Privacy Policy

Who is responsible?

The localprose.com website and the LocalProse software are published by Alexandre POULET (hereafter "the Publisher"), president of the SASU POULET INTERACTIVE, with share capital of €1,000, registered with the RCS of Montauban under SIRET 999 401 292 00019.

Registered office: 10 rue Jean Doumerc, 82000 Montauban, France
Represented by its President, Mr. Alexandre POULET.

Main contact (DPO / Privacy): Support

What data do we collect?

We collect only the data strictly necessary for the operation of the service and the management of your license:

• User account data: To acquire a lifetime license and access their personal management area, the user creates an account on localprose.com with an email address (unique identifier) and a password. The password is stored as an irreversible cryptographic hash (we have no access to the plain-text password). The email address is subject to an initial verification procedure (validation link valid for 48 hours) to ensure it belongs to the user. We also retain the registration date, account state (verified or not), and associated preferences. Users under "Free" status or "7-day Trial" are not concerned by this collection, as account creation is not required for these statuses.
• Communication preferences (Newsletter): Your explicit choice (Opt-in) to receive our news and writing tips, as well as technical interaction data with these emails (opens/clicks) for anonymized statistical purposes.
• Anonymized download statistics: When you download the software, our server counts this event for purely statistical purposes (volume counter). Unlike traditional web analytics tools, this counting is done server-side, without placing any cookie on your browser and without recording your IP address in the counter registry.
• Payment data (lifetime license purchase): If you acquire a lifetime license, the transaction is handled by Stripe. We do not store your credit card numbers. We only process the Stripe transaction identifier, the amount paid, the currency, and the purchase date, for accounting and license management purposes. Users under "Free" status or "7-day Trial" are not concerned by any banking data collection.
• Data related to your lifetime license: If you have acquired a lifetime license, we retain your personal license key (format LP-XXXX-XXXX-XXXX-XXXX-XXXX), the identifier of the user account it is tied to, the origin of the license (purchase, migration from a former subscription, etc.), and the list of your current activations (a hashed technical identifier per device, its platform, and the date of activation/deactivation). This data is necessary to respect activation quotas (2 desktop devices + 2 mobile devices simultaneously), to prevent fraud, and to provide the online management features.
• Data related to the 7-day free trial: When you start the trial period without creating an account, we record an anonymized technical fingerprint of your device, the trial start and expiration dates, and the device's platform, for the exclusive purpose of fraud prevention. No email address, no personal identification data is collected on this occasion.
• Device technical data: The application generates and transmits a hashed unique technical identifier (fingerprint) of the device used. This identifier is used to manage activation quotas for your lifetime license and for anti-fraud controls related to the free trial. It does not provide access to your local content. This technical data is in no case used to analyze your hardware performance.
• Local hardware detection (RAM): To optimize AI performance, the application checks your computer's RAM at startup. This check is performed 100% locally. No information about your computer's configuration or power is collected, stored, or sent to our servers.
• Validation and reset tokens: When initially creating an account, resetting a forgotten password, or confirming an account deletion, we generate single-use links sent by email. Only the cryptographic fingerprint (hash) of these links is stored in the database, never the link itself. These tokens have a limited validity period (from 24 to 48 hours depending on the type of operation) and then become unusable.
• Audit data for exceptional recovery procedures: When a user exercises an exceptional recovery procedure (simultaneous loss of email access and password, proven account compromise, attachment of an existing license to a new account after deletion of the original account — see Terms §3.5 and §4.2.2), the publisher retains the history of this operation: reason, supporting documents provided (transaction number, verified identification elements), old and new identification, operation dates, support ticket identifier. This data is retained for audit purposes, fraud prevention, and defense in case of litigation.
• Data from Discord connection (Wiki): When you sign in to our Wiki via the secure Discord protocol, we automatically collect your unique Discord identifier (User ID), your display name, and the link to your Discord avatar. The email address linked to your Discord account is also collected to securely create and validate your user account on our documentation platform. No other data related to your Discord account (servers, private messages) is read or collected.
• Contributions and Comments on the Wiki: When you post a reaction or a question on the community space, we store the textual content of your message, its publication date, as well as the technical association with your Discord user account created on the site.
• Customer support: Emails and information voluntarily transmitted during your assistance requests (bugs, questions).
• Writing content (Local-First Principle): Your texts, projects, manuscripts, and notes remain stored exclusively on your machine. They are never sent to our servers, nor analyzed by us. You are the sole guardian.

