Skip to main content
DataSouv
Audit

Official document

Records of processing activities

Last updated : 12 May 2026

DataSouv publishes its records of processing activities to publicly demonstrate that it applies to itself what it recommends to its clients. This document is updated with every change.

Processing 1 — Free audit tool

  • Purpose: Free assessment of the CNDP compliance of a public website, and retention of the score for internal statistical follow-up
  • Legal basis: Legitimate interest (awareness mission, statistics) and consent (sending of the full report)
  • Data categories: Submitted URL, SHA-256 hash of the IP address (rotating daily salt, non-reversible), User-Agent family (Chrome, Firefox, Bot…), country inferred by the host, optional email
  • Data subject categories: Visitors of the DataSouv website
  • Recipients: DataSouv team only
  • Processors: Vercel hosting (EU functions, SCCs for US control plane), Postgres Neon EU (Frankfurt), Anthropic (LLM analysis, see SCCs)
  • Retention period: Anonymised audits kept for 24 months for statistics, lead email kept for 24 months after last contact
  • Security measures: TLS 1.3, hardened HTTP headers, strict CSP, rate-limit, honeypot, SSRF protection, IP never stored in plain text

Processing 2 — Contact form

  • Purpose: Response to commercial and institutional requests
  • Legal basis: Consent (form submission), pre-contractual performance
  • Data categories: Name, email, phone (optional), company (optional), subject, message, SHA-256 hash of the IP (rotating daily salt), User-Agent family, country
  • Processors: Vercel hosting (EU functions, SCCs for US control plane), Postgres Neon EU (Frankfurt), Resend (transactional email, EU — see DPA)
  • Retention period: 24 months after last contact (status new, replied or archived), 6 months for messages flagged as spam
  • Security measures: Encrypted storage, admin access via HMAC-signed session, logging

Processing 3 — Client engagements

  • Purpose: Performance of audit and advisory services
  • Legal basis: Performance of a contract
  • Data categories: Client and technical referent contact details, technical data relating to the audited site
  • Retention period: Applicable statutory accounting period
  • Security measures: Encrypted storage, named access, contractual NDA

Processing 4 — Traffic statistics (private analytics)

  • Purpose: Measure traffic on public pages (views, unique visitors per day, top referrers) with no cookies or fingerprint, to steer editorial content
  • Legal basis: Legitimate interest (editorial site management). The CNIL/CNDP recognise strictly necessary and anonymised analytics as exempt from consent
  • Data categories: Page path, referrer host (without parameters), User-Agent family, SHA-256 hash of the IP with rotating daily salt (the plain-text IP is never stored, longitudinal correlation between days is impossible), country inferred by the host, bot/human indicator
  • Data subject categories: Visitors of the DataSouv website
  • Cookies: None. The count is server-side via an asynchronous server beacon (POST /api/internal/pv) triggered on every client navigation
  • Processors: Postgres Neon EU (Frankfurt), Vercel hosting
  • Retention period: 13 rolling months (continuous rotation), anonymised aggregates kept indefinitely

Processing 5 — Administrator accounts and logging

  • Purpose: Enable access to the DataSouv private admin area and trace sensitive actions (audit deletion, request handling, etc.)
  • Legal basis: Legitimate interest (IS security), internal contractual obligation
  • Data categories: Email, bcrypt hash of the password (cost 12), connection timestamps, failed attempts with hashed IP, active sessions (id, expiration, hashed IP, User-Agent family)
  • Data subject categories: DataSouv team members with an admin account (1 to 5 people maximum)
  • Processors: Postgres Neon EU (Frankfurt), Vercel hosting
  • Retention period: Accounts: duration of the contractual relationship. Sessions: 24h max. Login attempts: 90 days.
  • Security measures: Password minimum 16 characters, bcrypt 12 rounds, HMAC-SHA256 signed session, httpOnly + Secure + SameSite=Lax cookie, rate-limit 5 failures / 15 min / IP, attempt logging

Processing 6 — Detailed audit report payment

  • Purpose: Enable the purchase (999 MAD incl. tax) of the complete PDF report following the free audit, invoice issuance and delivery of the deliverable by email
  • Legal basis: Performance of a contract (the order initiated by the buyer)
  • Data categories: Buyer's email, attached audit_id, Stripe session and payment intent identifiers, amount, currency, status (created / paid / delivered / refunded), timestamps, SHA-256 hash of the IP with rotating daily salt, User-Agent family, country inferred by the host. No card data is processed or stored by DataSouv — hosted Stripe Checkout retains the full PCI-DSS perimeter on its side
  • Data subject categories: Buyers who launched a free audit and chose to obtain the detailed report
  • Processors:
    • Stripe Payments Europe (Ireland) — card data collection, transaction processing, anti-fraud. Stripe DPA activated for the Lifeora SRL account; standard contractual clauses included in the DPA for intra-Stripe transfers to the United States.
    • Resend (EU) — transactional email delivering the report and invoice.
    • Postgres Neon EU (Frankfurt) — order metadata.
  • Retention period: Orders 24 months (contractual + accounting obligation). No card data on the DataSouv side. Stripe retains data according to its own contractual and tax durations (see the Stripe DPA).
  • Security measures: Payment exclusively handled on the Stripe Checkout page (PCI-DSS level 1). Webhook signed with HMAC-SHA256, application-level idempotence. No copy of the invoice on the DataSouv side beyond metadata (id, amount, status).

CNDP receipt number

Under review. Will be published here upon issuance, in line with our exemplarity commitment.