Privacy Policy

1. Who we are

This privacy policy applies to Solo Dev Agency (operated by Jean Saunie, France) and its services, including solodevagency.fr and the internal platform kernel.solodevagency.fr ("Kernel Studio").

Data controller: Jean Saunie, Solo Dev Agency
Country: France (GDPR applies)
Contact: jean.saunie@solodevagency.fr

2. What data we collect

2.1 Visitors of solodevagency.fr

  • Contact details you submit (name, email, phone) when booking a call or registering for a webinar
  • Technical data (IP address, user agent, referrer) for security and analytics

2.2 Customers of paid programs

  • Billing data processed by Stripe (we do not store card details)
  • Program progress and communications

2.3 Kernel Studio (internal tool)

Kernel Studio is operated by authorized staff of Solo Dev Agency. It connects to third-party APIs (TikTok, LinkedIn, YouTube, Meta) using accounts that we own and operate. Data accessed via these integrations is limited to:

  • Our own account profile (open_id, username, profile picture, bio, follower stats) on platforms we have authenticated to
  • Content we publish from Kernel Studio (video files, captions, thumbnails, scheduling metadata)
  • Performance metrics on our own posts (views, likes, comments, shares) used to improve our internal content strategy

Kernel Studio does not collect, store, or process personal data belonging to end users of TikTok, LinkedIn, YouTube, or Meta. It does not expose a public login flow.

3. How we use data

  • Operate the website and respond to inquiries
  • Deliver paid programs and provide customer support
  • Send transactional emails (program access, calendar confirmations) via Resend
  • Internally measure the performance of our own marketing content
  • Comply with legal obligations (tax, accounting)

4. Legal bases (GDPR)

  • Contract performance: to deliver paid programs
  • Legitimate interest: to secure our services and improve our content
  • Consent: for marketing emails AND for analytics/marketing cookies (Google Analytics 4, future Meta/LinkedIn pixels). See our Cookie Policy.
  • Legal obligation: for accounting and tax records

5. Sharing & sub-processors

We share data only with the following sub-processors, each bound by GDPR-compliant agreements:

  • Supabase: application database and authentication (EU region)
  • Vercel: web hosting
  • Stripe: payment processing
  • Resend: transactional emails
  • Google LLC: Google Calendar (booking time-slot sync and Meet link), Analytics 4, Tag Manager, Search Console (audience measurement and SEO, subject to consent)
  • Meta Platforms Ireland Ltd (future): Pixel for retargeting, subject to consent
  • LinkedIn Ireland Unlimited Co (future): Insight Tag, subject to consent
  • Anthropic: AI assistance for content drafting (no personal customer data is sent)
  • Apify: public web scraping of competitor content (no private user data)
  • TikTok, LinkedIn, YouTube, Meta: content publishing on our own brand accounts

6. Data retention

  • Customer accounts: duration of the program + 5 years (legal accounting period in France)
  • Webinar / lead inquiries: 3 years from last contact
  • Server logs: 12 months
  • OAuth tokens for our own brand accounts: until revoked or expired

7. Your rights

Under GDPR, you have the right to access, rectify, delete, restrict, port, and object to the processing of your personal data. To exercise these rights, contact us at jean.saunie@solodevagency.fr.

You also have the right to lodge a complaint with the French data protection authority (CNIL).

8. Cookies and tracking

The public website uses cookies in three categories:

  • Strictly necessary: for site functionality, theme preference, and consent storage. Exempt from consent.
  • Analytics: Google Analytics 4, fired only after explicit consent via the cookie banner. We use Google "Consent Mode v2".
  • Marketing: Meta and LinkedIn pixels (not active today, future). Subject to consent.

For the full list (name, duration, purpose, processor), see our Cookie Policy.

Withdrawing consent: you can change or withdraw your consent at any time via the "Manage cookie preferences" link or via the footer. The internal Kernel Studio platform uses session cookies for authentication only.

9. Security

We use industry-standard security measures: HTTPS everywhere, hashed passwords, Row-Level Security on the database, encrypted secrets, and least-privilege access for staff. OAuth tokens for brand accounts are stored encrypted at rest.

10. Changes

We may update this policy. The "Last updated" date at the top reflects the latest revision. Material changes will be communicated to affected customers.

11. Contact

Privacy questions or requests: jean.saunie@solodevagency.fr.