Purposes and legal bases

We process your data for the following reasons:

• User account creation and management (registration, authentication, access to the secure personal area, preference management, email or password change): Legal basis: Contract performance (Terms of Use and Sale).
• Management of the purchase and delivery of the lifetime license (one-time payment, license key generation, email delivery, availability in the personal account): Legal basis: Contract performance (Terms) and legal obligation (accounting).
• License activation management and anti-fraud (compliance with quotas of 2 desktop + 2 mobile, fight against abusive successive trials, verification of free trial eligibility): Legal basis: Contract performance and legitimate interest of the publisher to protect its software.
• Exceptional recovery procedures and associated audit (identity verification in case of simultaneous access loss, account compromise, post-deletion attachment, retention of supporting documents and history): Legal basis: Contract performance (Terms procedures §3.5 and §4.2.2), legitimate interest of the publisher to protect the legitimacy of its commercial transactions, and legal obligation regarding accounting.
• Newsletter sending (product news, writing tips): Legal basis: Consent (you check the "I want to receive the LocalProse newsletter" box during registration or purchase). You can withdraw this consent at any time via the unsubscribe link at the bottom of each newsletter or from your personal account.
• User support and service improvement (response to tickets, bug fixes, handling of exceptional recovery procedures): Legal basis: Legitimate interest and contract performance.
• Transactional communication (initial email address verification, license key delivery, purchase confirmation, password reset, security alerts, account deletion confirmation, critical update notifications): Legal basis: Contract performance.
• Community space management and comment moderation (allowing the publication of technical questions on the Wiki, displaying the identity chosen by the author, ensuring the security and moderation of exchanges): Legal basis: Legitimate interest of the Publisher to manage its technical community and performance of the communication service requested by the user.

Data recipients (Subprocessors)

Your personal data is never sold to third parties. It may be transmitted to our technical service providers (subprocessors) acting on our strict instructions:

• Stripe: Secure payment provider. Some technical and payment data may be transferred outside the European Union (notably to the United States), these transfers being governed by adequate protection measures (Data Privacy Framework or Standard Contractual Clauses).
• GitHub (Microsoft): Hosting of the software installation files (executables). When you initiate the download, your IP address is technically visible to their global distribution infrastructure (CDN) in order to route the file as quickly as possible to your computer.
• Google (Play Store): Hosting and distribution of the mobile application. When downloading or using the application on an Android device, Google may collect diagnostic or usage data depending on your Google account settings.
• Apple (App Store): Hosting and distribution of the iOS mobile application. When downloading or using the application on an Apple device, Apple may collect diagnostic or usage data depending on your Apple account settings.
• Scaleway (France/EU): Provider for routing transactional emails and newsletters.
• OVH (France/EU): Host of the showcase site and domain name management.
• Discord Inc.: Intervenes exclusively as a secure third-party identity provider (OAuth2) during your voluntary authentication phase on the Wiki space.

