• Home
  • Privacy Policy

Privacy Policy

Last updated: May 2026

1. Introduction

Kreezalid is committed to protecting the privacy, confidentiality, integrity, and security of personal data processed through its platform and services.

This Privacy Policy explains how Kreezalid collects, uses, stores, secures, transfers, and processes personal data in accordance with:

  • the General Data Protection Regulation (“GDPR”),
  • applicable French data protection laws,
  • and recommendations issued by the CNIL (Commission Nationale de l’Informatique et des Libertés).

Kreezalid applies strict principles of:

  • privacy by design,
  • data minimization,
  • security by default,
  • transparency,
  • controlled access to information,
  • and accountability.

This Privacy Policy applies to:

  • visitors of the Kreezalid website,
  • prospects and customers,
  • marketplace operators using Kreezalid,
  • users of marketplaces powered by Kreezalid,
  • and individuals whose data may be processed through Kreezalid services.

2. Legal Information

Kreezalid is operated by Sovereign Data Solutions and its affiliated entities.

Company Information

Sovereign Data Solutions
88 avenue de la Division Leclerc 95160 Montmorency France

Email: contact@kreezalid.com

Additional corporate and registration details may be provided upon request or through applicable legal notices available on the website.

3. Role Under GDPR

Depending on the context of processing, Kreezalid may act either as:

  • a Data Controller,
  • or a Data Processor acting on behalf of its customers.

Kreezalid acts as Data Controller for:

  • website operations,
  • lead generation,
  • marketing communications,
  • customer relationship management,
  • billing,
  • support activities,
  • security operations,
  • and internal business administration.

Kreezalid acts as Data Processor for:

  • marketplaces created and operated by customers,
  • customer-hosted marketplace data,
  • marketplace user accounts,
  • marketplace transactional environments,
  • and platform operational services.

Marketplace operators using Kreezalid remain solely responsible for:

  • defining the purposes of processing,
  • determining the legal basis for processing,
  • informing their own users,
  • collecting required consents,
  • and ensuring compliance with applicable privacy regulations.

4. Categories of Personal Data Processed

Depending on the services used, Kreezalid may process the following categories of personal data.

Identity and contact data

  • First name
  • Last name
  • Email address
  • Phone number
  • Postal address

Technical and connection data

  • IP address
  • Browser information
  • Device information
  • Operating system
  • Authentication logs
  • Connection logs
  • Session metadata
  • Security events
  • Access timestamps

Marketplace and platform usage data

  • User account information
  • Marketplace profile data
  • Seller or buyer information
  • Marketplace interactions
  • Customer support requests
  • Geolocation data where enabled by the customer

Commercial and billing data

  • Subscription information
  • Billing information
  • Transaction metadata

Kreezalid does not directly store or process full payment card details.

Payment operations are handled by third-party payment providers such as Stripe or other payment services configured by marketplace operators.

5. Sources of Personal Data

Kreezalid primarily collects personal data directly from users and customers when they voluntarily interact with Kreezalid services, websites, or commercial activities. Users who register for a free trial may receive follow-up communications related to their trial activity and product use, on the basis of Kreezalid's legitimate interest in supporting trial users.

Create a Free Trial Account

Personal data may be collected when users:

  • register for a free trial,
  • create a marketplace project,
  • configure an account,
  • or access Kreezalid platform features.

Collected information may include:

  • first name,
  • last name,
  • company name,
  • email address,
  • phone number,
  • and account-related information.

Subscribe to Newsletters or Marketing Communications

Data may be collected when users:

  • subscribe to newsletters,
  • opt-in to marketing communications,
  • request updates,
  • or join mailing lists.

Download Resources or Lead Magnets

Kreezalid may collect personal data when users access:

  • whitepapers,
  • guides,
  • templates,
  • webinars,
  • case studies,
  • downloadable resources,
  • or other lead generation materials.

Request a Commercial Appointment or Product Demonstration

Data may be collected when users:

  • book a meeting,
  • request a sales call,
  • schedule a demonstration,
  • contact commercial teams,
  • or request onboarding discussions.

