Privacy Policy
Last updated: April 10, 2026.
English translation for convenience. In case of discrepancy, the French version is intended to prevail.
This page explains which data is used, why, and with whom it may be shared when an order is placed via the configurator (then payment), and when the service is delivered (account creation, domain purchase, etc.).
Info: this policy may evolve (tools, retention, recipients). The applicable version is the one published on this page.
1) Data controller
The data controller is: E-Com Shop (represented by Tony Caron, President).
- Address: 60 rue François 1er, 75008 Paris, France
- Email: contact.ecomshopfrance@gmail.com
2) Data processed (what we may use)
The configurator includes an order form. The information is entered in your browser. When starting the payment, a Netlify function creates a payment session and sends to Stripe the information needed for payment (e.g., email, amount) as well as an order snapshot (options, totals and provided information) via Stripe metadata, to allow order processing and follow-up. After payment confirmation, the “Thank you” page also sends the order details to E-Com Shop via a Netlify form (form “commande”) to start onboarding and setup steps. The Contact page can also send a special request via a Netlify form (form “demande-speciale”).
| Data | Examples | Why | Possible recipients | Retention (indicative) |
|---|---|---|---|---|
| Identity | First name, last name | Process an order, create/configure accounts | E-Com Shop, Netlify (form “commande”), Stripe (payment + order metadata), providers (if accounts are created) | Leads: 12–24 months · Clients: contract duration + archiving |
| Contact details | Email, phone (if required) | Onboarding, recovery/2FA | E-Com Shop, Netlify (form “commande”), Stripe (email + order metadata), providers (Google, OVH, etc.) | Same |
| Special request / contact | Name, email, topic, message, project info (optional) | Reply to a pre-order request, custom scope, special case | E-Com Shop, Netlify (form “demande-speciale”) | Leads: 12–24 months after last contact |
| Address | Postal address | Account creation, domain registration | E-Com Shop, Netlify (form “commande”), Stripe (order metadata), OVH (domain), providers requiring an address | Per provider obligations + archiving |
| Date & place of birth | Date/city/country | If required by a provider (KYC/anti-fraud) | E-Com Shop, Netlify (form “commande”), Stripe (order metadata), third-party providers (as needed) | Use/transmission: only if necessary |
| Company (if applicable) | Company name, SIRET | Business accounts, domain registration, invoicing (if applicable) | E-Com Shop, Netlify (form “commande”), Stripe (order metadata), OVH and/or relevant providers | Contract duration + legal obligations (if invoicing) |
| KYC / documents | ID, proof of address (rare) | Verification/validation by a provider | Relevant provider (direct input/upload) | Preference: not collected by E-Com Shop |
| Payment data | Card details | Payment | Stripe (payment) — E-Com Shop does not receive card data | According to Stripe policy |
| Project information | Niche, options, totals, estimated timeline | Process the order, scope the delivery, prepare onboarding | E-Com Shop, Netlify (functions + form “commande”), Stripe (order metadata) | Leads: 12–24 months |
| Technical data | IP/logs (depending on hosting) | Security, anti-spam, diagnostics | Netlify / hosting provider | According to hosting policies |
Important: E-Com Shop may perform these steps on your behalf when you have authorized it. Some providers may require direct validation (e.g., KYC, documents, SMS code). Passwords should not be sent by email: we prefer invites, password reset, and/or a secure vault.
Card data: E-Com Shop does not request or store payment information. The domain name is purchased/registered in the client’s name (registrant) and included in the pack. For any optional paid tool, direct payment with the provider or re-invoicing may be offered by agreement.
3) Purposes (why we process this data)
- Process your order and contact you if needed
- Deliver the service (site, tracking, monetization, content)
- Create/configure accounts if you authorized it
- Buy/register a domain if you authorized it
- Secure the service (anti-spam, technical logs) and prevent fraud
4) Legal basis (GDPR)
- Pre-contractual measures: processing an order / special request
- Contract performance: delivering the service
- Legal obligations: accounting/archiving if invoicing
- Legitimate interest: security, anti-abuse/spam
5) Recipients (who may access the data)
Data may be accessible to providers necessary to deliver the service, including:
- Netlify: hosting, serverless functions (payment) and forms (order receipt)
- Stripe: online payment (Checkout)
- Google: Search Console / Analytics (if used)
- OVH: domain registration (if chosen)
- GitHub, Bing: depending on configuration
- Affiliate networks/programs: depending on client choice
6) Transfers outside the EU
Some providers (e.g., Netlify, Stripe, Google, GitHub) may process data outside the EU. In that case, transfers are framed by the provider’s mechanisms (standard contractual clauses, adequacy decisions, etc.).
7) Hosting / processing
The configurator runs in the browser. When starting the payment, a Netlify function creates a payment session and sends to Stripe the required information (e.g., email, amount) as well as an order snapshot via Stripe metadata (for follow-up). After payment confirmation, the “Thank you” page sends the order details to E-Com Shop via a Netlify form (form “commande”). Other data may be processed by the providers used for delivery (Google/OVH/affiliate networks, etc.).
8) Retention
Retention depends on your relationship (lead vs client) and legal obligations. Indicative examples:
- Leads: 12–24 months after the last contact
- Clients: contract duration + archiving (e.g., accounting obligations)
- Technical data: according to hosting provider policy
9) Security
- “Least privilege” access (roles/permissions)
- 2FA when available
- Access management via appropriate tools (vault) rather than email
- Data minimization: we ask only what is necessary
10) Your rights
You can request access, rectification or deletion of your data: contact.ecomshopfrance@gmail.com. If you are in the EU, you may also lodge a complaint with the competent supervisory authority (e.g., CNIL in France).
11) Cookies
This website does not intentionally set marketing cookies. Some third-party services (hosting, analytics if enabled) may place trackers depending on their configuration.