Wisec Privacy Policy

Last updated: February 10, 2026

At Wisec, we are committed to protecting the privacy of your personal data. This Privacy Policy describes how we collect, use, process, and disclose your information when you use our platform.

1. Information We Collect

We collect the following types of information:

Registration and account information:

When you create an account, we collect your name, email address, password (encrypted), and information about your organization.

Purpose: Account creation and management, authentication, service provision.

Legal Basis: Performance of a contract.

Retention Period: Duration of the active contractual relationship (open account) + 3 years from account closure (for legal proof and litigation purposes).

CI/CD pipeline data:

We collect data from your CI/CD pipelines such as build logs, dependencies, commit details (author, hash, branch, modified/deleted files), security scores, detected anomalies, and IPFS CIDs. This data is essential to provide our traceability and anomaly detection services.

Purpose: Provision of traceability, anomaly detection, and security analysis services for CI/CD pipelines.

Legal Basis: Performance of a contract.

Retention Period: Duration of the active subscription for user-visible data. For historical data after termination/downgrade, according to the user's chosen plan. After this period, anonymization or definitive deletion. Ed25519 public keys are retained as long as the project is active for signature verification.

Technical and usage information:

We automatically record certain information about how you interact with our platform, including IP addresses, browser types, operating systems, pages visited, timestamps, and click data.

Purpose: Improving, personalizing, and developing our platform; understanding and analyzing how you use our platform; monitoring and preventing fraud and abuse.

Legal Basis: Legitimate interest (for platform security, performance, and improvement); Consent (for non-essential cookies and analytics).

Retention Period: IP addresses (anonymized or truncated if possible) and associated navigation identifiers (cookies) for 13 months for analytics. Raw IP addresses (if collected) for a maximum of 6 months for security logs.

Communications:

If you contact us directly, we may receive information about you such as your name, email address, the content of the message and/or attachments you send us, and other information you choose to provide.

Purpose: Responding to your questions, support requests, and complaints; improving customer service and products based on feedback.

Legal Basis: Legitimate interest (to respond to requests and improve service); Consent (for marketing communications if applicable).

Retention Period: Duration of the communication + 3 years from the last contact (for follow-up and service improvement, unless objection).

2. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain our Wisec platform.
Legal Basis: Performance of a contract.
Improve, personalize, and develop our platform.
Legal Basis: Legitimate interest.
Understand and analyze how you use our platform.
Legal Basis: Legitimate interest; Consent (for analytics cookies).
Develop new products, services, features, and functionalities.
Legal Basis: Legitimate interest.
Communicate with you, directly or through one of our partners, including for customer service, to provide you with updates and other information related to the platform, and for marketing and promotional purposes.
Legal Basis: Performance of a contract (for service updates); Consent (for marketing communications); Legitimate interest (for customer service).
Send emails (including alerts and notifications).
Legal Basis: Performance of a contract (for service-related emails); Consent (for promotional emails).
Monitor and prevent fraud and abuse.
Legal Basis: Legitimate interest; Legal obligation.
For legal and regulatory compliance purposes.
Legal Basis: Legal obligation.

3. Sharing Your Information

We do not share your personal information with third parties except in the following cases:

With service providers: We may share your information with third-party service providers who help us operate or improve the platform (e.g., hosting, data analytics, customer support, email services). These providers only have access to your information to the extent necessary to perform their functions and are bound by confidentiality obligations. Our main service providers include:
- Google Cloud (Google LLC): Hosting of the platform and data.
- Vercel Inc.: Hosting of the website.
- Mailjet SAS: Email sending and receiving services.
- Stripe Inc.: Payment processing services.
- Cloudflare Inc.: DNS services and web security.
- Qonto SAS: Professional banking.
We ensure that our service providers are compliant with GDPR and have appropriate contractual agreements in place.
For legal compliance: We may disclose your information if required by law or in response to valid requests from public authorities (e.g., a court or government agency).
Business transfers: In the event of a merger, acquisition, equity financing, reorganization, bankruptcy, receivership, or sale of assets, your information may be transferred to another entity.
With your consent: We may share your information with your consent or as per your instructions.

3.1 Data Transfers Outside the European Union/European Economic Area (EU/EEA)

Your personal data is primarily hosted on servers located within the European Union (Google Cloud, Vercel). However, some of our service providers, such as Stripe (for payment processing) and Cloudflare (for DNS and routing services), as well as Namecheap (for domain name registration), may transfer your data to countries outside the EU/EEA, notably the United States.

In such cases, we ensure that these transfers are governed by appropriate safeguards, in accordance with the GDPR, such as the Standard Contractual Clauses (SCCs) adopted by the European Commission, to ensure an adequate level of protection for your personal data. You can obtain a copy of these safeguards by contacting us at the address provided below.

4. Your Data Protection Rights

Depending on your location, you have certain rights regarding your personal data, including:

The right to access your personal data.
The right to rectify inaccurate data.
The right to erasure of your personal data.
The right to restrict the processing of your data.
The right to data portability.
The right to object to the processing of your data.
The right to lodge a complaint with a supervisory authority, notably the CNIL in France.

To exercise any of these rights, please contact us by email at privacy@wisec.io with the subject "Exercise of my GDPR rights". We will respond within one month. If you are not satisfied, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL).

5. Data Security

We use administrative, technical, and physical security measures designed to protect your information against loss, theft, and unauthorized access, use, and modification. However, no method of transmission over the Internet or electronic storage method is 100% secure.

6. Third-Party Links

Our platform may contain links to third-party websites or services that are not operated by us. We have no control over the content, privacy policies, or practices of these third-party sites or services and assume no responsibility for them.

7. Children's Privacy

Our service is not intended for children under the age of 13. We do not knowingly collect personally identifiable information from children under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us.

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will inform you of any changes by posting the new Privacy Policy on this page. We advise you to review this Privacy Policy periodically for any changes.

9. Contact Us

If you have any questions about this Privacy Policy, you can contact us:

Data Controller: PONS Thomas (Wisec)
Address: 17 rue du grisard, 69800 Saint-Priest, France
SIRET number: 10098018400012
By email: privacy@wisec.io

For Legal Mentions, please refer to our Legal Mentions page.