Alosea
🔐 DATA PROTECTION

Privacy Policy

Your data belongs to you. Here's exactly what we do with it.

1. Preamble

At Alosea, we attach particular importance to the protection of your personal data. The purpose of this privacy policy is to inform you transparently about:

  • the data we collect;
  • the purposes of their processing;
  • the recipients of this data;
  • their retention period;
  • the rights you have.

This policy complies with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) as well as the French "Informatique et Libertés" law No. 78-17 of January 6, 1978, as amended.

2. Data controller

The data controller for data collected on the alosea.com website is:

Nadia FERRAHI

Sole trader (auto-entrepreneur)

173 rue de Courcelles, 75017 Paris, France

Email : contact@alosea.com

3. Data collected

Depending on your use of the site, we collect the following categories of data:

📧 Identification data

Email address (mandatory for eSIM delivery and transactional communication).

💳 Payment data

No bank data is stored by Alosea. Payments are processed by our provider Stripe Inc., certified PCI-DSS level 1.

🛒 Order data

Order history (purchased plan, destination country, purchase date, amount, activation status).

💬 Communication data

Exchanges by email, WhatsApp or contact form when you contact us for a question or support.

🌐 Technical data

IP address, browser type, language, approximate country, pages visited (only with your consent via analytics cookies).

4. Purposes and legal bases

We process your data for the following purposes, each based on a specific legal basis within the meaning of article 6 of the GDPR:

PurposeLegal basis
Order processing and deliveryPerformance of contract (art. 6.1.b)
Invoicing and accounting obligationsLegal obligation (art. 6.1.c)
Customer support (questions, complaints)Performance of contract (art. 6.1.b)
Sending newsletters and commercial offersConsent (art. 6.1.a)
Website traffic statisticsConsent (analytics cookies) (art. 6.1.a)
Fraud prevention and securityLegitimate interest (art. 6.1.f)

5. Data recipients

Your data is never sold to third parties. It may only be transmitted to the following recipients, within the strict framework of service execution:

  • Stripe Inc. (United States): secure payment processing.
  • Vercel Inc. (United States): website and database hosting.
  • Resend (United States): sending of transactional emails (confirmation, delivery, etc.).
  • Partner eSIM wholesaler: technical transmission necessary for plan provision (order ID only, no directly identifiable personal data).
  • French tax and judicial administrations: on legal request only.
  • MEDICYS (consumer mediator): only in case of mediation proceedings.

6. Transfers outside the European Union

Some of our providers (Stripe, Vercel, Resend) are based in the United States. In this case, the transfer of your data outside the European Union is governed by the following guarantees:

These measures guarantee a level of protection equivalent to that required by the GDPR.

  • Standard contractual clauses adopted by the European Commission (decision 2021/914).
  • Adherence of our providers to the EU-US Data Privacy Framework (when applicable).
  • Additional technical measures (TLS encryption, pseudonymization).

7. Retention period

Your data is only kept for the time necessary for the purpose of the processing:

Data typeRetention period
Invoicing data (orders, invoices)10 years (legal accounting obligation)
Customer account data3 years from last activity
Marketing data (newsletter)3 years from last contact, or until consent is withdrawn
Cookies (consent and analytics)13 months maximum
Technical security logs12 months

8. Your rights

In accordance with the GDPR, you have the following rights regarding your personal data:

👁️ Right of access

Obtain a copy of all the data we hold about you.

✏️ Right of rectification

Correct inaccurate or incomplete data.

🗑️ Right to erasure

Request the deletion of your data (except for legal retention obligation).

⏸️ Right to restriction

Temporarily suspend the processing of your data.

📦 Right to portability

Retrieve your data in a structured and readable format.

🚫 Right to object

Object to processing for legitimate reason or commercial prospecting.

⚱️ Post-mortem directives

Define the fate of your data after your death (article 85 of the French Informatique et Libertés law).

To exercise one of these rights, write to us at contact@alosea.com with proof of identity. We will respond within a maximum of one month, in accordance with article 12 of the GDPR.

9. Complaint to the CNIL

If you believe your rights are not being respected, you can file a complaint with the French National Commission for Information Technology and Civil Liberties (CNIL):

CNIL

3 Place de Fontenoy, TSA 80715

75334 Paris Cedex 07

Website : www.cnil.fr

10. Data security

We implement strict technical and organizational measures to protect your data:

  • TLS / HTTPS encryption across the entire site.
  • Secure payment via Stripe (PCI-DSS level 1).
  • Passwords hashed with bcrypt (never stored in plain text).
  • Regular security updates of dependencies.
  • Access to data restricted to the sole data controller.

11. Cookies

The use of cookies on the site is detailed in our Cookie Policy.

12. Modifications to the policy

We reserve the right to modify this privacy policy at any time, in particular to reflect changes in the law or our practices. Any substantial modification will be notified to you by email if you have a customer account.

Last update : May 13, 2026

💬