Amour&CroissantsCall us07 43 46 07 05
Back to home
Legal

Privacy Policy

Last updated: 18 May 2026

This policy explains how Amour & Croissants ("we", "us") collects, uses and protects the personal data of users of the mobile app and the website. We comply with the EU General Data Protection Regulation (GDPR) and French data protection law.

1. Data Controller

The data controller is: Amour et Croissants (SARL), SIREN 938 768 769, registered at the RCS of Avignon, with its registered office at 1295 avenue Dwight Eisenhower, 84200 Carpentras, France. Represented by its managers Chloé Petit and Antoine Ladouce. Contact: +33 7 43 46 07 05.

2. Data collected

We collect and process the following categories of data:

  • Identification: first name, last name, email, password (stored hashed — we never have access to your password in clear text).
  • Loyalty programme: your gourmand points balance, your in-store transaction history (date, amount, points earned, coupons used), your Gourmand tier.
  • QR code: a unique identifier generated for you, scanned by the cashier to credit your purchase.
  • Push notification token: an identifier provided by your operating system (Apple / Google) so we can send you daily promotions. Contains no personal data.
  • Technical diagnostics (Sentry): if the app crashes, technical information (OS version, app version, error message) is sent so we can fix the bug. We strip personal data from these reports.

3. Purposes and legal basis

Your data is used exclusively to:

  • Manage your account and the loyalty programme (legal basis: contract performance).
  • Calculate and credit your points on purchases (basis: contract performance).
  • Send you the daily promotions and Five Days Bread availability (basis: your consent, revocable at any time in the app or system settings).
  • Improve the technical reliability of the app (basis: legitimate interest).

We use no advertising or tracking tools (no Google Analytics, no Meta Pixel, no third-party cookies). We do not sell or share your data for commercial purposes.

4. Camera

The app requests camera access only to show your loyalty card (QR code) to the cashier, or for the cashier to scan a customer's card. No image is recorded or transmitted — the camera is used as a live reader only.

5. Retention

Your data is kept as long as your account is active. When you delete your account (from the app's Profile section), all your personal data, transactions and points are erased within 30 days, except accounting data which we must keep for 10 years by legal obligation (invoices linked to transactions, anonymised from your identity).

6. Hosting and security

Data is hosted in the European Union (Supabase database, eu-central region — Germany) and travels over HTTPS. Passwords are hashed with bcrypt. Backoffice access is protected by JWT authentication and rate limiting.

7. Your rights

Under the GDPR, you have the following rights:

  • Right to access, rectify and port your data.
  • Right to erasure ("right to be forgotten").
  • Right to withdraw your consent to notifications at any time.
  • Right to lodge a complaint with the French CNIL (www.cnil.fr).

To exercise these rights, contact us at +33 7 43 46 07 05 or via Instagram @amour.et.croissants. We respond within 30 days.

8. Changes

This policy may be updated for minor reasons (editorial clarifications, technical changes). For substantive changes (new purpose, new recipient), we will notify you via the app before the change takes effect.

SARL Amour & Croissants · SIREN 938768769 · 1295 Avenue Dwight Eisenhower, 84200 Carpentras