Privacy Policy
Effective from 27 April 2026 — Version 1.0
Article 1 — Data Controller
| Name | Maxime Didier Michel Pierre WOITTER EI |
| Business | Application development |
| Legal form | Sole trader (micro-enterprise) |
| SIRET (FR business ID) | 938 157 856 |
| Address | 61 rue de Lyon, 75012 Paris |
| Email (DPO) | maxime.woitter@celerigo.com |
| Website | www.celerigo.com |
For any question regarding the protection of your data, you may contact Celerigo at the email address above.
Article 2 — Data Collected
2.1 Data collected from Users (tourists)
- Identification data: first name, last name, email address
- Travel preferences and intentions: types of activities desired, interests, travel periods
- Usage history: generated itineraries, bookings made, reviews submitted
- Browsing data: IP address, browser type, pages visited, session duration (via cookies)
- Location data: GPS coordinates (with your explicit consent via the browser), for searching nearby activities. Not retained beyond the request.
2.2 Data collected from Partner Providers
- Professional identification data: company name, registration number, legal representative's name
- Contact details: address, email, phone
- Published content: photos, descriptions, prices, availability
- Billing and payment data
Celerigo does not collect sensitive data as defined in Article 9 of the GDPR (ethnic origin, political opinions, health, biometrics, etc.).
Article 3 — Purposes and Legal Bases of Processing
| Purpose | Legal Basis | Retention Period |
|---|---|---|
| User account creation and management | Contract performance | Account duration + 3 years |
| Personalisation of trip suggestions | Legitimate interest / Consent | Account duration |
| Booking management and messaging | Contract performance | 5 years after the last booking |
| Review system | Legitimate interest | Duration of the relationship |
| Provider invoicing | Legal obligation | 10 years (Commercial Code) |
| Audience measurement and improvement | Consent (cookies) | 13 months maximum |
| Sending communications | Consent | Until unsubscription |
| Nearby activity search (geolocation) | Consent (browser permission) | Not retained |
Article 4 — Data Recipients
Data collected is exclusively intended for Celerigo and is neither sold nor transferred to third parties for commercial purposes.
It may be shared in the following cases:
- With Partner Providers: only the information necessary to manage a booking (name, email, requested date)
- With technical sub-processors: hosting (Google Cloud), database (Supabase), authentication (Firebase), emailing (Resend) — under data processing agreements compliant with GDPR
- Upon judicial or legal request: in case of legal obligation or court order
Celerigo ensures that its sub-processors provide sufficient guarantees regarding the protection of personal data.
Article 5 — Transfers Outside the EU
Some of Celerigo's sub-processors (in particular Google Cloud and Firebase) may process data outside the European Union. Such transfers are governed by appropriate safeguards (standard contractual clauses of the European Commission, Privacy Shield certification or equivalent mechanisms).
Article 6 — Your Rights
In accordance with the GDPR, you have the following rights over your personal data:
- Right of access: obtain a copy of the data relating to you
- Right to rectification: correct inaccurate or incomplete data
- Right to erasure: request the deletion of your data ('right to be forgotten'), subject to legal retention obligations
- Right to restriction: restrict processing in certain cases
- Right to portability: receive your data in a structured and readable format
- Right to object: object to processing based on legitimate interest or for prospecting purposes
- Right to withdraw consent: at any time, for processing based on consent
To exercise your rights, contact Celerigo by email at maxime.woitter@celerigo.com. Celerigo undertakes to respond within one (1) month. If your complaint remains unresolved, you may contact the CNIL (www.cnil.fr).
Article 7 — Cookies
7.1 Types of cookies used
- Strictly necessary cookies: authentication, security, session storage. Do not require consent.
- Analytics cookies: audience measurement and browsing behaviour. Subject to consent.
7.2 Consent management
On your first visit, a banner allows you to accept or decline non-essential cookies. You can change your preferences at any time by clearing your browser data for this site. Declining analytics cookies does not affect access to the main features.
Article 8 — Data Security
Celerigo implements appropriate technical and organisational measures to protect your data against unauthorised access, loss, alteration or disclosure. These measures include:
- Communications encryption (HTTPS / TLS)
- Secure authentication (Firebase Auth)
- Data access limited to authorised personnel only
- Hosting on secure infrastructure (Google Cloud Run)
In the event of a data breach likely to result in a risk to your rights and freedoms, Celerigo undertakes to notify the CNIL within 72 hours and affected individuals as soon as possible.
Article 9 — Anonymisation and Deletion
Celerigo applies an automatic anonymisation procedure for inactive account data beyond the applicable retention period. Anonymised data no longer allows identification of individuals and may be retained for statistical purposes.
Article 10 — Policy Updates
This privacy policy may be updated at any time, in particular to reflect regulatory changes or platform modifications. The update date appears at the top of the document. In the event of substantial changes, users will be informed by email or via a notification on the platform.
Article 11 — Applicable Law
This policy is governed by French law and the General Data Protection Regulation (GDPR — EU Regulation 2016/679). For any question or complaint, contact Celerigo at maxime.woitter@celerigo.com or contact the CNIL (www.cnil.fr — 3, place de Fontenoy, 75007 Paris).
Celerigo — www.celerigo.com — Privacy Policy Version 1.0 — 27 April 2026