Legal

Privacy Policy

Data Controller

The controller responsible for personal data collected through the vectail.com website and the Vectail Service is:

Identity Vectail - Adrien Bousquier (sole trader)
Address 41 rue Jean Henri Fabre, 84150 Jonquières, France
Email [email protected]

Data We Collect

In connection with your use of the website and the Service, Vectail may collect the following data:

Data you provide directly

  • Registration data: first name, last name, email address, password (hashed)
  • Billing data: billing address, payment information (processed by our payment provider, not stored by Vectail)
  • Contact data: messages submitted via the contact form

Data collected automatically

  • Usage data: IP address, browser type, date and time of connection
  • Service usage data: search queries made by visitors on Users' websites
  • Cookies: see the dedicated section below

Purposes of Processing

Personal data is collected for the following purposes:

  • Service delivery: account management, search engine operation, results display
  • Service improvement: performance analysis, search algorithm optimisation, usage statistics
  • Billing: subscription and payment management
  • Communication: sending Service-related information, responding to contact requests
  • Legal compliance: fulfilling legal and regulatory obligations

Legal Basis

Processing is based on:

  • Performance of a contract: to provide the Service and manage the User account (Article 6.1.b GDPR)
  • Legitimate interests: to improve the Service and for usage statistics (Article 6.1.f GDPR)
  • Consent: for non-essential cookies and marketing communications (Article 6.1.a GDPR)
  • Legal obligation: for retaining billing data (Article 6.1.c GDPR)

Retention Periods

Account data Duration of subscription + 3 years after account deletion
Billing data 10 years (statutory accounting obligation)
Usage data Maximum 13 months
Search data Duration of subscription (anonymised after cancellation)
Contact data 3 years after last contact

Use of Google Data (Google APIs)

As part of the Service configuration, Vectail may access data from your Google account via OAuth 2.0, with your explicit consent. This access covers exclusively:

  • Google Merchant Center: read-only access to your product catalogue (titles, descriptions, prices, images, URLs) to power the Vectail search engine on your e-commerce site

This data is used solely to:

  • Import and index your products into the Vectail search engine
  • Keep your product catalogue synchronised

Vectail does not sell, rent or share Users' Google data with third parties, except as required by law. Use of data obtained from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

Google data protection mechanisms

Vectail implements the following security measures to protect sensitive data from Google APIs:

  • Encryption in transit: all communications between Vectail and Google APIs are encrypted via HTTPS
  • Encryption at rest: data (product catalogue, OAuth token) is stored in Google Cloud Firestore, where encryption at rest is provided by Google Cloud infrastructure
  • Secure OAuth token: the OAuth refresh token is stored exclusively in Google Cloud Firestore, accessible only to the relevant User account
  • Access minimisation: only the strictly necessary scope (https://www.googleapis.com/auth/content) is requested, and no write operations are performed on Merchant Center
  • Access control: access to a User's Google data is restricted to their own credentials - no cross-account access is possible
  • Token retention: the refresh token is deleted upon account cancellation

You may revoke access at any time from your Google account settings.

Data Recipients

Personal data may be shared with the following recipients:

  • Google Cloud Platform: data hosting and processing (sub-processor)
  • Payment provider: secure transaction processing
  • Analytics tools: audience measurement and Service improvement (where applicable)

Vectail does not sell or rent Users' personal data to third parties.

International Data Transfers

Data is hosted on Google Cloud Platform, whose servers may be located outside the European Union (including the United States). These transfers are governed by:

  • The EU-US Data Privacy Framework (DPF), to which Google LLC adheres
  • Standard Contractual Clauses (SCCs) adopted by the European Commission

Vectail ensures that these transfers provide an adequate level of protection in accordance with GDPR requirements.

Your Rights

Under the GDPR, you have the following rights:

  • Right of access: obtain confirmation that data about you is being processed and receive a copy
  • Right to rectification: have inaccurate or incomplete data corrected
  • Right to erasure: request deletion of your data in cases provided for by law
  • Right to object: object to the processing of your data on legitimate grounds
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to restriction: request restriction of processing in certain cases

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with your local supervisory authority (in France: the CNIL).

Cookies

The Vectail website uses cookies to ensure it functions properly and to improve the user experience:

  • Essential cookies: necessary for the website to function (session, authentication). These cookies do not require your consent.
  • Performance cookies: audience measurement and statistical analysis (subject to your consent).

You can manage your cookie preferences at any time through your browser settings.

Changes to This Policy

Vectail reserves the right to modify this privacy policy at any time. The date of the last update is shown at the bottom of this page. Users are encouraged to review this policy regularly.

Last updated: March 2026