This may include:

  • contact information,
  • company details,
  • project information,
  • and business requirements.

Contact Customer Support

Personal data may also be collected when users:

  • submit support requests,
  • report technical issues,
  • communicate with support teams,
  • or request assistance regarding platform operations.

Use Marketplace Services

Marketplace operators and end-users may generate data through:

  • account creation,
  • marketplace activity,
  • platform interactions,
  • authentication,
  • messaging,
  • and operational usage.

Automatic Technical Collection

Certain technical information may be collected automatically through:

  • cookies,
  • analytics technologies,
  • security systems,
  • server logs,
  • and infrastructure monitoring tools.

This information may include:

  • IP addresses,
  • browser information,
  • device identifiers,
  • operating systems,
  • and session metadata.

6. Data Not Intentionally Collected

Kreezalid does not intentionally collect or process:

  • sensitive personal data under GDPR Article 9,
  • health-related information,
  • biometric data,
  • political opinions,
  • religious beliefs,
  • union membership information,
  • or criminal conviction data.

Customers using the platform are responsible for ensuring that any data uploaded to their marketplaces complies with applicable regulations.

7. Purposes of Processing

Kreezalid processes personal data only where necessary and supported by an appropriate legal basis.

Platform Operations

Personal data may be processed for:

  • account management,
  • platform administration,
  • authentication,
  • marketplace hosting,
  • infrastructure operations,
  • and technical maintenance.

Customer Relationship Management

Data may be processed for:

  • customer support,
  • technical assistance,
  • service notifications,
  • onboarding,
  • contract management,
  • and invoicing.

Security and Compliance

Data may be processed to:

  • detect fraud,
  • monitor suspicious activities,
  • protect infrastructure,
  • investigate incidents,
  • manage access control,
  • and comply with legal obligations.

Product Improvement and Analytics

Data may be used to:

  • improve platform performance,
  • analyze service usage,
  • optimize user experience,
  • and monitor operational reliability.

Marketing and Communications

Subject to applicable legal requirements, Kreezalid may process data to:

  • send newsletters,
  • communicate product updates,
  • provide event invitations,
  • and share commercial information.

Users may unsubscribe from marketing communications at any time.

8. Legal Bases for Processing

Kreezalid relies on the following legal bases under GDPR.

Purpose Legal Basis
SaaS platform operations Contractual necessity
Customer support Contractual necessity
Billing and invoicing Legal obligation
Security monitoring Legitimate interest
Fraud prevention Legitimate interest
Analytics Consent or legitimate interest
Marketing communications Consent or legitimate interest
Regulatory compliance Legal obligation

Transition note — Marketing communications

Prior to 6 May 2026, follow-up communications sent to trial users were processed on the basis of legitimate interest (Article 6(1)(f) GDPR), in connection with the user's trial activity on the Kreezalid platform.

From 6 May 2026 onwards, marketing and newsletter communications are subject to explicit opt-in consent collected at the time of registration (Article 6(1)(a) GDPR).

Contacts collected before this date and continuing to receive communications do so under the legitimate interest basis, subject to their right to object at any time.

9. Cookies and Tracking Technologies

Kreezalid uses cookies and similar technologies on its websites and services.

Essential Cookies

These cookies are necessary for:

  • authentication,
  • security,
  • session management,
  • load balancing,
  • and core platform functionality.

Essential cookies cannot be disabled because the services would not function properly without them.

Analytics Cookies

Analytics technologies help Kreezalid:

  • understand website usage,
  • measure audience traffic,
  • monitor performance,
  • and improve usability.

Technologies may include:

  • Google Analytics.

Advertising and Marketing Cookies

Marketing technologies may be used to:

  • measure campaign effectiveness,
  • personalize advertising,
  • track conversions,
  • and improve marketing relevance.

Technologies may include:

  • Meta Pixel,
  • LinkedIn Insight Tag.

10. Cookie Consent Management

Where required by applicable law, Kreezalid obtains user consent before placing non-essential cookies or tracking technologies.

Users may:

  • accept cookies,
  • reject cookies,
  • or customize preferences at any time.

Cookie preferences may also be managed directly through browser settings.

