Back to home

Privacy Policy

Last updated: April 2026

Data Controller

Pandhiweb (Fabien Loyer)
Email: contact@pandhiweb.com

Data We Collect

Contact Form

When you submit the contact form on our landing page, we collect: your name, email address, agency name (optional), and message. This data is used solely to respond to your inquiry.

User Accounts

When you create an account on Kalessia, we collect: your name, email address, and organization information. This data is necessary for the operation of the service.

Purpose & Legal Basis

We process your data for the following purposes:

  • Contact requests: Based on your consent (checkbox on the form)
  • Account management: Based on the performance of a contract (service provision)
  • Transactional emails: Based on legitimate interest (booking confirmations, contract notifications)

Data Retention

  • Contact form data: Deleted after 12 months if no business relationship is established
  • Account data: Retained for the duration of the account, then deleted within 30 days of account closure
  • Logs & security data: Retained for 12 months

Data Sharing

Your data may be processed by the following third-party services, strictly for the operation of the platform:

  • Resend — Transactional email delivery
  • Stripe — Payment processing (if applicable)
  • Supabase — Database hosting (EU region)
  • Netlify — Frontend hosting
  • Render — Backend hosting

We do not sell or share your data with third parties for marketing purposes.

Cookies

Kalessia uses only strictly necessary cookies for authentication and session management. We do not use tracking cookies, analytics, or advertising cookies. No cookie consent banner is required as these cookies are exempt under the ePrivacy Directive.

Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Delete your data (“right to be forgotten”)
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent at any time

To exercise these rights, contact us at contact@pandhiweb.com. We will respond within 30 days.

Data Security

We implement appropriate technical and organizational measures to protect your data, including: encrypted connections (TLS/SSL), hashed passwords, role-based access control, and regular security audits.

Data Transfers

Some of our service providers are located in the United States (Netlify, Render, Stripe). These transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission.

Complaints

If you believe your data protection rights have been violated, you may file a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés):
www.cnil.fr