Retention periods

• User account data: Kept as long as the account is used. When an account has not been used for an extended period of inactivity, the publisher proceeds to its deletion or anonymization, respecting the retention durations the user can reasonably expect. The user can also request the early deletion of their account at any time from their secure personal area (see below).
• Account deletion (right to be forgotten): The user can at any time, from their secure personal area, exercise their right to the permanent deletion of their account. The self-service procedure includes several confirmation steps (checkboxes, password entry, click on a link sent by email valid for 24 hours) to avoid any accidental deletion. A final summary email is sent to the user before anonymization, containing their license key and the information necessary for the conservation of their license. Upon deletion:
  • identification data (email address, hashed password, preferences, legacy device technical identifiers) are anonymized irreversibly in our active databases, within a maximum of 30 days;
  • data strictly necessary for the traceability of the lifetime license (license key, anonymized historical activations) is retained with an anonymized link, to allow the user to recover the use of their license in case of a later request for attachment to a new account (Terms procedure §4.2.2);
  • accounting data (invoices, Stripe identifiers) are kept for 10 years in accordance with legal obligations;
  • the acquired license key remains valid and usable on already-activated devices, in accordance with §4.2 of the Terms.
• Data related to your lifetime license: Retained as long as the license is used and its attachment account is active. After deletion of the attachment account, the technical data of the license (key, activations) is retained in anonymized form for the reasons stated above.
• Data related to the 7-day free trial: The hashed technical identifier of the device that benefited from the trial is retained for the exclusive purpose of anti-fraud. It is anonymized (hashed) and does not allow any personal identification.
• Validation and reset tokens: Cryptographic fingerprints of tokens are retained until their expiration (24 to 48 hours depending on the type) or until their consumption by the user, then automatically deleted.
• Audit data for exceptional recovery procedures: Retained for the lifetime of the concerned license, for audit purposes, fraud prevention, and defense in case of litigation.
• Community space data (Wiki Comments and Profiles): User accounts created via Discord remain active as long as the user does not request their deletion. Comments and textual contributions published on the Wiki are kept by default as long as the associated article or documentation remains online, in order to maintain the consistency of discussion threads for the community. The user can request the deletion or anonymization of their contributions at any time (Right to be forgotten).
• Newsletter: Your email address is retained in our mailing list until consent is withdrawn (click on the "Unsubscribe" link in received emails or modification from your personal account).
• Data of user accounts prior to the Lifetime pivot: Users who created an account before May 18, 2026, under the previous subscription model have an email address, a hashed password, and associated data in the database. This data is retained as long as these users use it (sign-in possible). When they no longer sign in for an extended period of inactivity, this data may be deleted or anonymized. The legacy user can, at any time, request its early deletion by exercising their right to erasure.
• Billing data: In accordance with French law (Commercial Code), invoices and associated payment data are kept for 10 years as accounting evidence, even after account deletion.
• Technical data (logs): Connection logs (IP addresses, timestamps) are kept for a rolling period of 12 months (LCEN legal obligation), then automatically deleted.

Your rights

In accordance with the GDPR and the French Data Protection Act, you have the following rights regarding your data:

• Right of access and portability of your data;
• Right of rectification (modify your information from your secure personal area or by contacting us);
• Right to erasure (permanent account deletion from your personal area or upon request to our support);
• Right to object to or limit the processing (in particular for the newsletter).

To exercise these rights, you can:

• sign in to your secure personal area on localprose.com for self-service operations (password change, account deletion, newsletter management);
• contact us by email at: Support for any other request.

If you consider, after contacting us, that your "Data Protection" rights are not respected, you can submit a complaint to the CNIL (French Data Protection Authority) on their website cnil.fr.

Security

We implement technical measures to protect your data:

• Secure protocols (HTTPS/TLS) for all communications between the application and our servers.
• Irreversible cryptographic hashing of passwords and validation/recovery tokens (we have access neither to passwords nor to plain-text tokens).
• Local storage strictly necessary for the operation of the secure personal area: when you sign in to your account on localprose.com, your browser stores a technical session identifier in its localStorage. This identifier is neither a cookie nor a tracker; it is never transmitted to third parties, serves exclusively to maintain your active connection, and is deleted upon sign-out or session expiration. For more details, see our Zero Cookie Policy.
• Multi-step procedures for sensitive operations (account deletion) to avoid any accidental or fraudulent action.
• "Local-First" architecture: the risk of leaks of your manuscripts from our servers is nil, because we do not possess them.
• Offline cryptographic verification: your lifetime license remains valid and verifiable locally even in case of unavailability or cessation of our servers' activity, and even in case of deletion of your user account.

Policy changes

This policy may be updated to reflect regulatory or functional changes. The version in force is the one accessible on this page.