Privacy Policy
Last updated: July 14, 2026
1. Data controller
Data controller: Timothée Miminoshvili, sole proprietor (trade name TEL-MI Labs) — SIREN 847 659 216
Address: 72 rue de Dantzig, Hall 14, 75015 Paris, France
Data protection contact: Timothée Miminoshvili — temurimi@gmail.com
General email: temurimi@gmail.com
2. Data collected
2.1 Identification data
- Username/nickname (required)
- Email address (required)
- Password (required, encrypted)
2.2 Content data
- Images and cards created by the user
- Preferences and settings of the application
- Action history and usage
2.3 Technical data
- IP address (anonymized for analytics)
- Browsing information (user-agent, language)
- Cookie consent data
- Connection and usage logs
2.4 Subscription data (if applicable)
- Billing information (via Stripe)
- Payment history
- Subscription status
3. Processing purposes
3.1 Main purposes
- Provide the picto-flow service (card creation, task management)
- Manage user accounts and authentication
- Ensure security and prevent abuse
- Improve the service through analytics (with consent)
3.2 Secondary purposes
- Customer support and technical assistance
- Communication related to the service (important notifications)
- Legal and regulatory compliance
4. Legal bases
4.1 Contract performance (Article 6.1.b GDPR)
- User account management
- Service provision
- Subscription management
4.2 Consent (Article 6.1.a GDPR)
- Analytics and marketing cookies
- Commercial communications (if applicable)
4.3 Legitimate interest (Article 6.1.f GDPR)
- Security and abuse prevention
- Service improvement
- Customer support
4.4 Legal obligation (Article 6.1.c GDPR)
- Retention of billing data
- Tax and accounting compliance
5. Retention period
5.1 Account data
- Active account: Retained as long as the account is active
- Inactive account: Deletion after 2 years of inactivity
- Deleted account: Permanent deletion within 30 days
5.2 Content data
- Images and cards: Retained as long as the account is active
- After deletion: Permanent deletion within 7 days
5.3 Technical data
- Connection logs: 12 months
- Consent data: 6 months (in accordance with CNIL recommendations)
- Cookies: According to cookie policy
5.4 Subscription data
- Invoices: 10 years (accounting obligation)
- Payment data: According to Stripe requirements
6. Data recipients
6.1 Internal recipients
- picto-flow technical team (limited and secure access)
- Customer support (access to data necessary for assistance)
6.2 Processors
- Supabase: Hosting, database, authentication
- Stripe: Payments and billing
- Google Analytics: Audience measurement (with consent)
6.3 Transfers outside the EU
- Google Analytics: Transfers to the United States (standard contractual clauses)
- Stripe: Transfers to the United States (standard contractual clauses)
7. User rights
In accordance with GDPR, you have the following rights:
7.1 Right of access (Article 15 GDPR)
- Know what data is collected
- Obtain a copy of your data
7.2 Right to rectification (Article 16 GDPR)
- Correct inaccurate data
- Complete incomplete data
7.3 Right to erasure (Article 17 GDPR)
- Request deletion of your data
- "Right to be forgotten"
7.4 Right to restriction (Article 18 GDPR)
- Limit the processing of your data
- Temporary suspension of processing
7.5 Right to data portability (Article 20 GDPR)
- Retrieve your data in a structured format
- Transfer your data to another service
7.6 Right to object (Article 21 GDPR)
- Refuse processing for certain purposes
- Object to direct marketing
7.7 Right to withdraw consent
- Withdraw your consent to cookies
- Change your preferences at any time
8. Exercise of your rights
8.1 Via the GDPR Portal
- Access and export: Use the "Download my data" button
- Rectification: Modify your information in your profile
- Deletion: Delete your account from your profile
8.2 By email
- Direct contact: temurimi@gmail.com
- Response time: Maximum 1 month (2 months if complex)
8.3 Complaint
- CNIL: www.cnil.fr
- Competent supervisory authority of your country of residence
9. Data security
9.1 Technical measures
- Encryption of data in transit (HTTPS/TLS)
- Encryption of passwords (bcrypt)
- Multi-factor authentication available
- Regular and secure backups
9.2 Organizational measures
- Limited access to personal data
- Ongoing data-protection awareness of the operator
- Regular security audits
10. Cookies and trackers
For more details, see our Cookie Policy.
11. Changes to this policy
This policy may be updated to reflect:
- Changes in our practices
- New legal requirements
- Addition of new services
Significant changes will be notified to you:
- Via the website
- By email (if you have an account)
- In the application
12. Contact
12.1 General questions
Email: temurimi@gmail.com
12.2 Data protection contact
Contact: Timothée Miminoshvili — temurimi@gmail.com
12.3 Exercise GDPR rights
GDPR Portal: GDPR Portal
Version history:
- 1.0 (December 2024) - First GDPR compliant version
- 1.1 (July 2026) - Real data controller, factual corrections
Last updated: July 14, 2026