Privacy Policy | Storelevel

Introduction

This Privacy Policy explains how Storelevel (operated by Emmanuel Latour) collects, uses, stores, and protects your personal information when you use our website and services.

By using Storelevel, you agree to the collection and use of information in accordance with this policy.

Data Controller

Emmanuel Latour

Auto-Entrepreneur - France

Contact: Use the feedback form on our website

What Data We Collect

Account Information

Email address (required for registration and authentication)
Display name (optional)
Avatar image (optional)

Usage Data

Project information (e-commerce platform, progress, missions)
XP points, levels, and achievements
Streak data and activity timestamps
Mission notes and AI-generated content

Payment Information

Stripe Customer ID (for subscription management)
Subscription status and expiration date
Note: Credit card details are never stored on our servers - they are securely handled by Stripe

Technical Data

IP address and browser information (for security)
Session data and authentication tokens
Error logs and performance metrics

How We Use Your Data

We use your personal data for the following purposes:

Service Delivery: To provide and maintain our AI-powered e-commerce learning platform
Personalization: To generate personalized missions, tutorials, and recommendations
Authentication: To manage your account and secure access
Payment Processing: To process subscription payments via Stripe
Communication: To send important service updates and respond to your inquiries
Improvement: To analyze usage patterns and improve our service
Security: To detect and prevent fraud, abuse, and security incidents

Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on:

Contract Performance: Processing necessary to provide our service (Art. 6(1)(b) GDPR)
Consent: You have given explicit consent for specific processing activities (Art. 6(1)(a) GDPR)
Legitimate Interests: Processing necessary for our legitimate business interests (Art. 6(1)(f) GDPR)
Legal Obligations: Processing required to comply with legal requirements (Art. 6(1)(c) GDPR)

Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience:

Essential Cookies (Required)

Authentication tokens, session management, and security features. These cookies are necessary for the website to function and cannot be disabled.

Functional Cookies (Optional)

User preferences, language settings, and UI customization. These improve your experience but are not essential.

Analytics Cookies (Optional)

Usage statistics and performance metrics to help us improve the service. We may use privacy-focused analytics tools.

You can manage your cookie preferences through your browser settings. However, disabling essential cookies may prevent you from using certain features.

Data Sharing and Third Parties

We do not sell your personal data. We only share data with trusted third-party services necessary to operate our platform:

Supabase (Database & Auth)

Stores user accounts, project data, and activity logs. GDPR-compliant infrastructure.

Stripe (Payment Processing)

Handles all payment transactions and subscription management. PCI-DSS Level 1 certified.

Vercel (Hosting)

Hosts our website and handles deployment. GDPR-compliant cloud infrastructure.

OpenAI (AI Services)

Generates personalized missions and tutorials. Project data is sent to OpenAI API for processing.

Your Rights Under GDPR

As a European user, you have the following rights regarding your personal data:

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Correct any inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Data Portability

Receive your data in a machine-readable format.

Right to Restrict Processing

Limit how we use your data under certain circumstances.

Right to Object

Object to processing based on legitimate interests.

Right to Withdraw Consent

Withdraw consent at any time where we rely on it.

Right to Complain

Lodge a complaint with your local data protection authority.

To exercise any of these rights, please contact us using the feedback form on our website. We will respond within 30 days as required by GDPR.

Data Retention

We retain your data as follows:

Active Accounts: Data is retained as long as your account is active
Deleted Accounts: Personal data is deleted within 30 days of account deletion
Payment Records: Retained for 7 years for legal and tax compliance
Anonymous Analytics: May be retained indefinitely for service improvement

Data Security

We implement industry-standard security measures to protect your data:

Encryption in transit (HTTPS/TLS)
Encryption at rest for sensitive data
Secure authentication with Supabase Auth
Regular security audits and updates
Access controls and monitoring
Stripe PCI-DSS compliance for payments

International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States (Vercel, Stripe, OpenAI).

We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) and Privacy Shield frameworks where applicable.

Children's Privacy

Our service is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our website. Continued use of our service after changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your GDPR rights, please contact us using the feedback form in the footer of our website.

Last updated: February 10, 2026