authority (CNIL):
For any questions regarding this privacy policy or your personal data: contact@staireditor.com