Privacy policy
How we protect your personal data.
Version 2.0 — effective since 17 May 2026. This policy may be updated. In the event of a material change (new purpose, new sub-processor, extended retention period), we will notify you and, where required, seek your consent again.
Data controller
The data controller for your personal data is:
UITGuard — sole proprietorship
Legal representative: Tardy Christophe
Address: 12 chemin de longuemare, 78270 Cravent, France
SIRET: 979 263 225 00018
Data protection contact email: contact@uitguard.com
You may also lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), the French data protection authority: 3 place de Fontenoy, 75007 Paris — www.cnil.fr
Data collected
In the course of operating the Mon Écrin service, we collect the following data:
- Identification data: name, email address
- Connection data: IP address, browser type, pages viewed, date and time of access
- Device data: device identifier, model, storage capacity
- Media file metadata: file name, size, type, capture date, checksum (the files themselves are stored on the storage destination you have chosen)
- Cookies: strictly necessary session cookies
Metadata and geolocation
When you back up photos, the EXIF metadata embedded in the files (technical information, capture date, and where applicable geolocation data) is preserved with the original file. This metadata is encrypted at rest (AES-256-GCM) in the same way as your files. No extraction, analysis, or exploitation of this metadata is carried out by us.
Use of data and legal bases
Your data is used for the purposes described below, each based on a legal basis in accordance with Article 6 of the GDPR:
| Data | Purpose | Legal basis (Art. 6 GDPR) |
|---|---|---|
| Identification (name, email) | Account and subscription management | Performance of contract — Art. 6.1.b |
| Connection data (IP, browser) | Security, abuse prevention | Legitimate interest — Art. 6.1.f |
| Device data and file metadata | Synchronisation and service operation | Performance of contract — Art. 6.1.b |
| Payment data (via Stripe) | Subscription management and billing | Performance of contract — Art. 6.1.b |
| Technical session cookies | Authentication and operation | Performance of contract — Art. 6.1.b |
| Diagnostics and sync reports | Service improvement, error resolution | Legitimate interest — Art. 6.1.f (opt-out available) |
Diagnostics and sync reports
The mobile app may collect anonymised diagnostic data (sync reports, performance metrics) to improve service reliability and resolve errors. These reports contain no personally identifiable data or file names.
You can disable this collection at any time from the mobile app settings, under "Privacy" → "Diagnostics and reports".
Cookies and similar technologies
Mon Écrin uses only technical cookies necessary for the operation of the service (session management, authentication). No advertising, tracking, or behavioural analysis cookies are used.
You can configure your browser to reject cookies, but this may affect the operation of the service.
Sub-processors and data recipients
We never sell your personal data. In accordance with Article 28 of the GDPR, we use sub-processors bound by contract (DPA) to provide the service:
| Sub-processor | Purpose | Location |
|---|---|---|
| OVHcloud (Object Storage S3) | Hosting of encrypted files and the database | France (Paris, 3-AZ datacenters) |
| Stripe Payments Europe Ltd. | Credit card payment processing (web channel) | European Union (Ireland) — card data not transmitted to UITGuard |
| Google Play Billing (Google Ireland Ltd.) | Payment and subscription processing for Android app users | European Union (Ireland), with possible transfers outside the EU governed by the European Commission's standard contractual clauses |
| Transactional SMTP provider | Sending service emails (verification, notifications, invoices, security alerts) | European Union |
Your data may also be disclosed to competent administrative or judicial authorities upon legal request, under the conditions provided by law.
All sub-processors are bound by a Data Processing Agreement (DPA) including obligations of confidentiality, security, and breach notification within 72 hours.
Data transfers outside the European Union
Your personal files (photos, videos, documents) and their metadata are stored exclusively in France, on OVHcloud infrastructure in Paris. No transfer of this data takes place outside the European Union.
Certain technical data (transaction identifiers, in-app payment validation via Google Play Billing) may transit through Google infrastructure located outside the EU. These transfers are governed by the standard contractual clauses approved by the European Commission (Decision (EU) 2021/914 of 4 June 2021), ensuring a level of protection equivalent to that required by the GDPR.
Android mobile app — permissions and data
The Android app requests certain Android permissions necessary for automatic backup. Each permission is requested with a contextual explanation and can be denied. Denying certain permissions prevents the service from functioning.
- Access to photos and videos (READ_MEDIA_IMAGES, READ_MEDIA_VIDEO): required to read the files to be backed up. No file is sent without your initial consent via the onboarding screen.
- Access to files (documents) (MANAGE_EXTERNAL_STORAGE on Android ≤ 12, Storage Access Framework on Android 13+): required for backing up the Documents and Downloads folders when you enable it.
- Notifications (POST_NOTIFICATIONS): to display backup progress and alert in case of errors. Optional.
- Background service (FOREGROUND_SERVICE, WAKE_LOCK, REQUEST_IGNORE_BATTERY_OPTIMIZATIONS): to allow backup to run even with the screen off.
The app contains no advertising SDK, no third-party trackers, and does not use Google Analytics or any equivalent. The only outgoing network traffic is directed at our sovereign servers hosted in France.
Family accounts and member sharing
Family plans allow the account administrator to invite up to 5 members to share the subscribed storage space. In this context:
- Each member has their own account, their own files, and their own history: a member's photos are never visible to other members, except through a shared album explicitly created.