Users may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

11. Data Sharing and Recipients

Kreezalid does not sell personal data.

Personal data processed through the platform is never commercially resold to third parties.

Data may only be shared where necessary for legitimate operational purposes and under appropriate safeguards.

Categories of recipients include

Infrastructure and Hosting Providers

  • OVHcloud
  • Amazon Web Services (AWS)

Operational Service Providers

  • Stripe
  • Cloudflare
  • Weglot
  • Google Analytics
  • Mautic

Authorized Personnel

Access to personal data is strictly limited to authorized employees, contractors, or partners who require access for operational purposes and are bound by confidentiality obligations.

12. Hosting Infrastructure

Kreezalid services are primarily hosted within France and the European Union.

Primary Hosting Provider

OVHcloud

OVH SAS
2 rue Kellermann
59100 Roubaix
France

OVHcloud infrastructure is primarily used for core hosting services and operational infrastructure.

Media and Related Infrastructure

Amazon Web Services (AWS)

Amazon Web Services EMEA SARL
38 avenue John F. Kennedy
L-1855 Luxembourg

AWS infrastructure may be used specifically for media-related services, content delivery, and associated technical operations.

13. International Data Transfers

Kreezalid prioritizes processing and hosting personal data within:

  • France,
  • and the European Union.

Where certain third-party providers may involve transfers outside the European Economic Area (EEA), Kreezalid implements appropriate safeguards including:

  • Standard Contractual Clauses (SCCs),
  • contractual data protection obligations,
  • and GDPR-compliant security measures.

Kreezalid continuously reviews the compliance posture of its providers and subcontractors.

14. Artificial Intelligence and AI-Assisted Support

Kreezalid may use AI-assisted technologies to improve operational efficiency and customer support workflows. AI-assisted tools used internally may include third-party providers. Data transmitted is anonymized or pseudonymized where possible.

AI Processing Principles

Kreezalid applies strict limitations regarding AI-related processing:

  • identifiable customer data is minimized,
  • lead databases are not shared with AI providers,
  • marketplace customer data is not commercially reused,
  • and data transmitted to AI tools is anonymized whenever possible.

AI systems may be used solely to:

  • assist support teams,
  • accelerate troubleshooting,
  • improve operational response quality,
  • and optimize internal productivity.

Kreezalid does not authorize the use of customer marketplace data for external AI model training purposes.

15. Data Retention Policy

Kreezalid applies strict retention limitations aligned with:

  • GDPR principles,
  • CNIL recommendations,
  • operational necessity,
  • and security requirements.

Standard Retention Periods

Data Category Retention Period
Active customer accounts Duration of contractual relationship
Prospect and lead data 3 years after last contact
Technical logs 12 months
Security and authentication logs 12 months
Customer support tickets 3 years
Billing and accounting records 10 years
Analytics data According to applicable consent settings
Backup and disaster recovery data Maximum 90 days
Logically deleted account data Deleted within 24 business hours
Final backup purge after deletion Maximum 90 days

Retention periods may be extended where required by law or legitimate security obligations.

16. Account Deletion and Data Removal

Customers may request deletion of their accounts and associated data at any time.

Deletion Process

Kreezalid applies the following deletion workflow:

  • logical deletion initiated within 24 business hours,
  • immediate revocation of platform access,
  • progressive deletion from operational systems,
  • progressive deletion from backup systems,
  • and final purge no later than 90 days after deletion request.

Data Export

Customers may export their data while their marketplace remains active and accessible.

Backup Restoration Window

For operational continuity and disaster recovery purposes:

  • restoration from backups may remain technically possible for up to 30 days,
  • after which permanent deletion procedures continue progressively.

Certain legal obligations may require retention of limited accounting or compliance records.

17. Security Measures

Kreezalid implements technical and organizational security measures designed to protect personal data against:

  • unauthorized access,
  • accidental destruction,
  • loss,
  • disclosure,
  • misuse,
  • or alteration.

Access Security

Kreezalid applies strict access control measures including:

  • mandatory Multi-Factor Authentication (MFA),
  • restricted production access,
  • role-based access permissions,
  • least privilege principles,
  • and periodic access reviews.

