Privacy Policy

Introduction

This Privacy Policy describes how Copyright01.com collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and the French "Informatique et Libertés" Act.

Data Controller

• Controller: Copyright01
• Email: [email protected]

Data Collected

We collect the following data:

Upon Registration

• Full name
• Email address
• Password (stored in encrypted form)
• Country
• Company name (optional)

Upon Copyright Deposit

• Title and description of the creation
• Type of creation
• Uploaded file (stored encrypted using AES-256)
• SHA-256 digital fingerprint of the file
• Date and time of the deposit

Technical Data

• IP address (server logs)
• Browser type and operating system
• Pages visited and visit duration

Purposes of Processing

Your data is used for the following purposes:

• Service delivery: account creation, deposit of creations, certificate generation
• Security: protection against unauthorized access, fraud prevention
• Communication: notifications related to your account and deposits
• Service improvement: anonymized usage statistics

Legal Basis

• Performance of a contract: processing necessary to provide the deposit service
• Legal obligation: retention of data required by law
• Legitimate interest: service security and continuous improvement
• Consent: audience analytics cookies (Google Analytics, Ahrefs) and optional AI enrichment of deposits (Google Gemini)

Data Retention

• Account data: retained for the duration of account activity. Upon account deletion, personal data and associated files are deleted immediately. We recommend downloading your data before any deletion.
• Deposits and certificates: retained for the duration of account activity. Account deletion results in the permanent deletion of all associated deposits and certificates.
• Technical logs: 12 months maximum
• Billing data: 10 years (legal obligation)

Data Security

We implement technical and organizational measures to protect your data:

• AES-256-CBC encryption with HMAC for all deposited files
• HTTPS (TLS 1.3) for all communications
• Bcrypt hashing of passwords
• Dual SHA-256 hashing of files for integrity verification
• Security headers: CSP, HSTS, X-Frame-Options
• Daily encrypted backups

Data Sharing and Sub-processors

Your data is never sold or shared for commercial purposes.

It may be shared with the following sub-processors, strictly necessary for the operation of the service:

• OVH (France): server hosting and S3 object storage
• Stripe (United States): payment processing and subscription management
• Resend (United States): transactional email delivery
• Google (United States): reCAPTCHA v3 (anti-spam protection), Google Analytics (audience measurement), OAuth authentication
• Ahrefs (Singapore): website audience analytics
• Google Gemini API (United States): optional AI enrichment of deposits
• GitHub (United States): OAuth authentication
• Telegram (United Arab Emirates): internal administration notifications
• SociaVault (France): social media metadata extraction for URL deposits
• Cloudflare (United States): content delivery network (CDN), DDoS protection and reverse proxy for all traffic
• Judicial authorities: upon lawful request only

Some sub-processors are located in the United States. These transfers are governed by the European Commission's Standard Contractual Clauses (SCCs) and/or the EU-US Data Privacy Framework, in compliance with GDPR requirements.

Your Rights (GDPR)

In accordance with the GDPR, you have the following rights:

• Right of access: obtain a copy of your personal data
• Right to rectification: correct inaccurate data
• Right to erasure: request the deletion of your data
• Right to data portability: receive your data in a structured format
• Right to object: object to the processing of your data
• Right to restriction: restrict the processing of your data

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

You may also lodge a complaint with the CNIL (French National Commission on Informatics and Liberty).

Cookies

Copyright01.com uses the following cookies:

Essential cookies (strictly necessary)

• Session: maintains your login session (duration: session)
• CSRF: protection against cross-site request forgery (duration: session)
• Remember me: persistent login if enabled (duration: 30 days)

Third-party cookies (anti-spam protection)

• Google reCAPTCHA v3: spam protection on forms. This service may set cookies and collect browsing data for behavioural analysis. Google Privacy Policy.

Analytics cookies (subject to consent)

The following cookies are only set after your explicit consent:

• Google Analytics: audience measurement and site traffic statistics. Google Privacy Policy.
• Ahrefs Analytics: traffic and site performance analysis. Ahrefs Privacy Policy.

You may withdraw your consent at any time via the cookie banner accessible at the bottom of the page.

No advertising cookies are used by Copyright01.

Changes

We reserve the right to modify this Privacy Policy at any time. Changes will be published on this page with the updated date.