Privacy Policy
Last updated: January 2025
Summary: We collect only the data we need to run ESL Atelier. We never sell it. We never share it with third parties. We're transparent about what we collect and why.
1. Information we collect
Account Information
When you sign up, we collect:
- Name and email address
- Account password (encrypted)
- Subscription plan and billing information
- Country and timezone (optional)
Usage Information
We automatically collect:
- Resources you download and save
- Search queries and filters used
- Pages and features you access
- Device type, browser, and IP address
- Approximate location (country-level)
Payment Information
Payments are processed by Stripe. We never store full credit card data. We only keep:
- Last 4 digits of card
- Card brand and expiration month/year
- Billing address
2. How we use your data
- To provide the service: Process signups, manage subscriptions, send you resources, handle support requests
- To improve the service: Analyze which resources are most used, identify bugs, improve UX
- To communicate: Send you billing updates, new feature announcements, tips (you can unsubscribe anytime)
- To protect security: Detect fraud, prevent abuse, secure your account
3. Data retention
- Account data: Kept as long as your account is active
- Usage logs: Deleted after 90 days
- Backups: Kept for 30 days for disaster recovery
- Upon account deletion: All data deleted within 30 days, except legally required records (7 years for tax/billing)
4. Sharing your data
We only share data with:
- Stripe: Payment processor (PCI compliant)
- SendGrid or Mailchimp: Email delivery (only email address, no personal data)
- Cloudflare: CDN and DDoS protection
- Analytics: We use privacy-respecting analytics (no tracking pixels, no third-party cookies)
We never sell your data. We never share it with advertisers. Period.
5. GDPR & Your Rights
If you're in the EU, you have the right to:
- Access: See what data we have about you
- Correct: Fix any incorrect information
- Delete: Request deletion of your account and data
- Port: Get your data in a portable format
- Object: Opt out of marketing communications (one click in settings)
To exercise these rights, email hello@esl-atelier.com and we'll respond within 30 days.
6. Cookies & Tracking
- Essential cookies: Session authentication, CSRF protection (required for login)
- Preference cookies: Remember your theme choice and language
- No tracking cookies: We don't use Google Analytics, Facebook Pixel, or similar
- No third-party cookies: Ads don't follow you across the web
7. Security
- All data encrypted in transit (TLS 1.2+) and at rest (AES-256)
- Passwords hashed with bcrypt (salted)
- Regular security audits and penetration testing
- Servers hosted on secure infrastructure (AWS/Cloudflare)
- Two-factor authentication available for accounts
8. Changes to this policy
We'll email you if we make material changes. Minor updates are posted here with the "Last updated" date at the top.
9. Contact us
Questions about your privacy? Email us:
hello@esl-atelier.com
We respond within 48 hours (usually faster).
GDPR Data Protection Officer
If you have concerns we haven't addressed, you can file a complaint with your local data protection authority.