Privacy Policy
We place great importance on protecting your personal data and respecting your privacy. This Privacy Policy is intended to inform you about how we collect, use, store, and protect your personal data in connection with your use of our Services (the website https://the-gate.fr, the g8 mobile app, the API https://api.the-gate.fr, and the forum https://forum.the-gate.fr).
The data controller is the sole proprietorship Petit Rhino (Paris Trade and Companies Register No. 835 345 158 00025, located in Gaillac 81600), which can be contacted at contact@the-gate.fr.
Our principle: minimization
The app is designed using an âoffline-firstâ model. This means that anything that can stay on your phone stays there. Specifically:
All business data you enter into the appâinvoices, delivery notes, credit memos, customers, products, company information, preferencesâis stored in a local database on your phone. It will only be transmitted to and stored on our servers if you choose to do so (this option will soon be available to premium members). Therefore, we have no access to this data by default.
An account is only required to purchase a subscription (premium features). Using the app for free does not require any registration or collection of personal data.
Cookies
No data is collected automatically through cookies or similar tracking technologies: the website https://the-gate.fr does not use cookies.
Links to Other Websites
Our website may contain links to other websites that we do not own or control. We are not responsible for the privacy practices of these third-party websites. We encourage you to be vigilant when you leave our website and to read the privacy statements of each website that may collect personal information.
Mobile app
The app does not use any telemetry libraries, ad trackers, or third-party analytics services. All business functions (creating and managing transactional documents) run locally on your device, without relying on external services.
The only network communications initiated by the Application involve:
Authentication (only if you're creating an account for a Subscription): Your email address is sent to our server `api.the-gate.fr` to receive a login link (âmagic linkâ).
Checking Subscription Status: Our server checks to see if your subscription is active and unlocks premium features.
Subscription Management Portal: Opens the Stripe portal in an external browser.
No password is required: authentication is handled via a one-time âmagic linkâ valid for 15 minutes that is sent by email.
To prevent any data loss, it is your responsibility to regularly back up the Application's data (see Article 6 of the Terms of Use).
Personal Data Collected and Purposes
1. Using the App Without an Account
No personal data is collected.
2. Creating an Account and Signing Up for a Subscription
We store the following in our PostgreSQL database on our server:
Email address â unique account identifier; used to send login links and notifications. Legal basis: performance of the contract
Stripe customer ID (stripe_customer_id) â links your account to your Stripe subscription. Legal basis: performance of the contract.
Plan (monthly/annual), and end date of the current subscription period â required to unlock premium features in the App. Legal basis: performance of the contract.
Open sessions: SHA-256 hash of the refresh token, expiration date, device information (User-Agent) â to maintain the connection without requiring a password and to enable remote logout. Legal basis: performance of the contract.
Temporary authentication links: SHA-256 hash of the token, email address, 15-minute lifespan â to log in without a password. Legal basis: performance of the contract.
Application logs: SHA-256-hashed email addresses (non-reversible) and technical eventsâfor abuse detection, technical diagnostics, and security. Legal basis: legitimate interest.
We do not store any passwords (authentication is handled via a âmagic linkâ), any banking information, any invoices, or any business data belonging to your customers.
3. Subscription Payment (Stripe)
Financial transactions are handled by Stripe, which ensures payment security in compliance with PCI DSS Level 1 (the highest level of certification for card payment processing). Payment information (card number, security code, etc.) is accessible only to Stripe. We never have access to it. See Stripeâs privacy policy: https://stripe.com/fr/privacy.
The information requested from you during sign-up (first name, last name, email address, billing address) and your transaction history (excluding payment information) are accessible to us via the Stripe admin console. We access this information solely to maintain our user database, for communication purposes (billing, payment failure alerts, card expiration alerts), and to provide support.
4. Customer Service
As part of your use of our Services, we may collect certain personal information to ensure effective customer service:
Contact information: name, email address, and possibly phone number, to identify you and respond to you.
Communication history: We keep a record of our exchanges (via email or the forum) to track the progress of your requests.
Technical data: In some cases, we may collect technical information about the device you are using (model, system version, error logs) to diagnose and resolve technical issues. This information is only transmitted if you voluntarily send it to us.
This information is used solely to respond to your requests, improve the quality of our support, and inform you of available solutions.
5. Community Forum (Discourse)
The forum https://forum.the-gate.fr is self-hosted by the Publisher (using Discourse software). User account data (username, email address, public posts) is stored there. This data is not shared with third parties.
