Privacy Policy

Last Updated: October 27, 2025

1. Introduction

Welcome to ScaleNix FOSS Teams ("we," "our," "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://blog.scalenix.org and use our services.

We are committed to protecting your privacy and complying with:

• RGPD (Règlement Général sur la Protection des Données)
• European GDPR (Regulation 2016/679)
• French Loi Informatique et Libertés (Law No. 78-17, modified in 2018)

2. Data Controller

ScaleNix FOSS Teams
Email: contact@scalenix.org
Website: https://blog.scalenix.org

3. Legal Basis for Processing

We process your personal data based on:

• Consent (GDPR Article 6(1)(a)) - when you subscribe to our newsletter or create an account
• Legitimate interest (GDPR Article 6(1)(f)) - for website analytics and security
• Contractual necessity (GDPR Article 6(1)(b)) - when you use authenticated features

4. Information We Collect

4.1 Information You Provide

When you interact with our platform, we may collect:

Account Registration:

• Email address
• Full name
• Password (encrypted)
• Role and permissions

Newsletter Subscription:

• Email address
• Subscription date

Contributor Applications:

• Full name
• Email address
• Portfolio URL (optional)
• Application message
• Submission date

Contact Forms:

• Name
• Email address
• Message content

4.2 Automatically Collected Information

Technical Data:

• IP address
• Browser type and version
• Device information
• Operating system
• Pages visited and time spent
• Referral source
• Access times and dates

Cookies and Tracking: We use minimal cookies for:

• Authentication (session management)
• User preferences
• Security features

We do NOT use:

• Advertising cookies
• Third-party tracking cookies
• Cross-site tracking

5. How We Use Your Information

5.1 Primary Uses

We use your information to:

1. Provide Services

   • Manage user accounts and authentication
   • Display personalized content
   • Enable contributor submissions
   • Send newsletter updates (with consent)

2. Communication

   • Respond to inquiries and support requests
   • Send important updates about the platform
   • Notify contributors about application status

3. Security and Compliance

   • Prevent fraud and abuse
   • Monitor and analyze platform usage
   • Comply with legal obligations
   • Enforce terms of service

4. Improvement

   • Analyze usage patterns (anonymized)
   • Improve user experience
   • Develop new features

5.2 We Do NOT:

• Sell your personal data to third parties
• Use your data for targeted advertising
• Share your data with marketing companies
• Process data for purposes incompatible with collection

6. Data Sharing and Disclosure

6.1 Third-Party Service Providers

We use trusted third-party services:

Supabase (Database & Authentication):

• Purpose: Database hosting, user authentication
• Location: EU/US data centers
• Privacy Policy: https://supabase.com/privacy
• Compliance: GDPR compliant

Resend (Email Service):

• Purpose: Transactional emails and newsletters
• Privacy Policy: https://resend.com/legal/privacy-policy
• Compliance: GDPR compliant

Hosting Provider:

• Purpose: Website hosting and delivery
• Location: Specified in service agreement
• Compliance: GDPR compliant infrastructure

6.2 Legal Disclosure

We may disclose your information when required by:

• French law or valid legal process
• Court orders or regulatory requests
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activities

6.3 Business Transfers

In the event of merger, acquisition, or asset sale, user data may be transferred. You will be notified of any such change.

7. Data Retention

We retain personal data only as long as necessary:

| Data Type | Retention Period | |-----------|------------------| | Account data | Until account deletion + 30 days | | Newsletter subscribers | Until unsubscription + 30 days | | Contributor applications | 2 years from submission | | Contact form submissions | 1 year from receipt | | Authentication logs | 90 days | | Audit logs (admin actions) | 2 years | | Analytics data | 13 months (anonymized) |

After retention periods, data is securely deleted or anonymized.

8. Your Rights Under GDPR

Under GDPR and French Loi Informatique et Libertés, you have the following rights:

8.1 Right to Access (Article 15)

Request access to your personal data and receive a copy.

8.2 Right to Rectification (Article 16)

Request correction of inaccurate or incomplete data.

8.3 Right to Erasure (Article 17)

Request deletion of your personal data ("right to be forgotten").

8.4 Right to Restriction (Article 18)

Request limitation of data processing under certain conditions.

8.5 Right to Data Portability (Article 20)

Receive your data in structured, machine-readable format.

8.6 Right to Object (Article 21)

Object to processing based on legitimate interests or direct marketing.

8.7 Right to Withdraw Consent (Article 7)

Withdraw consent at any time for consent-based processing.

