← Retour

Privacy Policy

Dernière mise à jour : 28 février 2026

Data Controller

Sophie IA — contact@sophiepsy.com

Data Collected

• Account data: email address, first name (optional), hashed password (bcrypt)
• Health data: mood journals, session transcripts, questionnaires
• Payment data: managed exclusively by PayPal — we do not store any banking data
• Browsing data: anonymised server logs, Google Analytics (anonymised IP)

Legal Basis (GDPR)

• Performance of a contract (Art. 6.1.b) for account and payment data
• Explicit consent (Art. 6.1.a + Art. 9.2.a) for health data
• Legitimate interest (Art. 6.1.f) for security logs

Retention Period

• Account and health data: until account deletion + 30 days
• Logs: 90 days
• Billing data: 10 years (legal obligation)

Your Rights

In accordance with the GDPR, you have the rights of access, rectification, erasure, portability and objection. You may exercise these rights by contacting us at: contact@sophiepsy.com
You may also lodge a complaint with your local data protection authority.

Transfers Outside the EU

Data is processed by Anthropic (USA) via the Claude API, covered by the European Commission's standard contractual clauses. No identifying data is sent to the LLM — only the content of exchanges is transmitted in pseudonymised form.

Cookies

We use a session cookie (JWT, strictly necessary) and Google Analytics (analytics, subject to consent). No third-party advertising cookies.