ZoraLead Logo
ZoraLead

Privacy Policy

GDPR Compliant - In accordance with Regulation (EU) 2016/679

1. Data Controller

Controller: FERGOLA VINCENT - Entrepreneur Individuel (EI)

SIREN: 884566241

Registered Office: NICE (06300), France

Email: contact@zoralead.com

2. Our Commitment to Your Privacy

ZoraLead is designed with the principle of Privacy by Design. We firmly believe that your data belongs to you and should remain under your control.

3. Personal Data Collected
3.1. At Purchase (Minimal Data)
  • Email address: To send your license key
  • Payment information: Processed exclusively by Stripe (we never store it)
  • License key: Stored for subscription validation
  • Subscription dates: For managing your license period
3.2. When Using the Application

NO DATA is collected. All your data is stored locally on your machine.

4. What We DO NOT Collect
  • Your lead data
  • Your email campaigns
  • Your SEO analysis results
  • Your usage habits
  • Your IP address (beyond initial validation)
  • Machine fingerprinting
  • Telemetry or analytics data
  • Browsing history
  • Any sensitive data as defined by GDPR
5. Legal Basis for Processing

In accordance with Article 6 of GDPR, the processing of your personal data is based on the following legal grounds:

  • Contract performance (Article 6.1.b): Processing of your email and license key is necessary for the performance of the sales contract
  • Legal obligation (Article 6.1.c): Retention of invoices and accounting data in accordance with French legal obligations
  • Legitimate interest (Article 6.1.f): Fraud prevention and dispute management
6. Local-First Architecture

ZoraLead stores all your professional data in a local SQLite database on your machine. We have no access to this data. It never leaves your computer unless you explicitly export it.

This approach ensures you retain full control of your data in accordance with the GDPR principle of data minimization.

7. Third-Party Services and Processors
7.1. Payment Processing

Stripe, Inc. - Payment processing (PCI-DSS certified). See their privacy policy.

7.2. Hosting

Vercel Inc. - Website and API hosting (United States, GDPR compliant). See their privacy policy.

7.3. Third-Party APIs (Under Your Control)

ZoraLead integrates with third-party APIs for which you provide your own API keys:

  • OpenAI: Email generation (subject to OpenAI's policy)
  • Anthropic (Claude): SEO fix suggestions (subject to Anthropic's policy)
  • SERP API: Lead discovery (subject to SERP API's policy)
8. License Validation and Query Minimization

Initial activation: When you first activate, we validate your license key with our server (1 unique request).

Daily usage: NO server requests. Validation is performed locally.

Monthly check (optional): Maximum of one request per month to verify your subscription status.

9. Data Retention Period
  • Active subscription data: For the duration of your subscription
  • After cancellation: 30 days (except legal accounting obligations)
  • Accounting data: 10 years (French legal obligation - Article L123-22 of the Commercial Code)
  • Local data (on your machine): Under your exclusive control
10. Your Rights (GDPR - Articles 12-22)

In accordance with GDPR, you have the following rights:

  • Right of access (Art. 15): Obtain a copy of your personal data
  • Right to rectification (Art. 16): Correct inaccurate data
  • Right to erasure (Art. 17): Request deletion of your data
  • Right to restriction (Art. 18): Limit the processing of your data
  • Right to portability (Art. 20): Receive your data in a structured format
  • Right to object (Art. 21): Object to the processing of your data
  • Right to withdraw consent: At any time

To exercise these rights, contact us at: contact@zoralead.com

11. Right to File a Complaint with CNIL

If you believe your rights are not being respected, you have the right to file a complaint with the French Data Protection Authority (CNIL):

CNIL
3 Place de Fontenoy - TSA 80715
75334 PARIS CEDEX 07, France
Tel: +33 1 53 73 22 22
www.cnil.fr

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • HTTPS encryption (TLS 1.3) for all communications
  • Local storage of sensitive data (no centralized cloud)
  • Data collection minimization
  • Restricted access to subscription data
  • Regular security audits
13. Data Breach Notification

In accordance with Article 33 of GDPR, in the event of a personal data breach likely to result in a high risk to your rights and freedoms, we commit to notifying you within 72 hours of discovering the breach.

14. Cookies and Trackers

This website uses NO tracking, advertising, or analytics cookies. Only strictly necessary cookies for technical functionality may be used (session cookies).

In accordance with the ePrivacy Directive and French law (Article 82 of the Data Protection Act), you can configure your browser to refuse cookies.

15. International Data Transfers

Some of our processors (Stripe, Vercel) are located in the United States. These transfers are governed by:

  • Standard contractual clauses approved by the European Commission
  • Certifications (EU-U.S. Data Privacy Framework for eligible companies)
  • Appropriate safeguards in accordance with Article 46 of GDPR
16. Changes to This Policy

We reserve the right to modify this privacy policy at any time. Any changes will be published on this page with an updated date. In case of substantial changes, we will inform you by email.

17. Contact

For any questions regarding this privacy policy or to exercise your rights:

Email: contact@zoralead.com

Address: FERGOLA VINCENT EI, NICE (06300), France

Last updated: November 7, 2025