Infrastructure Security

Security mechanisms include:

  • HTTPS/TLS encryption for data in transit,
  • infrastructure segmentation,
  • isolated production and staging environments,
  • monitoring systems,
  • and centralized logging mechanisms.

Operational Security

Operational security practices include:

  • internal authorization management,
  • access traceability,
  • security monitoring,
  • incident escalation procedures,
  • and restricted infrastructure administration.

Kreezalid continuously reviews and improves its security practices according to:

  • operational risks,
  • evolving threats,
  • and industry standards.

18. Infrastructure and Cloud Security Standards

Kreezalid relies on reputable cloud infrastructure providers implementing industry-standard security measures including:

  • physical datacenter security,
  • redundancy mechanisms,
  • network segmentation,
  • infrastructure monitoring,
  • high availability systems,
  • and disaster recovery capabilities.

Security practices are continuously evaluated to maintain appropriate levels of protection for hosted data and services.

19. Data Breach and Security Incident Management

Kreezalid maintains internal procedures for:

  • detecting security incidents,
  • investigating anomalies,
  • containing security events,
  • and managing personal data breaches.

Where legally required, Kreezalid may:

  • notify supervisory authorities,
  • inform affected customers,
  • and provide incident-related information within applicable regulatory deadlines.

Incident response procedures are regularly reviewed and updated.

20. User Rights

Under GDPR and applicable laws, individuals may exercise the following rights.

Rights Available to Users

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to object
  • Right to data portability
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

Requests may be submitted using the contact information provided below.

Kreezalid may request verification of identity before processing certain requests.

21. Children’s Privacy

Kreezalid services are not intended for children without appropriate parental authorization where required by applicable laws.

Marketplace operators remain responsible for ensuring lawful collection and processing of any minors’ data through their own services and marketplaces.

22. Customer Responsibilities

Marketplace operators using Kreezalid remain responsible for:

  • determining lawful processing purposes,
  • informing their users,
  • collecting required consents,
  • managing their own third-party integrations,
  • configuring cookies and tracking technologies,
  • and ensuring compliance with applicable privacy laws.

Kreezalid acts solely as a technical service provider and processor where applicable.

23. Privacy by Design and Data Governance

Kreezalid integrates privacy and security principles throughout the lifecycle of its services and infrastructure.

This includes:

  • minimizing unnecessary data collection,
  • limiting access to personal data,
  • reducing exposure risks,
  • implementing security controls by default,
  • maintaining governance procedures,
  • and continuously improving compliance practices.

Kreezalid adopts a privacy-centric and European-first approach aligned with modern enterprise security expectations.

24. No Sale or Commercial Exploitation of Personal Data

Kreezalid does not:

  • sell personal data,
  • rent personal data,
  • commercially exploit customer databases,
  • or monetize marketplace user information through third-party advertising resale practices.

Customer and marketplace data remains under the control of marketplace operators subject to applicable contractual and legal obligations.

25. Changes to This Privacy Policy

Kreezalid may update this Privacy Policy periodically to reflect:

  • legal developments,
  • regulatory updates,
  • operational changes,
  • infrastructure evolutions,
  • or service improvements.

The most recent version will always remain accessible on the Kreezalid website.

Continued use of the services after updates may constitute acknowledgment of the revised policy where permitted by applicable law.

26. Contact Information

For any privacy-related request, question, or GDPR inquiry, users may contact:

Kreezalid Privacy Team

Email: contact@kreezalid.com

Kreezalid does not have a formally appointed Data Protection Officer, as it does not meet the mandatory appointment threshold under Article 37 GDPR.

Postal Contact

Sovereign Data Solutions
88 avenue de la Division Leclerc 95160 Montmorency
France

Users also have the right to lodge a complaint with the CNIL:

https://www.cnil.fr

27. Governing Law

This Privacy Policy is governed by:

  • French law,
  • applicable European Union regulations,
  • and GDPR requirements.

Any dispute relating to privacy or data protection matters shall be governed by the competent jurisdictions applicable under French and European law.