8.8 Right to Lodge a Complaint

File a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés):

• Website: https://www.cnil.fr
• Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France

8.9 Exercising Your Rights

To exercise any of these rights, contact us at: Email: contact@scalenix.org

We will respond within one month (may be extended to 3 months for complex requests).

9. Data Security

9.1 Technical Measures

We implement industry-standard security measures:

• Encryption in transit (TLS/SSL)
• Encryption at rest for sensitive data
• Password hashing (bcrypt/argon2)
• Access controls and authentication
• Regular security audits
• Intrusion detection systems
• Secure hosting infrastructure

9.2 Organizational Measures

• Limited access to personal data (need-to-know basis)
• Employee/volunteer training on data protection
• Data processing agreements with third parties
• Regular security policy reviews

9.3 Breach Notification

In case of a data breach, we will:

• Notify the CNIL within 72 hours (if required)
• Inform affected users without undue delay
• Take immediate remedial actions
• Document the breach and response

10. Children's Privacy

Our platform is not intended for children under 16 (minimum age under GDPR for consent).

We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately for deletion.

11. International Data Transfers

11.1 EU/EEA Data

We primarily store data within the EU/EEA. When using services outside the EU:

• We ensure adequate safeguards (Standard Contractual Clauses)
• We verify GDPR compliance of service providers
• We assess data transfer impact

11.2 Data Transfer Mechanisms

• Standard Contractual Clauses (approved by European Commission)
• Adequacy decisions where applicable
• Binding Corporate Rules for service providers

12. Cookies and Tracking Technologies

12.1 Essential Cookies

Required for platform functionality:

• Session authentication
• Security features
• User preferences

You cannot disable essential cookies as they're necessary for the site to function.

12.2 Analytics Cookies

We use minimal analytics (anonymized) to:

• Understand usage patterns
• Improve user experience

You can disable analytics through browser settings.

12.3 Your Choices

• Browser settings: Configure cookie preferences
• Opt-out: Disable non-essential cookies
• Do Not Track: We respect DNT signals

13. Newsletter and Marketing

13.1 Subscription

Newsletter subscription is opt-in only. We will:

• Clearly identify emails as from ScaleNix FOSS Teams
• Include unsubscribe link in every email
• Honor unsubscribe requests within 48 hours
• Never share subscriber lists with third parties

13.2 Unsubscribe

You can unsubscribe at any time:

• Click "unsubscribe" in any newsletter email
• Contact us at contact@scalenix.org
• Manage preferences in your account settings

14. Third-Party Links

Our website may contain links to external sites. We are not responsible for:

• Privacy practices of third-party websites
• Content on external sites
• Data collection by third parties

Please review privacy policies of external sites before providing personal information.

15. Open Source and Public Information

15.1 Public Content

Content you publish on our platform (articles, projects, comments) may be:

• Publicly visible
• Indexed by search engines
• Shared under open source licenses

15.2 Attribution

Public contributions may include your name/attribution as per open source conventions.

16. Changes to This Privacy Policy

We may update this Privacy Policy to reflect:

• Changes in our practices
• Legal or regulatory requirements
• New features or services

Notification of Changes:

• Updated "Last Updated" date at the top
• Notice on the website for material changes
• Email notification for significant changes (if applicable)

Continued use of the platform constitutes acceptance of the updated policy.

17. Contact Us

For questions about this Privacy Policy or data protection:

Email: contact@scalenix.org
Website: https://blog.scalenix.org

Data Protection Officer (DPO):
Email: contact@scalenix.org

Response Time: We aim to respond within 5 business days.

18. Supervisory Authority

You have the right to contact the French data protection authority:

CNIL (Commission Nationale de l'Informatique et des Libertés)
Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
Phone: +33 1 53 73 22 22
Website: https://www.cnil.fr
Contact form: https://www.cnil.fr/fr/plaintes

---

Legal Compliance References

This Privacy Policy complies with:

1. RGPD / GDPR - Regulation (EU) 2016/679
2. Loi Informatique et Libertés - Law No. 78-17 (modified 2018)
3. ePrivacy Directive - Directive 2002/58/EC (amended)
4. Code de la consommation - Consumer protection law
5. French Civil Code - Data protection principles

Key Articles Referenced

• GDPR Articles: 6 (lawfulness), 7 (consent), 12-23 (data subject rights), 32 (security), 33-34 (breach notification)
• Loi Informatique et Libertés: Articles 40-48 (CNIL powers), 49-51 (data subject rights)

---

This Privacy Policy is designed to ensure full transparency and compliance with French and European data protection law while respecting the rights and privacy of all users.