Privacy policy
Last updated: May 22, 2026
This Privacy Policy explains how Zaineka processes personal data collected through zaineka.com and any related services operated by the publisher. It is written in compliance with the EU General Data Protection Regulation (GDPR) and the French Loi Informatique et Libertés.
1. Data controller
The data controller is Thomas Bernard, operating as a French entreprise individuelle under the commercial name Zaineka.
- Registered address: 78 Avenue des Champs-Élysées, 75008 Paris, France
- SIREN: 922 664 735
- Contact: contact@zaineka.com
No Data Protection Officer (DPO) has been appointed, as the conditions of Article 37 GDPR are not met. All privacy-related requests are handled directly at contact@zaineka.com.
2. Scope
This policy covers the website zaineka.com and all services operated by the publisher under the Zaineka name, including the waitlist signup and any future product released by the publisher. The policy will be updated to reflect the data processing activities of the product when it becomes available.
3. Data collected
3.1 Waitlist signup
When you join the waitlist, the following data is collected:
- Full name
- Email address
- Date and time of signup
- IP address (collected briefly for anti-abuse purposes, not stored long-term)
- Explicit consent record (timestamp and version of the policy accepted)
3.2 First-party UX measurement
The website operates an internal, first-party event tracking system to measure how the website is read and understood. The following pseudonymous data is collected:
- A session identifier (UUID v4) generated in your browser and stored in localStorage
- Event type (page view, scroll depth, clicks on key elements)
- Timestamp
- Page URL
- User agent (browser and operating system, in standard form)
No third-party analytics script is loaded. No fingerprinting technique is used. No advertising identifier is collected. The session identifier is not linked to your name or email within this system.
3.3 Server-side aggregated statistics
Cloudflare Workers Analytics and Cloudflare Pages Analytics produce aggregated, anonymous statistics at the infrastructure level (request volume, response times, error rates). No personal data is processed through these analytics.
3.4 Anti-bot protection
Cloudflare Turnstile performs an invisible verification at signup to prevent automated abuse. This verification is processed by Cloudflare and does not result in personal data being stored by Zaineka.
3.5 Inbound email
Any email sent to contact@zaineka.com is received through Cloudflare Email Routing. The content of these emails is processed solely to respond to the request.
4. Legal basis
| Purpose | Legal basis |
|---|---|
| Waitlist signup and follow-up communication | Explicit consent (Article 6.1.a GDPR) |
| First-party UX measurement | Legitimate interest (Article 6.1.f GDPR): improving the website without third-party profiling |
| Anti-abuse protection (Turnstile, IP) | Legitimate interest (Article 6.1.f GDPR): protecting the integrity of the service |
| Response to inbound email | Performance of pre-contractual steps at the request of the data subject (Article 6.1.b GDPR) |
Consent for the waitlist is collected through an unchecked opt-in box at signup. Consent can be withdrawn at any time by emailing contact@zaineka.com.
5. Recipients of the data
Personal data is accessed only by the publisher. The following processors are involved in the technical infrastructure:
- Cloudflare, Inc. (United States): hosting, database, anti-bot, inbound email routing, administrative access, infrastructure analytics. A Data Processing Addendum is in place.
- OVH SAS (France): domain registration. No personal data of users is shared with the registrar.
- The email service provider used by the publisher: outbound email for waitlist follow-up. Limited to the name and email address of the recipient.
No personal data is sold, rented, or shared with advertisers, brokers, or any third party for marketing purposes.
6. International transfers
Cloudflare is established in the United States. Personal data processed through its infrastructure may therefore be transferred outside the European Economic Area. These transfers are framed by the Standard Contractual Clauses adopted by the European Commission (Commission Implementing Decision (EU) 2021/914), supplemented by the Cloudflare Data Processing Addendum.
7. Retention
| Data | Retention period |
|---|---|
| Waitlist contact data (name, email) | 36 months from the last verifiable interaction |
| UX event data (pseudonymous) | 36 months from the last verifiable interaction |
| Consent record | Duration of the contact data retention, plus 3 years for evidence purposes |
| Inbound email content | As long as necessary to handle the request, then archived or deleted |
A verifiable interaction is defined as any of the following: a significant scroll (≥50%) on the website, the opening of or a reply to a Zaineka email, or a sign-in to the product once released. The retention clock restarts at each verifiable interaction.
8. Your rights
Under the GDPR, you have the right to:
- access your personal data (Article 15)
- rectify inaccurate data (Article 16)
- request erasure (Article 17)
- restrict processing (Article 18)
- object to processing based on legitimate interest (Article 21)
- receive your data in a portable format (Article 20)
- withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal
All requests can be sent to contact@zaineka.com. A response is provided within one month, in accordance with Article 12 GDPR.
You also have the right to lodge a complaint with the French data protection authority, the Commission Nationale de l'Informatique et des Libertés (CNIL), 3 Place de Fontenoy, 75007 Paris, France. www.cnil.fr.
9. Cookies
zaineka.com does not use advertising cookies, tracking cookies, or third-party cookies. The website uses a single technical mechanism in your browser's localStorage to store the pseudonymous session identifier described in section 3.2. This mechanism is strictly necessary to the first-party UX measurement and does not require consent under Article 82 of the French Loi Informatique et Libertés.
10. Security
Personal data is stored within Cloudflare D1, with access restricted through Cloudflare Access. All transmissions between your browser and the website are encrypted via TLS 1.3.
11. Children
The service is intended for adult professionals. No data is knowingly collected from individuals under 15. If you believe a minor has submitted personal data, please contact contact@zaineka.com for immediate erasure.
12. Changes to this policy
This policy may be updated to reflect changes in the service or applicable law. The version date is shown at the top of the document. Material changes will be communicated to waitlist subscribers by email.
13. Contact
For any question regarding this Privacy Policy or the processing of your personal data: contact@zaineka.com.