Privacy

Privacy policy

Last updated · 5 June 2026

To be completed. Document to be validated by a DPO / lawyer before publication.

Data collected

Login email, password (hashed), billing information (handled by Stripe, Surplan never stores credit card numbers), imported PDF plans, measurements and projects you create.

Purposes

Provide the service (authentication, plan storage, sync across devices), billing, support, and aggregated anonymised usage statistics.

Hosting

Your data is hosted in France (eu-west-3, Paris region) by Supabase Inc. (AWS infrastructure). Payments are processed by Stripe (Ireland, GDPR).

Retention

Your data is kept while your account is active. Upon cancellation, it is kept for 30 days then permanently deleted.

Your rights

In accordance with the GDPR, you have rights of access, rectification, erasure, portability and opposition. Exercise these rights by writing to contact@surplan.io.

B2B commercial outreach

We reach out to building professionals using public official sources (notably the RGE-certified companies directory published by ADEME under Open Licence Etalab 2.0). Legal basis: legitimate interest (Art. 6.1.f GDPR) and the B2B exemption provided by the French LCEN law. Data is retained for a maximum of 3 years after the last contact. Every email includes an unsubscribe link. For access, rectification or erasure requests: contact@surplan.io.

Cookies

The marketing site does not use tracking cookies. The app uses only cookies strictly necessary for functioning (authentication).