Privacy
Privacy policy
Last updated · 5 June 2026
To be completed. Document to be validated by a DPO / lawyer before publication.
Data collected
Login email, password (hashed), billing information (handled by Stripe, Surplan never stores credit card numbers), imported PDF plans, measurements and projects you create.
Purposes
Provide the service (authentication, plan storage, sync across devices), billing, support, and aggregated anonymised usage statistics.
Hosting
Your data is hosted in France (eu-west-3, Paris region) by Supabase Inc. (AWS infrastructure). Payments are processed by Stripe (Ireland, GDPR).
Retention
Your data is kept while your account is active. Upon cancellation, it is kept for 30 days then permanently deleted.
Your rights
In accordance with the GDPR, you have rights of access, rectification, erasure, portability and opposition. Exercise these rights by writing to contact@surplan.io.
B2B commercial outreach
We reach out to building professionals using public official sources (notably the RGE-certified companies directory published by ADEME under Open Licence Etalab 2.0). Legal basis: legitimate interest (Art. 6.1.f GDPR) and the B2B exemption provided by the French LCEN law. Data is retained for a maximum of 3 years after the last contact. Every email includes an unsubscribe link. For access, rectification or erasure requests: contact@surplan.io.
Cookies
The marketing site does not use tracking cookies. The app uses only cookies strictly necessary for functioning (authentication).