Privacy Policy

PRIVACY POLICY AND PERSONAL DATA PROTECTION
Projet 520 (SASU)

Effective version: January 28, 2026

Data Controller

The company Projet 520, a simplified joint-stock company with a single shareholder (SASU), is responsible for processing personal data collected in connection with the use of its website, its subscription-based digital services, and its computer hardware sales activities.

2. Geographic Scope

This privacy policy applies to all users and customers, regardless of their country of residence.

3. Personal Data Collected

As part of the subscription to and use of digital services, Projet 520 may collect the following categories of data:

- identification data (last name, first name, email address, phone number);
- data related to the customer account and billing;
- data related to support requests;
- technical data strictly necessary for service execution (device status, configuration information, technical logs related to filtering).

Projet 520 does not collect or access users' private personal content (messages, photos, videos, files, or communications).

As part of the sale of computer hardware, Projet 520 may also collect the following data:

- billing and delivery postal address strictly necessary for shipping and delivery of ordered products;
- information related to orders, deliveries, and returns;
- purchase history;
- data necessary for after-sales service management and legal warranties.

4. Purpose of Processing

Personal data is collected only for the following purposes:

- management of customer accounts and subscriptions;
- provision, configuration, and maintenance of digital services;
- technical assistance and support;
- billing and payment management;
- service security and abuse prevention;
- execution of computer hardware sales contracts;
- management of deliveries, returns, legal warranties, and after-sales service, the postal address being used exclusively for these purposes.

5. Legal Basis for Processing

The processing of personal data is based on:

- the performance of a contract (General Terms and Conditions of Sale and General Terms of Service);
- compliance with legal and regulatory obligations, particularly accounting and tax obligations;
- the legitimate interest of Projet 520 in ensuring the security and proper functioning of its services and the management of its commercial activities.

6. Data Recipients

Personal data is accessible only by Projet 520 and, where applicable, by its technical or logistical service providers strictly necessary for the execution of services or sales (website hosting providers, payment solutions, delivery service providers).

7. Data Transfers Outside the European Union

As part of the provision of services or the sale of hardware to customers located outside the European Union, certain personal data may be processed or hosted outside the European Union.

In such cases, Projet 520 ensures that such transfers are governed by appropriate safeguards in accordance with applicable regulations, such as standard contractual clauses approved by the European Commission or any other recognized adequate measure.

8. Data Retention Period

Personal data is retained for the duration of the contractual relationship.

It may then be archived:

- for the legally required periods applicable to accounting, tax, and commercial obligations;
- for the period necessary to exercise or defend legal claims;
- for the duration of legal warranties applicable to the sale of computer hardware.

9. Data Concerning Minors

When the service concerns a minor, personal data is processed exclusively on the instructions of the holder of parental authority, in accordance with the General Terms of Service.

10. Data Security

Projet 520 implements appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of personal data.

11. User Rights

In accordance with applicable regulations, users have the following rights:

- right of access;
- right to rectification;
- right to erasure;
- right to restriction of processing;
- right to object;
- right to data portability.

12. Exercising Rights

Any request relating to the exercise of these rights may be sent by email to:

support@projet520.com

13. Absence of Automated Decision-Making

Projet 520 does not carry out any personal data processing based on automated decision-making or profiling.

14. Modification of the Policy

This privacy policy may be modified at any time to reflect legal, regulatory, or technical developments.

15. Applicable Law

This privacy policy is governed by French law.

 

Specific Provisions Relating to the Projet520 Mobile Application

1. General Operation

The Projet520 mobile application is a digital protection solution installed on Android devices.

It allows the implementation of technical mechanisms restricting or blocking certain device features or content.

Its operation relies on a deliberately restrictive mechanism expressly accepted by the subscription holder when subscribing to the General Terms of Service.

This restriction constitutes an essential and contractual feature of the service.

2. Client Code Verification via Firebase

During the initial activation of the application:

- the user enters a client code;
- this code is verified securely against a database hosted via Firebase.

This verification serves only to confirm the validity of the subscription.

During this process:

- no data relating to the personal content of the device is transmitted;
- no behavioral data is analyzed;
- no usage data is collected.

Communications are secured using standard encryption protocols (HTTPS/TLS).

3. Protection PIN Code

After validation of the client code:

- a PIN code associated with the account is retrieved from the secure database;
- this PIN code is stored locally on the device;
- it is stored in encrypted form.

This PIN code is used to:

- prevent unauthorized deactivation of the application;
- restrict modification of protection settings;
- prevent unauthorized uninstallation.

The user cannot freely modify this PIN code within the application.

4. Uninstallation and Deactivation

The application can only be uninstalled after authorized deactivation.

This deactivation:

- occurs upon explicit request from the subscription holder;
- is systematically authorized by the subscription holder;
- requires validation using the PIN code associated with the account.

This deliberately restrictive mechanism is expressly provided for in the General Terms of Service and accepted upon subscription.

It constitutes an essential contractual component of the protection service.

5. System Permissions

In order to ensure its functionality, the application may require:

- activation of the accessibility service;
- device administrator status (Device Admin).

These permissions are used exclusively to:

- block certain configured features;
- maintain the integrity of protection settings;
- prevent unauthorized uninstallation.

They are not used for any other purpose.

6. Data Not Collected

The application does not collect or process:

- message content;
- photos, videos, or personal files;
- Google, YouTube, WhatsApp, or other third-party account credentials;
- browsing data;
- geolocation data;
- contacts.

No data is used for advertising purposes.

The application contains no advertising modules and no third-party tracking mechanisms.