Last updated: June 15, 2021
CarboneIO is a French company 🇫🇷. All data is held on servers hosted in Graveline, Paris and Strasbourg. Servers are hosted by OVH. We are compliant with French data protection law, as well as General Data Protection Regulation EU 🇪🇺 (GDPR) 2016/679.
Your privacy is very important to us. This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service. By using the Service, you agree to the collection and use of information in accordance with this policy.
CarboneIO SAS is a French company with a capital of 10000 Euros, registered under N°899 106 785 in the Register of companies of La Roche-sur-Yon (85) and whose head office is located at : 130 La Sauvagère - 85170 BELLEVIGNY (hereinafter referred to as « Carbone », “us”, “we”, or “our”).
CarboneIO operates https://carbone.io website (the “Service”).
All employees of CarboneIO SAS take the security of our software, products, infrastructure and services seriously.
Whenever we develops a new system, security, performances and reliability are the main focus on our architecture. Our team is dedicated to strict security practices as described below:
- Before publishing new features or updating our services, code reviews are performed by the the Data protection Officers to detect security breaches and bad practices.
- Employees that can access customer data and we make sure they only have access to relevant data (ie: no access to reports and templates).
- Computers are not storing any customer data.
- All computers are encrypted.
- By default, two factor authentication (2FA) are used on third-party services (OVH, Crisp, Stripe, Sendingblue).
- All employees, agents, and providers are trained in data-security practices.
- We do not sell and will never sell any data and our policy is to respect your data privacy. Our business model is based on paid subscriptions.
- Security policies are yearly reviewed for all employees and relevant subcontractors.
- Datas sent to Carbone Render or Carbone Studio are not printed, saved or logged.
To report a security vulnerability, please review our security policy for more details: https://github.com/carboneio/carbone/security/policy
Data Security & GDPR (General Data Protection Regulation)
Carbone is GDPR-compliant, and strictly enforces the regulation as to protect the user data we store. According to GDPR, you, as the data subject, have the right to access, modify and delete your personal data, as well as the right to ask for the portability of your data and the right to object to the processing of your personal data.
Types of Data Collected
In order to provide the Services, Carbone is collecting the below data from their users. This section is also listing the security measures used to protect the data as well as the purpose of the collection.
- Email address: Used only for authentication
- Password: Encrypted and used only for authentication
- First name and last name
- Usage Data: Carbone Render API usage
- IP address: for metrics purpose, it is deleted automatically after 7 days
- Payment details and invoicing information: Address, ZIP/Postal code, City, Country and Payment methods are stored and managed exclusively by Stripe. Carbone does not store any bank details.
Use of Your Personal Data
- To identify users and provide support
- To provide our Service
- To notify users about new product or service updates
- To provide analysis to improve the service
- To monitor, prevent and detect technical issues
- The right to be informed: we informe our customers of what we do with their data
- The right of data access: from Carbone Account our customers can access to their data
- The right to rectification: from Carbone Account our customers can update their data
- The right to erasure: from Carbone Account our customers can delete their account and data
- The right to restrict processing: we don't process the data of our customers.
- The right of data portability: our customers can contact us (firstname.lastname@example.org) anytime they wish to get an export of their data
- The right to object: our customers can contact us (email@example.com) and we will handle their request.
- The right not to be subject to automated decision-making and profiling: We don't do that.
Carbone replies to all request under 1 week (3 weeks maximum).
Read our Cookies Policy for more details.
Our Service does not address anyone under the age of 18, due to the nature of the service provided (business-to-business). We do not knowingly collect personally identifiable information from anyone under the age of 18.
Data Processing Agreement
If your company needs to ensure it is GDPR-compliant, it also needs to ensure its providers (ie. Carbone) are also GDPR compliant. The list of our providers (ie. Data Processors) is available, and kept up to date, in our Data Processing Agreement (DPA). Contact us (firstname.lastname@example.org) to get the DPA.
Data protection Officers
Address: 130 la Sauvagère, 85170, Bellevigny, France