Privacy policy
This policy explains how BébéDécrypte collects, uses, and protects your personal data. Designed to comply with EU GDPR (RGPD) and, where applicable, the Swiss Federal Act on Data Protection (FADP).
Who we are
BébéDécrypte is an independent European nutrition decoder operating at bebedecrypte.com. You can reach us at contact@bebedecrypte.com.
What we collect
Newsletter email if you subscribe, product interactions (searches, saved grades, comparisons) if you create an account, and basic technical data (approximate city location, browser, pages visited) through our privacy-respecting analytics. No payment data because the public site is free.
How we use it
To operate the site and its features (grading, personalized alerts, comparisons), to improve the additives database and the scoring algorithm through aggregated usage analytics, to respond to your enquiries, and to comply with legal obligations. We never sell personal data.
Legal basis
We process your personal data on the basis of consent (analytics cookies, marketing communications), legitimate interest (site operation, fraud prevention), and legal obligation (where required by law).
Who we share data with
Trusted service providers that help us operate the site (Supabase for database and auth, Cloudflare for hosting, Resend for transactional email) under strict data processing agreements. Affiliate partners receive only anonymous click referrals. We never sell data.
Your rights
Under GDPR you can request access to your data, correction of inaccurate data, deletion (right to be forgotten), restriction of processing, portability, and objection to certain processing. Write to contact@bebedecrypte.com and we reply within 30 days.
Retention
Account data is kept as long as your account is active. After deletion, minimal audit logs are kept for 90 days then purged. Usage analytics are anonymized after 13 months, per CNIL guidelines.
International transfers
Our primary servers are in the EU. When data transits to the United States (e.g. Resend), we rely on Standard Contractual Clauses and additional safeguards required by GDPR.
Complaints
If you feel your data rights have not been respected, you can complain to your local data protection authority. In France, the CNIL (cnil.fr). In Belgium, the APD (autoriteprotectiondonnees.be). In Switzerland, the PFPDT (edoeb.admin.ch).