Privacy Policy

This Privacy Policy describes how Landa Vision SAS ("we", "us", or "the Company"), operating the Solsice platform accessible at solsice.com, collects, uses, stores, and protects your personal data in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation — GDPR) and the French Loi Informatique et Libertés (Law No. 78-17 of 6 January 1978, as amended).

1. Data Controller

The data controller responsible for processing your personal data is:

• Landa Vision SAS
• Registered office: 53 rue Hippolyte Lozier, 27320 Nonancourt, France
• Email: privacy@solsice.com

2. Personal Data We Collect

2.1 Data You Provide Directly

• Identity and contact information: name, email address, username, profile picture
• Account credentials (password hash — we never store plain-text passwords)
• Content you publish on the platform (posts, comments, debate contributions)
• Payment and billing information when purchasing tokens (processed by our payment provider; we do not store full card numbers)
• Communications you send us (support requests, feedback)

2.2 Data Collected Automatically

• Technical data: IP address, browser type and version, operating system, device type
• Usage data: pages visited, features used, timestamps, session duration
• Cookies and similar technologies (see our Cookie Policy)
• Analytics data collected via self-hosted PostHog (no data shared with third-party analytics providers)

2.3 Data from Third-Party Authentication

If you sign in via Google or GitHub, we receive your public profile information (name, email, profile picture) as authorized by you during the OAuth flow. We do not access your contacts, repositories, or any other private data.

3. Legal Bases for Processing (GDPR Art. 6)

4. How We Use Your Data

• Providing, operating, and maintaining the Solsice platform
• Creating and managing your user account
• Processing transactions (token purchases, debate fees)
• Sending service-related notifications (debate results, system alerts)
• Providing customer support
• Analyzing usage to improve features and user experience
• Detecting, preventing, and addressing fraud, abuse, or security issues
• Complying with legal obligations

5. Data Sharing and Recipients

We do not sell your personal data. We may share data with the following categories of recipients:

• Hosting and infrastructure providers: Hetzner (EU servers), Supabase (database), Amazon S3 (file storage)
• Authentication provider: Supabase Auth
• Payment processor: Stripe (PCI-DSS compliant)
• Email delivery: Resend
• AI model providers: OpenRouter (for LLM inference — only anonymized prompt data is sent; no personal data)
• Legal authorities: when required by applicable law, regulation, or court order

All service providers are bound by data processing agreements (DPAs) ensuring GDPR-compliant data handling.

6. International Data Transfers

Some of our service providers may process data outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, including:

• EU adequacy decisions (GDPR Art. 45)
• Standard Contractual Clauses approved by the European Commission (GDPR Art. 46(2)(c))
• EU-US Data Privacy Framework certification where applicable

7. Data Retention

• Account data: retained for the duration of your account, plus 3 years after deletion for legal compliance
• Transaction records: retained for 10 years (French commercial law obligation)
• Analytics data: anonymized or deleted after 26 months
• Server logs: retained for 12 months
• Content you publish: retained until you delete it or close your account

8. Your Rights Under GDPR

Under the GDPR and French data protection law, you have the following rights:

• Right of access (Art. 15): obtain a copy of your personal data
• Right to rectification (Art. 16): correct inaccurate or incomplete data
• Right to erasure (Art. 17): request deletion of your data ("right to be forgotten")
• Right to restriction of processing (Art. 18): limit how we process your data
• Right to data portability (Art. 20): receive your data in a structured, machine-readable format
• Right to object (Art. 21): object to processing based on legitimate interests
• Right to withdraw consent (Art. 7(3)): withdraw consent at any time without affecting lawfulness of prior processing
• Right to lodge a complaint: you may file a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés), 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France — www.cnil.fr

To exercise any of these rights, please contact us at privacy@solsice.com. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption in transit (TLS/HTTPS) and at rest
• Secure password hashing (bcrypt)
• Role-based access controls
• Regular security audits and monitoring
• EU-based primary infrastructure (Hetzner, Germany)

No system is 100% secure. In the event of a data breach, we will notify affected users and the CNIL within 72 hours as required by GDPR Art. 33.

10. Children's Privacy

Solsice is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data promptly.

11. Automated Decision-Making

Solsice uses artificial intelligence models to generate financial analysis, debate arguments, and content moderation decisions. These AI-generated outputs are informational in nature and do not constitute automated decisions producing legal effects or similarly significant effects concerning you within the meaning of GDPR Art. 22.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the platform. The "Last updated" date at the top of this page indicates when this policy was last revised.