Privacy Policy (GDPR)

This Privacy Policy explains how spotli.st collects, uses, shares, and protects the personal data of its users, in accordance with the General Data Protection Regulation (GDPR) and French legislation.

The data controller is:

We collect several categories of data depending on site usage.

3.1. Data provided directly by the user

• First name / Last name
• Email address
• Password (encrypted)
• Profile photo (optional)
• Profile description (optional)

3.2. Purchase-related data

• Purchase history
• Purchased content
• Amounts paid
• Currencies used
• Associated Stripe identifiers (tokenized)

3.3. Creator-related data

• Stripe Connect Express information
• Revenue generated
• Published content
• View/sales statistics

3.4. Technical data

• IP address
• Browser used
• Device used
• Technical logs
• Cookies and trackers necessary for operation

3.5. Data from third parties

• Stripe (payments, transfers, compliance)
• Analytics services (Google Analytics, Plausible, etc.)
• Hosting services

We use your data for the following purposes:

4.1. Service operation

• Creating and managing user account
• Access to purchased content
• Publishing content for creators
• Payments and transfers (Stripe)
• Site security and fraud prevention

4.2. Service improvement

• Usage statistics
• Bug detection
• Performance analysis

4.3. Legal obligations

• Fraud prevention
• Tax obligations (Stripe, VAT, invoicing)
• Dispute management

4.4. Communication

• Purchase notifications
• Important emails (security, password change, etc.)
• Service-related communication

We never sell your personal data to third parties.

Data is processed according to the following legal bases:

• Contract execution: purchase, publication, payments.
• Consent: non-essential cookies, newsletter.
• Legitimate interest: service improvement, security.
• Legal obligation: tax, accounting, anti-fraud obligations.

Your data may be shared with:

6.1. Essential subcontractors

• Stripe (payments, transfers, identity verification)
• Hosting server (technical logs)
• Email services (notifications)

6.2. Legal authorities

In case of legal obligation or official request.

6.3. No commercial sharing

We do not share any data for advertising or commercial purposes.

• User account: as long as active
• Payment data: according to Stripe (spotli.st stores nothing)
• Technical logs: 12 months
• Tax data: 10 years (legal obligations)

Users can request deletion of their account (see Section 9).

We implement:

• password encryption;
• SSL/TLS protocols;
• creator/buyer data segmentation;
• Stripe protection;
• technical monitoring;
• restricted access policy.

However, no system is completely secure.

In accordance with GDPR, you have the following rights:

• Right of access
• Right of rectification
• Right to deletion (right to be forgotten)
• Right to object
• Right to limitation
• Right to portability
• Right to withdraw consent

To exercise your rights, contact: contact@spotli.st

10.1. Necessary cookies

• Login
• Security
• Cart
• Stripe cookies for payments

10.2. Optional cookies (with consent)

• Statistics (Google Analytics, Plausible...)

Stripe and certain providers may transfer data outside the EU. These transfers are governed by:

• Standard Contractual Clauses (SCC)
• Equivalent Privacy Shield certification when applicable
• Additional technical measures

The Company may modify this Policy at any time.

Users will be informed in case of major changes.

For any questions or requests regarding your data: