Privacy Policy

We place great importance on protecting your personal data and respecting your privacy. This Privacy Policy is intended to inform you about how we collect, use, store, and protect your personal data in connection with your use of our Services (the website https://the-gate.fr, the g8 mobile app, the API https://api.the-gate.fr, and the forum https://forum.the-gate.fr).

The data controller is the sole proprietorship Petit Rhino (Paris Trade and Companies Register No. 835 345 158 00025, located in Gaillac 81600), which can be contacted at contact@the-gate.fr.

Our principle: minimization

The app is designed using an “offline-first” model. This means that anything that can stay on your phone stays there. Specifically:

  • All business data you enter into the app—invoices, delivery notes, credit memos, customers, products, company information, preferences—is stored in a local database on your phone. It will only be transmitted to and stored on our servers if you choose to do so (this option will soon be available to premium members). Therefore, we have no access to this data by default.

  • An account is only required to purchase a subscription (premium features). Using the app for free does not require any registration or collection of personal data.

Cookies

No data is collected automatically through cookies or similar tracking technologies: the website https://the-gate.fr does not use cookies.

Links to Other Websites

Our website may contain links to other websites that we do not own or control. We are not responsible for the privacy practices of these third-party websites. We encourage you to be vigilant when you leave our website and to read the privacy statements of each website that may collect personal information.

Mobile app

The app does not use any telemetry libraries, ad trackers, or third-party analytics services. All business functions (creating and managing transactional documents) run locally on your device, without relying on external services.

The only network communications initiated by the Application involve:

  • Authentication (only if you're creating an account for a Subscription): Your email address is sent to our server `api.the-gate.fr` to receive a login link (“magic link”).

  • Checking Subscription Status: Our server checks to see if your subscription is active and unlocks premium features.

  • Subscription Management Portal: Opens the Stripe portal in an external browser.

No password is required: authentication is handled via a one-time “magic link” valid for 15 minutes that is sent by email.

To prevent any data loss, it is your responsibility to regularly back up the Application's data (see Article 6 of the Terms of Use).

Personal Data Collected and Purposes

1. Using the App Without an Account

No personal data is collected.

2. Creating an Account and Signing Up for a Subscription

We store the following in our PostgreSQL database on our server:

  • Email address — unique account identifier; used to send login links and notifications. Legal basis: performance of the contract

  • Stripe customer ID (stripe_customer_id) — links your account to your Stripe subscription. Legal basis: performance of the contract.

  • Plan (monthly/annual), and end date of the current subscription period — required to unlock premium features in the App. Legal basis: performance of the contract.

  • Open sessions: SHA-256 hash of the refresh token, expiration date, device information (User-Agent) — to maintain the connection without requiring a password and to enable remote logout. Legal basis: performance of the contract.

  • Temporary authentication links: SHA-256 hash of the token, email address, 15-minute lifespan — to log in without a password. Legal basis: performance of the contract.

  • Application logs: SHA-256-hashed email addresses (non-reversible) and technical events—for abuse detection, technical diagnostics, and security. Legal basis: legitimate interest.

We do not store any passwords (authentication is handled via a “magic link”), any banking information, any invoices, or any business data belonging to your customers.

3. Subscription Payment (Stripe)

Financial transactions are handled by Stripe, which ensures payment security in compliance with PCI DSS Level 1 (the highest level of certification for card payment processing). Payment information (card number, security code, etc.) is accessible only to Stripe. We never have access to it. See Stripe’s privacy policy: https://stripe.com/fr/privacy.

The information requested from you during sign-up (first name, last name, email address, billing address) and your transaction history (excluding payment information) are accessible to us via the Stripe admin console. We access this information solely to maintain our user database, for communication purposes (billing, payment failure alerts, card expiration alerts), and to provide support.

4. Customer Service

As part of your use of our Services, we may collect certain personal information to ensure effective customer service:

  • Contact information: name, email address, and possibly phone number, to identify you and respond to you.

  • Communication history: We keep a record of our exchanges (via email or the forum) to track the progress of your requests.

  • Technical data: In some cases, we may collect technical information about the device you are using (model, system version, error logs) to diagnose and resolve technical issues. This information is only transmitted if you voluntarily send it to us.

This information is used solely to respond to your requests, improve the quality of our support, and inform you of available solutions.

5. Community Forum (Discourse)

The forum https://forum.the-gate.fr is self-hosted by the Publisher (using Discourse software). User account data (username, email address, public posts) is stored there. This data is not shared with third parties.

6. Forms and Project Management (Grist)

The Publisher uses the Grist platform, self-hosted at https://grist.the-gate.fr, to manage certain forms (including registration for the Early Bat program). The data collected through these forms is always provided by the User (eg name, email address, information about the job), is stored on a server controlled by the Publisher and is not shared with third parties.

