DIV Protocol
SolutionHow it works?PricingBlogContact

PRIVACY POLICY

DIV PROTOCOL SAS

Last updated: October 28, 2025

1. Introduction

DIV PROTOCOL SAS, whose registered office is located at 200 rue de la Croix-Nivert, 75015 Paris, registered with the Paris Trade and Companies Register under number 939 283 164, (hereinafter "DIV PROTOCOL", "we", "our"), attaches the utmost importance to protecting your personal data and respecting your privacy. This Privacy Policy aims to inform customers and users (hereinafter "you" or "the User") of the methods of collection, processing and storage of their personal data in the context of using the storage, sharing and data encryption service offered by DIV PROTOCOL. DIV PROTOCOL acts in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the amended Data Protection Act.

2. Data Controller

The data controller for personal data is: DIV PROTOCOL SAS 200 rue de la Croix-Nivert, 75015 Paris Email: contact@divprotocol.com

3. Data Collected

DIV PROTOCOL only collects data strictly necessary for providing and securing the service. This data may include:

  • Identification data: last name, first name, professional email address, company, position;
  • Connection data: identifiers, connection logs, IP addresses, timestamps;
  • Usage data: access history, user preferences, configurations;
  • Contractual data: billing information, subscription history, transactions;
  • Technical data: metadata related to service performance, diagnostic data.

DIV PROTOCOL does not collect any sensitive data within the meaning of Article 9 of GDPR (racial origin, political opinions, health, religion, etc.).

4. Processing Purposes

Data collected by DIV PROTOCOL is used exclusively to:

  • Provide and manage the service (authentication, hosting, maintenance);
  • Ensure security and traceability of operations on the platform;
  • Bill and manage commercial relationships with customers;
  • Improve performance and user experience;
  • Comply with applicable legal and regulatory obligations.

5. Legal Basis for Processing

In accordance with Article 6 of GDPR, processing carried out by DIV PROTOCOL is based on:

  • Performance of the contract concluded with the Client;
  • Compliance with a legal obligation;
  • The Provider's legitimate interest in ensuring the security of its systems and services.

6. Data Hosting and Security

Data is hosted on OVH servers located in France and the European Union. It is encrypted at all stages (storage and transfer) using protocols compliant with international security standards. DIV PROTOCOL implements:

  • automatic backup and redundancy systems;
  • strict access control policies;
  • continuous infrastructure monitoring;
  • a business continuity plan in case of major incident.

No data is transferred outside the European Union.

7. Retention Period

Data is retained for the period necessary to provide the service and manage the contract, plus legal limitation periods.

  • Account data: deleted within 30 days following account closure;
  • Billing data: retained for 10 years in accordance with accounting obligations;
  • Connection logs: retained for 12 months for security purposes.

8. User Rights

In accordance with Articles 15 to 22 of GDPR, you have the following rights:

  • Right of access to your personal data;
  • Right to rectification of inaccurate or incomplete data;
  • Right to erasure ("right to be forgotten");
  • Right to restriction of processing;
  • Right to data portability;
  • Right to object to processing based on legitimate interest.

To exercise your rights, simply send a request to: contact@divprotocol.com Your request will be processed within a maximum period of 30 days.

9. Subcontracting and Third Parties

DIV PROTOCOL may use external service providers strictly necessary for service execution (e.g., OVH for hosting, Stripe for payment). These providers act as subcontractors within the meaning of GDPR and comply with the same security and confidentiality requirements. DIV PROTOCOL does not sell, rent or resell any data to third parties.

10. Cookies and Trackers

DIV PROTOCOL only uses technical cookies and anonymous audience measurement, necessary for proper site operation and continuous service improvement. No advertising or cross-site tracking cookies are used. You can configure your browser to refuse non-essential cookies without affecting service access.

11. Data Breach Notification

In case of personal data breach, DIV PROTOCOL commits to:

  • notify CNIL within a maximum period of 72 hours;
  • inform affected users as soon as possible if the breach is likely to result in a high risk to their rights and freedoms.

12. Contact and Complaints

For any questions regarding this policy, you can contact: DIV PROTOCOL SAS – Legal Department – 200 rue de la Croix-Nivert, 75015 Paris contact@divprotocol.com If you believe your rights are not being respected, you can file a complaint with CNIL (www.cnil.fr).

13. Privacy Policy Modifications

DIV PROTOCOL reserves the right to modify this Policy at any time to adapt it to legal, technical or organizational developments. Modifications will be published on the site and will take effect upon publication.