Legal Notice & Privacy Policy

Last updated: March 2026 — Compliant with GDPR (EU 2016/679)

Legal Notice

Publisher: Socrate SAS
Registered office: [Address — to be completed]
Company registration: [SIREN/SIRET — to be completed]
VAT number: [FR — to be completed]
Publication director: Jean-Michel Autelli
Contact: legal@socrate.cc

Hosting: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA
Database: Cloudflare D1 (SQLite at the edge)
Email delivery: Resend Inc.

Privacy Policy

Data controller

Socrate SAS is the data controller for all personal data processed through the platform. Contact: privacy@socrate.cc

Data we collect

• Account data: email address, first name, last name (optional), professional details if applying as Expert
• Usage data: requests submitted, messages, timestamps, IP address (for security/rate-limiting), browser User-Agent
• Session data: authentication token stored in your browser’s localStorage; session record in our database
• Payment data: token transaction history. Card data is processed by Stripe and never stored on our servers.

Purposes and legal bases

• Contract performance (Art. 6.1.b): creating and managing your account, routing requests to Experts, delivering answers
• Legitimate interest (Art. 6.1.f): platform security, fraud prevention, rate limiting, abuse detection
• Legal obligation (Art. 6.1.c): retaining transaction records as required by French commercial law
• Consent (Art. 6.1.a): sending you platform updates and product news (you may withdraw at any time)

Data retention

• Account data: retained for the duration of your account plus 2 years after deletion request
• Request content: retained for 5 years for legal compliance and dispute resolution
• Session tokens: expire after 30 days of inactivity
• IP and security logs: 90 days

Data transfers

Your data is processed on Cloudflare’s global edge network. Cloudflare is certified under EU-US Data Privacy Framework. Email delivery uses Resend Inc. (USA), covered by Standard Contractual Clauses. No data is sold or shared with third parties for marketing purposes.

Your rights (GDPR)

Under GDPR you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate data
• Erase your data (“right to be forgotten”)
• Restrict or object to processing
• Portability — receive your data in a structured, machine-readable format
• Withdraw consent at any time for consent-based processing

To exercise any of these rights, email privacy@socrate.cc. We will respond within 30 days. You also have the right to lodge a complaint with the CNIL (Commission Nationale de l’Informatique et des Libertés) at www.cnil.fr.

Cookies and local storage

Socrate uses essential-only local storage (not third-party cookies):

• socrate_token — your authentication session token. Required to use the platform.
• socrate_user — basic profile info (email, role) for client-side display. No tracking.
• socrate_cookie_consent — your cookie consent preference.

We do not use Google Analytics, Facebook Pixel, or any third-party tracking cookies. You may clear localStorage at any time via your browser settings, which will sign you out.

Security

All data is transmitted over TLS. Sessions use cryptographically random 64-character tokens. Magic links expire after 15 minutes and are single-use. Bot protection is provided by Cloudflare Turnstile.

Changes to this policy

We may update this policy periodically. We will notify registered users by email for material changes. The “last updated” date above indicates the most recent revision.