Aller au contenu principal

Privacy Policy

How we collect, use and protect your data

Data Controller

The data controller is Agence Debord (EURL), 9 rue des Colonnes, 75002 Paris, France — SIRET: 80133915100038. For any questions about your data: contact@madori.fr.

Data We Collect

When submitting a site audit

When you submit a URL for audit, we collect: the submitted URL, your IP address, user agent (browser) and referrer. This data is used to prevent duplicates and protect the service from abuse.

When creating an account

If you create an account to access your full report, we collect: your first name, last name, email address, IP address and user agent. Your email is verified via a magic link.

Website browsing

We use a privacy-friendly analytics solution that does not set cookies and does not collect any personally identifiable information.

Purpose of Data Processing

  • Providing the website audit service
  • Detecting and preventing abusive submissions (rate limiting, deduplication)
  • Sending audit results by email (with consent)
  • Improving the service through anonymous usage statistics

Legal Basis

Your data is processed based on legitimate interest (Article 6.1.f GDPR) for service security and abuse prevention, and on consent (Article 6.1.a) for sending email communications.

Data Retention

  • IP addresses and user agents: automatically anonymized after 6 months
  • Account data (name, email): retained as long as the account is active
  • Audit results: retained indefinitely (non-personal data)

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: obtain a copy of your data
  • Right to rectification: correct inaccurate data
  • Right to erasure: request deletion of your data
  • Right to portability: receive your data in a structured format
  • Right to object: object to the processing of your data

To exercise these rights, contact us at: contact@madori.fr

You may also file a complaint with the CNIL (www.cnil.fr) or your local data protection authority.

Data Security

We implement technical and organizational measures to protect your data: encrypted communications (HTTPS), restricted database access, error monitoring without personal data transmission (Sentry configured without PII).

Hosting and Transfers

The frontend is hosted by Vercel (United States, EU Standard Contractual Clauses). The backend and database are hosted by OVH (Roubaix, France). No personal data is shared with third parties for commercial purposes.

Updates

This policy may be updated. The last modification date is shown below. Last updated: March 20, 2026.