Privacy Policy

Article 1 - Data Controller

The data controller is:

Article 2 - Data We Collect

2.1 Account & identification data

• First and last name
• Professional email address
• Professional phone number (optional)
• Company name
• Job title / function

2.2 Usage data

• IP address
• Browser type and operating system
• Login date and time
• Pages visited
• Session duration

2.3 Data entered into the Service

To operate the HR calculators and tools, users may enter data relating to employees or professional situations:

• Payroll data (salaries, bonuses, seniority, etc.)
• Dates (hire, termination, events, etc.)
• Contractual information

2.4 Billing data

• Billing address
• Payment details (processed by our payment providers)
• Transaction history

Article 3 - Purposes of Processing

Purpose	Lawful basis	Retention period
Account creation & management Identification, authentication, personalisation	Contract performance (Art. 6.1.b GDPR)	Account duration + 3 years
Service delivery Calculations, document generation, support	Contract performance (Art. 6.1.b GDPR)	Session duration or 30 days max
Billing Invoice issuance, payment processing	Legal obligation (Art. 6.1.c GDPR)	10 years (accounting obligations)
Customer support Responding to requests, technical assistance	Contract performance (Art. 6.1.b GDPR)	Account duration + 3 years
Service improvement Usage statistics, performance analysis	Legitimate interest (Art. 6.1.f GDPR)	25 months max (anonymised data)
Commercial communications Newsletter, promotional offers	Consent (Art. 6.1.a GDPR)	Until withdrawal of consent + 3 years
Security Fraud prevention, audit logging	Legitimate interest (Art. 6.1.f GDPR)	12 months

Article 4 - Data Sharing

4.1 Internal access

Only authorised WeAreRH personnel have access to personal data, within the limits of their respective responsibilities.

4.2 Sub-processors

WeAreRH may use sub-processors to operate the Service:

Category	Provider	Location	Purpose
Hosting	OVH SAS	France / EU	Server and data hosting
Payment	Stripe / GoCardless	EU	Payment processing
Email	Brevo	EU	Transactional email delivery
Analytics	Umami (self-hosted)	France	Usage statistics (anonymised)
Authentication	Apple Inc. / Google LLC	USA (Standard Contractual Clauses)	Sign In with Apple / Google (optional)
AI	Netsyst (open-source models)	France	AI features hosted in France

We do not sell personal data to third parties. All sub-processors are bound by Data Processing Agreements (DPAs) ensuring GDPR-compliant protection.

4.3 Data location

All personal data is hosted in France or within the European Union. No transfer outside the EU takes place without appropriate safeguards. AI hosting is provided by Netsyst, a French operator.

Article 5 - International Transfers

Where transfers outside the EU are necessary (e.g., Sign In with Apple / Google authentication), appropriate safeguards apply — specifically Standard Contractual Clauses (SCCs) approved by the European Commission. No transfer takes place without adequate guarantees.

Article 6 - Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

Right	Description
Right of access (Art. 15)	Obtain confirmation that your data is processed and access a copy
Right to rectification (Art. 16)	Correct inaccurate data or complete incomplete data
Right to erasure (Art. 17)	Request deletion of your data in certain circumstances
Right to restriction (Art. 18)	Obtain restriction of processing in certain circumstances
Right to data portability (Art. 20)	Receive your data in a structured format and transfer it
Right to object (Art. 21)	Object to processing of your data on legitimate grounds
Right to withdraw consent	Withdraw consent at any time for consent-based processing

6.1 How to exercise your rights

• By email: contact@wearerh.com
• Via your account: "My personal data" section

We will respond within a maximum of 1 month from receipt of your request. This period may be extended by 2 months in cases of complexity or high volume. We may ask you to verify your identity before processing your request.

Article 7 - Cookies

We use cookies essential to the operation of the Service (authentication, security, user preferences). Analytics cookies require your consent. For full details, see our Cookie Policy.

Article 8 - Data Security

WeAreRH implements appropriate technical and organisational measures to protect your data:

8.1 Technical measures

• Encryption: TLS 1.3 in transit, AES-256 at rest
• Authentication: hashed passwords (bcrypt), two-factor authentication available
• Firewall and intrusion detection
• Regular backups and disaster recovery plan
• Regular security updates

8.2 Organisational measures

• Restricted access on a need-to-know basis
• Staff training on data protection
• Security incident management procedures
• Regular security audits

Article 9 - HR Data Entered into the Service

WeAreRH calculators are designed to collect only the data strictly necessary for the requested calculations. We encourage users to:

• Avoid entering employee personal identifiers when not necessary
• Use anonymous identifiers where possible
• Delete calculations after use

Data entered into calculators is not retained after the session (unless explicitly saved) and is automatically deleted after 30 days if saved. Users remain responsible for the lawfulness of any employee personal data they choose to enter into the Service.

Article 10 - Contact & Complaints

If you believe your personal data is being processed in violation of the GDPR, you have the right to lodge a complaint with the supervisory authority in your country of residence. In France:

EU residents may also contact their local Data Protection Authority (DPA).

Article 11 - Updates to This Policy

WeAreRH reserves the right to modify this Privacy Policy at any time. In case of material changes, users will be notified by email or via a notification in the Service. The date of last update is shown at the top of this document.