- The family account administrator has knowledge of the identity (first name, last name, email) of invited members and their aggregate storage usage (in GB), but has no access to the content of their files.
- The "protected" role (minors or dependents) allows the administrator to manage the subscription without access to the protected person's personal content.
- When a member leaves the family group, their data remains in their own individual account. No copy is retained by the administrator.
Minors
The service is not intended for minors under 15 years of age. In accordance with Article 8 of the GDPR and Article 45 of the French Data Protection Act (loi Informatique et Libertés), the consent of a minor under 15 must be given jointly by the minor and by the holder of parental authority.
Within family plans, the account administrator (holder of parental authority) may invite a minor via the "protected" role, which constitutes parental consent within the meaning of Article 8 of the GDPR for the creation and management of the minor's account.
If you find that a minor under 15 has an account without the required joint consent, please contact us at contact@uitguard.com so that we can delete the account without delay.
Data security
We implement technical and organisational measures to protect your data:
- Encrypted communications (HTTPS)
- File integrity verification (SHA-256 checksum)
- Strict access controls
- Passwords stored securely (hashing)
Data retention periods
- Account data (identification, preferences): for the duration of service use. Upon cessation of use, your data is deleted within 3 years of the last access, unless you request earlier deletion or object to any follow-up. No commercial solicitation is sent to you without your prior consent (Art. L34-5 of the French Postal and Electronic Communications Code).
- Files (photos, videos, documents) and metadata: as long as the account is active. Upon account deletion, a complete ZIP export is sent to you by email and remains downloadable for 2 months; your data is permanently purged at the end of this period (files on your phone are not affected by this server purge).
- Trash (deleted files): 1 year (365 days by default, configurable by the service administrator), after which files are permanently purged and unrecoverable. A warning email is sent 30 days before the purge.
- Connection data (IP, user-agent, access logs): 13 months maximum, in accordance with CNIL recommendations.
- ZIP download links (GDPR export): 72 hours, then automatic deletion of the link and the temporary ZIP file.
- Billing data (invoices, transactions): 10 years from the date of invoice issuance, as required by French accounting and tax law (Art. L123-22 of the Commercial Code). Data is anonymised upon account deletion (the user's name is replaced by an internal identifier).
- Consents (agreements, withdrawals, accepted version): for the duration of service use, then 5 years after cessation, for evidentiary purposes in case of a claim.
- Diagnostics and sync reports: 90 days, in anonymised form (no user identifier or file name).
- Data breach notifications: 5 years from the date of notification, for evidentiary purposes.
Your rights
In accordance with Articles 15 to 22 of the GDPR, you have the following rights:
- Right of access (Art. 15): obtain confirmation that your data is being processed and receive a copy. Accessible directly from your dashboard and the mobile app, under "Privacy".
- Right to rectification (Art. 16): correct inaccurate or incomplete data (editable from your profile).
- Right to erasure / right to be forgotten (Art. 17): request the deletion of your account and all your data via the "Delete my account" button in settings. A ZIP export of your files is sent to you by email and remains downloadable for 2 months. After this period, the server purge is final and irreversible (files on your phone are not affected).
- Right to restriction (Art. 18): restrict the processing of your data (suspend automatic backup, disable diagnostics).
- Right to data portability (Art. 20): receive your data in a structured, commonly used, and machine-readable format. The complete ZIP export (photos, videos, documents) is available from your dashboard, once per month.
- Right to object (Art. 21): object to the processing of your data based on legitimate interest (anonymised diagnostics).
- Right to withdraw consent (Art. 7): for processing based on consent, you may withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
- Right to issue post-mortem directives: in accordance with Article 85 of the French Data Protection Act, you may communicate your directives regarding the retention, deletion, and disclosure of your data after your death.
How to exercise your rights?
- Directly from the mobile app or your dashboard ("Profile" and "Privacy" sections), for most rights;
- By email to contact@uitguard.com;
- By post to: UITGuard, 12 chemin de longuemare, 78270 Cravent, France.
We undertake to respond to your request within one month of receipt, in accordance with Article 12 of the GDPR. This period may be extended by two months if the request is complex or numerous, in which case we will inform you.
Proof of identity may be requested in case of reasonable doubt about your identity (Article 12.6 of the GDPR).
Complaint to the CNIL — if you believe your rights are not being respected, you may lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), the French data protection authority: 3 place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07 — www.cnil.fr/fr/plaintes.
Automated decision-making and profiling
In accordance with Article 22 of the GDPR, we inform you that no decision producing legal effects concerning you or significantly affecting you is made on a solely automated basis using your data.
No commercial, behavioural, or advertising profiling is carried out. The generation of thumbnails from your files is an automated technical process strictly necessary for displaying the gallery: it does not constitute profiling or automated decision-making within the meaning of Article 22.
Data breach notification
In accordance with Articles 33 and 34 of the GDPR, in the event of a personal data breach likely to result in a risk to your rights and freedoms, we undertake to:
- Notify the CNIL within 72 hours of becoming aware of the breach;
- Inform you without undue delay if the breach is likely to result in a high risk to your rights and freedoms.
The notification will include the nature of the breach, the likely consequences, the measures taken or proposed to address it, and recommendations to mitigate any potential adverse effects.
Contact us
For any question regarding this privacy policy:
Email: contact@uitguard.com
Address: 12 chemin de longuemare, 78270 Cravent, France