Exoflow
FREN
00Privacy

Privacy policy

Last updated: 3 June 2026

Preamble

This privacy policy describes how Exoflow collects, uses and protects your personal data when you visit the exoflow.fr website or use the contact form.

We are committed to respecting your privacy, in accordance with the General Data Protection Regulation (Regulation EU 2016/679, hereafter GDPR) and the amended French Act of 6 January 1978 on Information Technology, Data Files and Civil Liberties.

1. Data controller

The controller for the data collected on this website is:

EXOFLOW, represented by Victor Bouin (co-manager)
24 rue Turbil, 69003 Lyon, France
SIREN: 831 674 833
Email: contact@exoflow.fr

2. Data collected

Data submitted voluntarily — via the contact form:

  • First and last name
  • Work email address
  • Your company name
  • Topic of your enquiry (predefined category)
  • Content of your message

Anonymous browsing data — via Vercel Analytics, we collect aggregated and anonymised statistics on website traffic (page views, traffic sources, countries, device type). This data does not allow you to be personally identified: no cookies, no fingerprinting, no IP address stored in clear text. Unique visitors are identified via an anonymous server-side hash, valid for a short-lived session.

We collect no data for advertising or profiling purposes: no Google Analytics, no advertising pixel (Meta, LinkedIn, etc.), no tracking cookies.

3. Purpose of processing

Your data is used exclusively to:

  • Respond to your contact enquiry
  • Where applicable, initiate a commercial relationship with your organisation
  • Keep a record of past exchanges for the continuation of the relationship

Your data is not sold, not used for automated prospecting, and not shared with commercial partners.

4. Legal basis

The processing of your data is based on the following legal grounds (Article 6 of the GDPR):

  • Your consent: by filling in and submitting the contact form, you explicitly consent to the processing of your data for the stated purpose.
  • Our legitimate interest: keeping records of exchanges to ensure follow-up of the client relationship.

5. Retention period

Your data is retained:

  • For enquiries with no follow-up: 3 years from the last contact
  • For clients: for the entire duration of the commercial relationship, plus 5 years thereafter (accounting and tax obligations)

At the end of these periods, the data is permanently deleted or anonymised.

6. Recipients of the data

Your data is accessible only to authorised personnel within Exoflow.

We rely on technical providers (sub-processors within the meaning of the GDPR) to operate the website and process form submissions:

  • Formspree (Formspree Inc., United States) — processing of contact form submissions. Formspree's policy
  • Vercel (Vercel Inc., United States) — website hosting and anonymous audience measurement (Vercel Analytics, no cookies). Vercel's policy
  • Cloudflare (Cloudflare, Inc., United States) — DNS resolution. Cloudflare's policy
  • Google Workspace (Google Ireland Ltd., Ireland) — email service for @exoflow.fr. Google's policy

Each of these providers is bound by a Data Processing Agreement (DPA) compliant with the GDPR and uses your data only to provide the technical service.

7. Transfers of data outside the European Union

Some of our sub-processors (Formspree, Vercel, Cloudflare) are established in the United States. During these transfers, your data is protected by:

  • The Standard Contractual Clauses (SCCs) adopted by the European Commission
  • Where applicable, adherence to the EU-US Data Privacy Framework
  • Technical security measures (encryption in transit and at rest)

8. Your rights

In accordance with the GDPR, you have the following rights over your data:

  • Right of access: obtain a copy of your data and information about its processing
  • Right to rectification: correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten"): request the deletion of your data
  • Right to restriction of processing
  • Right to object to processing
  • Right to portability: receive your data in a structured, reusable format
  • Right to withdraw your consent at any time

To exercise these rights, email us at contact@exoflow.fr. We will respond within a maximum of one month, in accordance with Article 12 of the GDPR.

9. Cookies

The exoflow.fr website uses no tracking, analytics or advertising cookies.

Only cookies strictly necessary for the technical operation of the website (for example, storing your cookie choice if a banner is implemented) may be used. These cookies are exempt from prior consent in accordance with CNIL guidance.

Our technical providers (Vercel, Cloudflare) may set functional cookies to ensure the security, performance and availability of the website.

10. Security

We implement appropriate technical and organisational measures to ensure the security of your data:

  • HTTPS encryption across the entire website (TLS 1.3)
  • Access to data strictly limited to authorised personnel
  • Strong authentication on management tools
  • Use of GDPR-compliant providers

11. Changes to the policy

We may amend this privacy policy to reflect regulatory, technical or functional developments. The date of the last update is indicated at the top of this page. We encourage you to consult it regularly.

12. Complaint to the CNIL

If, after contacting us, you consider that your rights have not been respected, you may lodge a complaint with the French Data Protection Authority (CNIL):

CNIL — 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
Phone: +33 1 53 73 22 22
Website: www.cnil.fr

Contact

For any question regarding this policy or the processing of your personal data, you may reach us at contact@exoflow.fr.