This Privacy Policy explains how Nappoly ("we," "our," "us") collects and uses personal data through our SiteRoom service. By using our service, you acknowledge and accept the practices described in this policy.
Nappoly
Company Address
SIRET Number
Email: privacy@siteroom.com
- Full name and email address
- Company/organization details
- User role and permissions
- Account preferences and settings
- Profile information you choose to provide
- Meeting room bookings and cancellations
- QR code scans and verifications
- Login activity and session data
- Feature usage statistics
- Room utilization patterns
- User interactions with the platform
- IP address
- Browser type and version
- Operating system
- Device information
- Language preferences
- Access times and dates
- Analytics data (via Plausible.io)
- Customer support communications
- Feedback and survey responses
- Service-related notifications
- Marketing communications (with consent)
- Managing your account and subscription
- Processing room bookings
- Sending booking confirmations and reminders
- Providing customer support
- Ensuring security of your account
- Facilitating team collaboration
- Analyzing usage patterns
- Identifying and fixing technical issues
- Improving user experience
- Developing new features
- Customizing service offerings
- Maintaining service performance
We use Plausible.io for privacy-friendly analytics:
- No cookies are used
- No personal data is collected
- No cross-site tracking
- Data is processed in the EU
- Only aggregate statistics are generated
- Sending essential service updates
- Providing technical support
- Responding to your inquiries
- Sending marketing communications (with consent)
- Notifying about service changes
We process data under the following legal bases:
- Contract Performance: Processing necessary to provide our service
- Legal Obligations: Compliance with applicable laws
- Legitimate Interests: Improving and securing our service
- Consent: For specific processing activities where required
We share data with:
- Cloud infrastructure providers
- Payment processors
- Email service providers
- Analytics providers
- Customer support tools
We may share data:
- In response to legal requests
- To protect our rights
- To prevent fraud
- To ensure safety
In case of merger, acquisition, or asset sale, personal data may be transferred as part of the transaction.
We implement appropriate security measures including:
- Encryption in transit and at rest
- Access controls and authentication
- Regular security updates
- Security monitoring
- Incident response procedures
- Employee training
- Regular security assessments
We retain data according to these principles:
- Active Accounts: Duration of service usage
- Inactive Accounts: 30 days after account closure
- Analytics Data: 12 months in anonymized form
- Legal Requirements: As required by applicable laws
- Backups: Maximum 30 days
Under GDPR, you have the right to:
- Access: Request copies of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data
- Restriction: Limit how we use your data
- Portability: Receive your data in a structured format
- Objection: Object to certain processing
- Withdraw Consent: Where processing is based on consent
To exercise these rights, contact privacy@siteroom.com.
Data is processed:
- Within the European Union
- Using compliant service providers
- With appropriate safeguards
- Following data protection regulations
- Service not intended for users under 18
- We do not knowingly collect children's data
- We will delete any identified children's data
- Parents should contact us with concerns
We minimize cookie usage:
- No tracking cookies
- Only essential session cookies
- No advertising cookies
- Privacy-friendly analytics (Plausible.io)
We may update this policy:
- Email notification for significant changes
- Service notifications for updates
- 30 days notice for material changes
- Previous versions available on request
For privacy inquiries:
You have the right to complain to the CNIL (Commission Nationale de l'Informatique et des Libertés): https://www.cnil.fr/
Our DPO can be contacted at:
DPO Contact Details
Detailed information about our security measures is available upon request.
We maintain records of processing activities as required by GDPR Article 30.
We conduct data protection impact assessments where required by law.