6. Forms and Project Management (Grist)
The Publisher uses the Grist platform, self-hosted at https://grist.the-gate.fr, to manage certain forms (including registration for the Early Bat program). The data collected through these forms is always provided by the User (eg name, email address, information about the job), is stored on a server controlled by the Publisher and is not shared with third parties.
Where is the data stored?
Application Server â Contabo (European Union)
Our API (api.the-gate.fr), our database (PostgreSQL 15.15), the forum (Discourse), and Grist are hosted on a virtual private server (VPS) rented from Contabo GmbH (headquarters: Munich, Germany), in a data center located in the European Union.
Communications between your device and our server are end-to-end encrypted via HTTPS/TLS (Letâs Encrypt certificates).
Backups â Scaleway Object Storage (Paris, France đ«đ·)
Daily backups of the database and configurations are:
Encrypted on the server side using AES-256 (via the Restic tool) before being sent, so that the backup provider can never read the data in plain text;
Stored with Scaleway Object Storage, Standard One Zone class, in France đ«đ·;
Automatic rotation: 7 daily, 4 weekly, 12 monthly, 3 annual.
Payments â Stripe : Payment data is stored by Stripe in accordance with its policy and PCI DSS obligations. See https://stripe.com/fr/privacy to find out which regions are affected and to exercise your rights directly with Stripe.
Data Retention Period
Active user account (email, stripe_customer_id, subscription): For the duration of the contractual relationship
User account after deletion (soft delete): 30 days, then permanently deleted
Revoked or expired sessions: 7 days, then deleted
Used or expired magic links: 7 days, then deleted
Stripe events (webhook_events): 90 days
Application logs: Automatic rotation (volume capped at 500 MB, target ~7 to 30 days depending on activity)
Encrypted backups: 7 daily / 4 weekly / 12 monthly / 3 annual at most
Customer service history: 3 years after the end of the contractual relationship, unless a longer retention period is required by law
Stripe billing history: In accordance with Stripeâs policy and accounting requirements (10 years in France)
Data Security
We implement technical and organizational security measures to protect your personal data from unauthorized access, loss, alteration, or disclosure:
No passwords: authentication via a one-time magic link (15 min max);
Authentication tokens encrypted on your phone (EncryptedSharedPreferences / AndroidKeyStore);
HTTPS/TLS communications between the app and the server;
SHA-256 hashes for tokens and emails in logs (non-reversible);
Rate limiting on sensitive endpoints (anti-brute-force);
AES-256-encrypted backups on the server side before being sent to the backup provider;
Infrastructure secrets (signing keys, database passwords) isolated from the source code, with restricted permissions;
Logging of authentication events to detect abuse;
External monitoring (Healthchecks.io) to detect outages;
Regular rotation of sensitive secrets.
Despite our best efforts, no method of electronic transmission or storage is foolproof, and we cannot guarantee absolute security.
Data Processing
We do not disclose your personal data to third parties, except to service providers that are strictly necessary for the provision of the service (Stripe for payments, Contabo as the server host, and Scaleway for storing encrypted backups).
The data collected is obtained directly from you, or through Stripe as part of your subscription.
Your Rights
If you are a European resident, you have the following rights regarding your personal data:
Right to be informed;
Right of access: to obtain a list of the personal data we hold about you;
Right to rectification: to request the correction of inaccurate data;
Right to erasure (âright to be forgottenâ): to request the deletion of your account and associated data. This deletion can also be initiated directly from the App (My Account screen â Advanced â Delete My Account); it will stop the recurring payment for your current Subscription;
Right to restriction of processing;
Right to data portability;
Right to object;
Rights regarding automated decision-making and profiling (we do not use any such systems).
To exercise these rights, please email contact@the-gate.fr. We will respond within 30 days.
Payment data held by Stripe is subject to a separate request to Stripe.
You also have the right to file a complaint with the CNIL (https://www.cnil.fr).
Changes to This Privacy Policy
This privacy policy may be amended at any time to reflect changes in the law, our practices, or our infrastructure. Any updates will be posted on this page along with the date of the most recent revision.
Contact
To exercise your rights or if you have any questions about our privacy policy, you can contact us at the following address: contact@the-gate.fr
Last updated: July 4, 2026
Last versions : https://www.the-gate.fr/historique-politique-de-confidentialite
© 2026 đđ | All rights reserved.
contact@the-gate.fr



