Last updated: 15.05.2025
1. Who We Are
MotoEditor, a société par actions simplifiée (SAS) incorporated in France, is the “data controller” for the personal data collected through motoeditor.com, its sub-domains, APIs, and desktop or mobile applications (collectively, the “Service”).
2. Scope
This Policy explains how we collect, use, share and secure your personal data when you: create an account, purchase a subscription or tokens, upload ECU files, contact support, visit our website, or otherwise interact with MotoEditor.
3. What Data We Collect
| Category | Examples | Source | Required? |
|---|---|---|---|
| Account & identity | Name, username, e-mail address, password hash | You | Yes (contract) |
| Billing | Postal address, VAT number, last 4 digits of card, PayPal ID | You / Payment processor | Yes (legal & contract) |
| Device & usage | IP address, browser fingerprint, log files, crash reports | Automatic | Yes (legitimate interest) |
| Uploaded content | ECU firmware, map files, comments, support attachments | You | Optional |
| Marketing consents | Newsletter opt-in status, cookie preferences | You | Optional (consent) |
We do not knowingly collect data about children under 16 years of age.
4. Why We Process Your Data & Legal Bases
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Create and manage user accounts; deliver tokens and downloads | Contract (Art. 6 (1)(b)) |
| Process payments and comply with French accounting law | Legal obligation (Art. 6 (1)(c)) |
| Prevent fraud, secure the Service, keep audit logs | Legitimate interests (Art. 6 (1)(f)) |
| Send product updates or marketing newsletters | Consent (Art. 6 (1)(a)) |
| Develop new ECU definitions via aggregated analytics | Legitimate interests (Art. 6 (1)(f)) |
| Comply with export-control or motorsport regulations | Legal obligation |
5. Cookies & Tracking Technologies
We use:
- Strictly necessary cookies – authentication, load-balancing.
- Analytics cookies – Matomo (self-hosted) to measure site traffic. Set only after opt-in via our cookie banner.
- Marketing cookies – None by default; if introduced, we will request prior consent.
You can change or withdraw consent at any time via the “Cookie Settings” link in our footer, in line with CNIL’s guidance on consent granularity. consentmo.com
6. Automated Decision-Making
When you upload a firmware file, our algorithms may automatically detect the ECU type and suggest compatible tuning maps. This profiling does not produce legal or similarly significant effects as defined in GDPR Art. 22. You may request human review via support.
7. Who Receives Your Data
We share data only when necessary:
| Recipient | Purpose | Safeguards |
|---|---|---|
| GoDaddy (France/EU) | Web & database hosting | EU servers, ISO 27001 |
| Stripe / PayPal | Payment processing | PCI-DSS, EU SCCs if outside EEA |
| Mailjet | Transactional e-mails | EU data center |
| Professional advisers | Accounting, legal | Confidentiality clauses |
| Public authorities | Tax, anti-fraud, court orders | Legal obligation |
We never sell or rent your personal data.
8. International Transfers
If a recipient is located outside the European Economic Area, we rely on:
- An adequacy decision (e.g., Andorra, UK); or
- Standard Contractual Clauses (SCCs) plus supplementary measures.
9. Retention Periods
| Data set | Retention rule |
|---|---|
| Account data | Active account + 5 years (French Civil Code prescription) |
| Financial records | 10 years (Art. L123-22 French Commercial Code) |
| Support tickets | 3 years after closure |
| Firmware uploads | Until you delete them or account closure + 30 days |
| Analytics logs | 13 months (CNIL recommendation) |
10. Security
We implement encryption in transit (TLS 1.3) and at rest (AES-256), least-privilege access control, regular penetration tests, and multi-factor authentication for staff accounts, in line with CNIL’s 2025 focus on enhancing security of online services. Hunton Andrews Kurth
11. Your Rights
Under GDPR you may:
- Access your personal data;
- Rectify inaccurate data;
- Erase data (“right to be forgotten”);
- Restrict processing;
- Object to processing based on legitimate interests or direct marketing;
- Port your data to another provider;
- Withdraw consent at any time (no effect on past processing). Alation
Submit requests at [email protected]. We will respond within one month.
12. Data Breach Notification
If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify CNIL within 72 hours and affected users without undue delay.
13. Links to Third-Party Sites
Our website may contain links to external sites (e.g., hardware vendors, forum posts). We are not responsible for their privacy practices.
14. Changes to This Policy
We may update this Policy to reflect regulatory changes (e.g., forthcoming ePrivacy Regulation) or new processing activities. Material changes will be announced at least 30 days in advance via e-mail and an in-app banner. Continued use after the effective date constitutes acceptance.
15. Contact
For any privacy-related question:
MotoEditor – DPO
E-mail: [email protected]
