Last updated: 8 April 2026

Privacy Policy

Preamble

FinLearn (SASU — SIREN 103 117 438), hereinafter "FinLearn" or "the Data Controller", attaches great importance to protecting its users' personal data. This Policy describes the data collected, the purposes of its processing and your rights, in accordance with the GDPR (EU 2016/679) and the amended French Data Protection Act.

1. Data Controller

  • Entity: FinLearn (SASU) — SIREN 103 117 438
  • Representative: Paul Aubry, President
  • Contact: paul@finlearn.fr

2. Data Collected

2.1 Data provided directly

  • First name and surname
  • School / educational institution
  • Email address
  • Progress data in educational paths

2.2 Automatically collected data

  • IP address
  • Browser type and navigation data
  • Cookie data (see section 7)

3. Purposes and Legal Bases

  • Creating and managing your account — Legal basis: performance of contract (Terms of Use)
  • Educational progress tracking — Legal basis: performance of contract
  • Platform-related communications — Legal basis: legitimate interest / consent
  • Service improvement and audience analytics — Legal basis: legitimate interest
  • Legal obligations — Legal basis: legal obligation

4. Retention Period

  • Active account data: for the entire duration of use
  • After account deletion: maximum 3 years
  • Navigation data / cookies: maximum 13 months
  • Aggregated audience-measurement events: maximum 25 months

5. Data Recipients

Your data is neither sold nor rented. It may be shared with:

  • Technical hosting providers (Google Cloud EMEA Limited), bound by GDPR clauses
  • Corporate partners: aggregated and anonymised data only. No identifying data without your explicit consent
  • Competent authorities in case of legal obligation

6. Transfers outside the European Union

FinLearn uses the hosting services of Google Cloud EMEA Limited, whose servers are located within the European Union (Ireland). The main data processing therefore takes place within the EEA.

Certain third-party technical services may involve transfers outside the EU. Where applicable, FinLearn ensures these transfers are governed by appropriate safeguards in accordance with Article 46 of the GDPR. The list of sub-processors can be provided upon request to paul@finlearn.fr.

7. Cookies

A consent banner allows you to accept or reject non-essential cookies on your first visit.

  • Strictly necessary cookies: session and authentication. No consent required.
  • Analytical cookies: anonymised audience measurement. Subject to consent.
  • First-party audience measurement: anonymised (truncated IP), no cross-site tracking, aggregated statistics only. Exempt from consent under CNIL guidelines. You can opt out at any time from your account settings.

8. Your Rights

In accordance with the GDPR, you have the rights of access, rectification, erasure, restriction, portability and objection.

To exercise your rights, contact us at paul@finlearn.fr. FinLearn undertakes to respond within one month of receiving your request, in accordance with Article 12 of the GDPR.

If you are unsatisfied with the response, you may lodge a complaint with the CNIL: www.cnil.fr

9. Security

FinLearn implements appropriate measures: HTTPS encryption, access controls, regular updates.

10. Minors

For users under 15 years of age, the consent of a legal representative is required. FinLearn does not knowingly collect data from children under 15 without such consent.

11. Changes

Any substantial change will be notified to you by email or on the platform.