Privacy policy

Last updated : 2026-05-03
⚠️ Draft — review with a lawyer before going live.

1. In short

Your files never leave your browser. Namyfixer is an application that runs entirely client-side. No file you drop into it is transmitted to our servers.

The only data we collect is:

  • Your email, only if you create an account or purchase a paid plan (for sign-in, billing, and license key delivery).
  • A language preference cookie (rf_lang) if you change the language manually.
  • A session cookie (rf_session) once signed in, to keep you authenticated.

2. Data controller

The data controller is the website editor (see legal notice).

3. Data collected and purposes

3.1. Free usage

None. The application runs entirely in your browser via modern Web APIs (File System Access, fflate). No file or filename is transmitted to our servers.

3.2. Paid plans

On purchase, we process:

  • Email: to send you the license key and invoices.
  • Billing country: for VAT (collected by Stripe).
  • Stripe customer ID: to manage subscriptions and refunds.

We do not store any payment data (card numbers, etc.). Stripe is the exclusive payment processor.

3.3. Cookies

A single cookie is set: rf_lang (language preference, 1-year duration). It contains no personal data. No tracking, analytics, or advertising cookies are used.

Therefore, no consent banner is required under GDPR.

4. Data processors

We use the following GDPR-compliant processors:

  • Google Firebase (Firebase Authentication) — magic-link email authentication. Only your email, an anonymous unique identifier (UID) and sign-in timestamps are stored. No file data passes through Firebase. Firebase policy.
  • Stripe Payments Europe Ltd — payments and billing. Stripe privacy policy.
  • O2switch SAS — hosting (servers in France). O2switch policy.
  • Resend, Inc. — transactional emails (license keys, invoices). Resend policy.

5. Retention

  • Billing data: 10 years (French legal requirement).
  • Contact email: as long as your account or license is active, then deleted on request.
  • Cookie rf_lang: 1 year, or until manually deleted in your browser.

6. Your rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access and copy
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object

To exercise these rights, write to florian@dronii.com. You will receive a response within 30 days.

You also have the right to lodge a complaint with the CNIL (French data protection authority) or your local DPA.

7. Security

All site communications are encrypted in HTTPS (TLS 1.3). Payments are handled by Stripe (PCI DSS Level 1). License keys are cryptographically signed (Ed25519) to prevent forgery.

8. Changes

This policy may be updated. The date at the top of this page reflects the latest version. Substantial changes will be notified by email to users with active accounts.