Privacy Policy

Last updated: May 2026

HOLOPHONIX SAS ("HOLOPHONIX", "we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services, and the rights you have under the EU General Data Protection Regulation (GDPR) and the French Data Protection Act ("Loi Informatique et Libertés").

Data controller: HOLOPHONIX SAS, 18 Rue Marc Seguin, 77290 Compans, France — SIREN 951 087 238.

Contact: info@holophonix.xyz

We collect information that you provide directly to us — such as when you create an account, make a purchase, or contact us for support — as well as a limited amount of technical data automatically. This may include:

• Identity and contact information (name, email, postal address, phone number)

• Account credentials (hashed password, authentication tokens)

• Professional information (company, role, country)

• Payment information (processed securely by Stripe — we do not store full card details)

• License and product usage information (managed through LicenseSpring)

• Communications with us (support requests, emails, form submissions)

• Technical data (IP address, browser, device, pages visited, referring URL)

We use the information we collect to:

• Provide, maintain, and improve our products and services

• Process transactions and manage software licenses and activations

• Respond to your comments, questions, and support requests

• Send you technical notices, updates, security alerts, and service messages

• Send you marketing communications about our products (only with your consent — you can unsubscribe at any time)

• Prevent fraud, abuse, and security incidents

• Comply with legal obligations

We process your personal data on one or more of the following legal bases (Article 6 GDPR):

• Performance of a contract — to deliver products, licenses, and support you have purchased or requested

• Legal obligation — to meet accounting, tax, and consumer-protection obligations

• Legitimate interests — to secure our website, prevent fraud, and improve our services (balanced against your rights)

• Consent — for marketing emails and non-essential cookies; you may withdraw consent at any time without affecting prior processing

We share personal data only with the following categories of recipients:

• Stripe — payment processing (PCI-DSS compliant)

• LicenseSpring — software license issuance, activation, and management

• Hostinger International Ltd. — website hosting

• Google (Google Tag Manager, Google Analytics, Google Ads) — audience measurement and advertising performance, only after you consent via the cookie banner

• Sentry (Functional Software, Inc.) — error monitoring; session-replay diagnostics only after you consent

• YouTube and Vimeo — embedded video players, loaded only after you consent

• Email service providers acting as our processors

• Authorities, courts, or regulators where required by law

Each processor is bound by a data processing agreement (DPA) limiting their use of your data to the services they provide to us. We never sell your personal data.

Some of our processors (notably Stripe, LicenseSpring, Google, and Sentry) may process data outside the European Economic Area, including in the United States. When this happens, transfers are protected by appropriate safeguards — such as the EU Standard Contractual Clauses or, where applicable, the EU-US Data Privacy Framework — to ensure your data benefits from a level of protection equivalent to that guaranteed within the EU.

We keep personal data only for as long as necessary for the purposes for which it was collected:

• Customer account data — for the lifetime of the account, then 3 years after last activity for commercial-prospection purposes

• Order, invoice, and licensing records — 10 years (French commercial-law obligation)

• Support correspondence — 3 years from last contact

• Marketing-consent records — until you withdraw consent, then archived as proof for 5 years

• Server and security logs — up to 12 months

Anonymised data may be kept longer for statistical purposes.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, accidental loss, or destruction — including TLS encryption in transit, encrypted backups, access controls, and regular security reviews. No method of transmission over the Internet is 100% secure, but we work continuously to maintain a level of protection appropriate to the risks.

Subject to the GDPR and the French Data Protection Act, you have the right to:

• Access the personal data we hold about you

• Request rectification of inaccurate or incomplete data

• Request erasure of your data ("right to be forgotten")

• Restrict or object to certain processing activities

• Receive your data in a portable, machine-readable format

• Withdraw consent at any time (for processing based on consent)

• Give instructions on what happens to your data after your death

To exercise these rights, contact us at info@holophonix.xyz. We will respond within one month.

You also have the right to lodge a complaint with the French data-protection authority — the CNIL — at www.cnil.fr.

Our website uses cookies to improve your experience. For detailed information, please see our Cookie Policy.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new version on this page and, where appropriate, by email.

If you have any questions about this Privacy Policy or our handling of your personal data, please contact us:

HOLOPHONIX SAS

18 Rue Marc Seguin, 77290 Compans, France

Email: info@holophonix.xyz