Where is the data stored?

Application Server — Contabo (European Union)

Our API (api.the-gate.fr), our database (PostgreSQL 15.15), the forum (Discourse), and Grist are hosted on a virtual private server (VPS) rented from Contabo GmbH (headquarters: Munich, Germany), in a data center located in the European Union.

Communications between your device and our server are end-to-end encrypted via HTTPS/TLS (Let’s Encrypt certificates).

Backups — Scaleway Object Storage (Paris, France đŸ‡«đŸ‡·)

Daily backups of the database and configurations are:

  • Encrypted on the server side using AES-256 (via the Restic tool) before being sent, so that the backup provider can never read the data in plain text;

  • Stored with Scaleway Object Storage, Standard One Zone class, in France đŸ‡«đŸ‡·;

  • Automatic rotation: 7 daily, 4 weekly, 12 monthly, 3 annual.

  • Payments — Stripe : Payment data is stored by Stripe in accordance with its policy and PCI DSS obligations. See https://stripe.com/fr/privacy to find out which regions are affected and to exercise your rights directly with Stripe.

Data Retention Period

  • Active user account (email, stripe_customer_id, subscription): For the duration of the contractual relationship

  • User account after deletion (soft delete): 30 days, then permanently deleted

  • Revoked or expired sessions: 7 days, then deleted

  • Used or expired magic links: 7 days, then deleted

  • Stripe events (webhook_events): 90 days

  • Application logs: Automatic rotation (volume capped at 500 MB, target ~7 to 30 days depending on activity)

  • Encrypted backups: 7 daily / 4 weekly / 12 monthly / 3 annual at most

  • Customer service history: 3 years after the end of the contractual relationship, unless a longer retention period is required by law

  • Stripe billing history: In accordance with Stripe’s policy and accounting requirements (10 years in France)

Data Security

We implement technical and organizational security measures to protect your personal data from unauthorized access, loss, alteration, or disclosure:

  • No passwords: authentication via a one-time magic link (15 min max);

  • Authentication tokens encrypted on your phone (EncryptedSharedPreferences / AndroidKeyStore);

  • HTTPS/TLS communications between the app and the server;

  • SHA-256 hashes for tokens and emails in logs (non-reversible);

  • Rate limiting on sensitive endpoints (anti-brute-force);

  • AES-256-encrypted backups on the server side before being sent to the backup provider;

  • Infrastructure secrets (signing keys, database passwords) isolated from the source code, with restricted permissions;

  • Logging of authentication events to detect abuse;

  • External monitoring (Healthchecks.io) to detect outages;

  • Regular rotation of sensitive secrets.

Despite our best efforts, no method of electronic transmission or storage is foolproof, and we cannot guarantee absolute security.

Data Processing

We do not disclose your personal data to third parties, except to service providers that are strictly necessary for the provision of the service (Stripe for payments, Contabo as the server host, and Scaleway for storing encrypted backups).

The data collected is obtained directly from you, or through Stripe as part of your subscription.

Your Rights

If you are a European resident, you have the following rights regarding your personal data:

  • Right to be informed;

  • Right of access: to obtain a list of the personal data we hold about you;

  • Right to rectification: to request the correction of inaccurate data;

  • Right to erasure (“right to be forgotten”): to request the deletion of your account and associated data. This deletion can also be initiated directly from the App (My Account screen → Advanced → Delete My Account); it will stop the recurring payment for your current Subscription;

  • Right to restriction of processing;

  • Right to data portability;

  • Right to object;

  • Rights regarding automated decision-making and profiling (we do not use any such systems).

  • To exercise these rights, please email contact@the-gate.fr. We will respond within 30 days.

  • Payment data held by Stripe is subject to a separate request to Stripe.

You also have the right to file a complaint with the CNIL (https://www.cnil.fr).

Changes to This Privacy Policy

This privacy policy may be amended at any time to reflect changes in the law, our practices, or our infrastructure. Any updates will be posted on this page along with the date of the most recent revision.

Contact

To exercise your rights or if you have any questions about our privacy policy, you can contact us at the following address: contact@the-gate.fr

Last updated: July 4, 2026

Last versions : https://www.the-gate.fr/historique-politique-de-confidentialite

Made with ❀ in France

CGU/CGV | Confidentialité

Community forum:
https://forum.the-gate.fr

Source code: Github

© 2026 𝕘𝟠 | All rights reserved.

contact@the-gate.fr

đŸŒ± 𝕘𝟠

The gate (𝕘𝟠) is a digital common designed for organic producers and small organizations