This is a draft prepared for the international market. It should be reviewed by qualified legal counsel before publication.
1. Who we are (Data Controller)
The controller responsible for the personal data processed through giramilleapp.com ("Site") is GIRAMILLE DANDICO PRODUCTIONS LIMITED, a company registered in England and Wales under company number 14163636, with its registered office at 66 Paul Street, London, United Kingdom, EC2A 4NA ("Giramille", "we", "us" or "our").
For any privacy matter, you can contact us at privacy@giramilleapp.com.
2. Scope
This Policy explains how we collect, use, share and protect personal data when you use the Site to learn about and purchase a Giramille plan. The Giramille app is covered by a separate App Privacy Policy.
3. The data we collect
3.1. Data you provide
- Registration and account: name and email address.
- Support: any information you choose to share when you contact us.
3.2. Data collected automatically
- IP address for country detection: used on our servers to display prices in the correct currency and to help prevent payment fraud. This lookup is performed by a local library on our servers (geoip-lite); your IP is not sent to external services for this purpose.
- Technical headers from the Cloudflare CDN: Cloudflare, acting as a content delivery network and abuse-protection layer, may inject and process headers containing the country of origin, a request identifier and similar data.
- Browser storage: used to store preferences such as the detected language and translation cache, and to keep your login session active. See our Cookie Policy.
3.3. Payment data
Payments are processed by ClickBank, our authorised retailer. We do not collect, store or process your card or banking details. ClickBank processes your payment data as its own controller under its own privacy policy.
4. How we use your data and our legal bases
Under the UK GDPR and the EU GDPR, we rely on the following legal bases:
- Performance of a contract: to create your account, issue your access token, manage your devices and send transactional emails.
- Legitimate interests: to secure the Site, prevent fraud and improve our service, balanced against your rights.
- Consent: for optional analytics, marketing communications and non-essential cookies. You can withdraw consent at any time.
- Legal obligation: to comply with applicable law, including tax and accounting duties.
5. Children's privacy
The Site is intended for adults (18+) who purchase a plan on behalf of a child. We do not knowingly collect personal data from children through the Site.
The Giramille app is designed for children aged 3 to 7 and is built to minimise data collection from children. Where United States law applies, we act in accordance with the Children's Online Privacy Protection Act (COPPA); where United Kingdom or European law applies, we act in accordance with the UK GDPR, the EU GDPR and the related protections for children (including the UK Age Appropriate Design Code). Details of how the app handles children's data are set out in the App Privacy Policy.
If you believe a child has provided us personal data without the consent of a parent or guardian, contact us at privacy@giramilleapp.com and we will delete it.
6. Sharing your data
We share personal data only as necessary, with:
- ClickBank — as retailer of record, to process your purchase, billing and refunds.
- Service providers — such as our hosting and infrastructure providers (for example, Google Firebase) and our transactional email provider (Resend), acting as processors on our behalf.
- Cloudflare — for content delivery and security.
- Authorities — where required by law or to protect our rights.
We do not sell your personal data.
7. International data transfers
Because we operate internationally, your data may be processed in countries outside your own, including the United Kingdom, the European Economic Area and the United States. Where data is transferred outside the UK or the EEA, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or the European Commission's Standard Contractual Clauses.
8. Data retention
We keep personal data only as long as necessary for the purposes described here: for the life of your account and, after closure, for the period required to meet legal, tax and accounting obligations, after which it is deleted or anonymised.
9. Your rights
Depending on where you live, you may have the right to access, correct, delete or port your data, to object to or restrict processing, and to withdraw consent. To exercise these rights, contact privacy@giramilleapp.com.
If you are in the UK or the EEA and believe we have not handled your data properly, you may lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner's Office, ico.org.uk).
10. Security
We use technical and organisational measures to protect your data, including encryption in transit, access controls and abuse protection. No method of transmission or storage is completely secure, but we work to protect your information against unauthorised access, loss or misuse.
11. Changes to this Policy
This Policy may be updated, with the new version taking effect on the date shown at the top of the document. Significant changes may be communicated by email.
12. Contact
Privacy questions can be sent to privacy@giramilleapp.com.