SkromaPASS LogoSkromaPASS

Privacy Policy

Protection of your personal data (GDPR)

SkromaPASS is committed to protecting the privacy of its users and complying with the General Data Protection Regulation (GDPR). This privacy policy explains how we collect, use, store and protect your personal data.

Data Controller

Controller: Buchs Matt

Address: 25300 Arçon, France

Email : mattbuchs25@gmail.com

Data Collected

Identification Data

  • First and last name
  • Email address
  • Password (encrypted)

Connection Data

  • IP address
  • Login date and time
  • Browser type
  • Operating system

Functional Data

  • Stored passwords (encrypted with AES-256)
  • Folders and categories created
  • Notes associated with passwords
  • User preferences

Purposes of Processing

We collect and process your personal data for the following purposes:

  • Creation and management of your user account
  • Authentication and securing access
  • Secure storage of your passwords
  • Improvement of our services
  • Communication with you (support, notifications)
  • Compliance with our legal obligations
  • Prevention of fraud and misuse

Legal Basis for Processing

Contract performance: The processing of your data is necessary for the execution of the SkromaPASS service.

Consent: You consent to the processing of your data by creating an account and using our services.

Legitimate interest: We process certain data to improve our services and ensure the security of the platform.

Data Security

The security of your data is our absolute priority. We implement advanced security measures:

  • Chiffrement AES-256 : All your passwords are encrypted with the AES-256 algorithm
  • Hachage bcrypt : Your master password is hashed with bcrypt
  • HTTPS : All communications are encrypted via SSL/TLS
  • Two-factor authentication (2FA): Optional additional protection
  • Secure servers: Hosted in certified data centers (Supabase EU-WEST-1)
  • Monitoring: Security logs and suspicious activity detection

Retention Period

Account data: Retained as long as your account is active

Connection logs: Retained for a maximum of 12 months

After account deletion: Permanent deletion within 30 days, unless required by law

Partage des données

SkromaPASS ne vend ni ne loue vos données personnelles.

Vos données peuvent être partagées uniquement dans les cas suivants :

  • Prestataires techniques : Hébergement (Vercel, Supabase), emails (Resend), protection anti-bot et analytique (Cloudflare) - sous contrat de confidentialité
  • Cloudflare Turnstile : Utilisé pour la protection anti-bot sur les formulaires (inscription, contact, réinitialisation de mot de passe). Traite les données selon la politique de confidentialité Cloudflare.
  • Cloudflare Web Analytics : Mesure d'audience respectueuse de la vie privée (sans cookies, sans traçage inter-sites). Collecte des statistiques anonymes de navigation (pages vues, performances).
  • Obligations légales : Si requis par la loi ou une autorité judiciaire
  • Protection des droits : Pour protéger nos droits, notre propriété ou la sécurité de nos utilisateurs

Your Rights (GDPR)

In accordance with the GDPR, you have the following rights:

Right of access

Obtain a copy of your personal data

Right to portability

Receive your data in a structured format

Right to erasure

Delete your data (right to be forgotten)

Right to rectification

Correct your inaccurate data

Right to restriction

Restrict the processing of your data

Right to object

Object to the processing of your data

To exercise your rights: Contact us at mattbuchs25@gmail.com or via the Contact.

Right to Lodge a Complaint

If you believe your rights are not being respected, you may lodge a complaint with the CNIL (French data protection authority) at: www.cnil.fr

Changes to This Policy

We reserve the right to modify this privacy policy at any time. Significant changes will be notified to you by email and/or via a notification on the platform.

Last updated: March 7, 2026