Privacy Policy

Last updated: January 21, 2026 Welcome to Meet Lea (LinkedIn Engagement Assistant), a desktop application for LinkedIn comment management operated by Paul Irolla, a sole proprietorship (2 bis rue des bons français, 44000 Nantes, France). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our desktop application. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and French data protection laws.

1. Data Controller and Contact Information

Data Controller: Paul Irolla
Data Protection Officer (DPO): Paul Irolla
Address: 2 bis rue des bons français, 44000 Nantes, France
Contact Email: [email protected]
Support Hours: Monday to Friday, 9:00 AM to 6:00 PM GMT

2. Personal Data We Collect

2.1 Account Information

When you create an account with us, we collect:
  • Full name
  • Email address
  • Company name and address (if applicable)
  • Job title or professional role
  • LinkedIn profile information (if connected)
  • Profile picture (optional)

2.2 Technical Information

We automatically collect certain technical information when you use our desktop application and website:
  • IP address and location data
  • Device information (type, operating system, browser)
  • Application session information
  • Usage patterns and feature interactions
  • Performance metrics and error logs
  • Error reports and diagnostic information (for troubleshooting and service improvement)

2.3 Content and Communications

  • Content you create, edit, or share through our platform
  • Comments and feedback you provide
  • Communications with our support team (via Crisp chat widget on our website)
  • Chat conversations and messages sent through our customer support system
  • Survey responses and feedback

2.4 Payment Information

Payment processing is handled by Stripe, our third-party payment processor. We do not store your payment card details on our servers. However, we may receive:
  • Transaction confirmations
  • Billing addresses
  • Payment method types (e.g., "Visa ending in 1234")
  • Subscription status information

2.5 LinkedIn Integration Data

When you connect your LinkedIn account, we may collect:
  • Basic profile information
  • Connection lists (with your permission)
  • Post engagement data
  • Content performance metrics

3. How We Collect Your Data

3.1 Direct Collection

  • Account registration and profile setup
  • Form submissions and surveys
  • Direct communications with our team
  • Voluntary information sharing

3.2 Automatic Collection

  • Desktop application usage and analytics
  • Server logs and analytics
  • Feature usage tracking
  • Performance monitoring

3.3 Third-Party Sources

  • LinkedIn API (with your explicit consent)
  • Payment processors (Stripe)
  • Customer support tools (Crisp)
  • Website security and CDN services (Cloudflare)
  • Error reporting and monitoring services

4. Legal Basis and Purpose for Processing

4.1 Contract Performance

We process your data to:
  • Provide and maintain our services
  • Process payments and manage subscriptions
  • Deliver customer support
  • Fulfill our contractual obligations

4.2 Legitimate Interests

We process your data for:
  • Service improvement and development
  • Security and fraud prevention
  • Marketing and business development
  • Analytics and performance optimization

4.3 Consent

We process your data with your explicit consent for:
  • LinkedIn integration and data access
  • Marketing communications
  • Optional features and services
  • Data processing for research purposes

4.4 Legal Obligations

We process your data to comply with:
  • Tax and accounting requirements
  • Legal and regulatory obligations
  • Court orders and legal processes
  • Data protection laws

5. How We Use Your Personal Data

5.1 Service Provision

  • Account creation and management
  • Content creation and curation tools
  • Analytics and reporting features
  • Customer support services

5.2 Communication

  • Service updates and notifications
  • Security alerts and important notices
  • Customer support responses
  • Marketing communications (with consent)

5.3 Improvement and Development

  • Feature usage analysis
  • Performance optimization
  • Bug fixing and troubleshooting
  • New feature development

5.4 Business Operations

  • Billing and payment processing
  • Fraud detection and prevention
  • Legal compliance and protection
  • Business analytics and reporting

6. Data Sharing and Disclosure

6.1 Service Providers

We may share your data with trusted third-party service providers:
  • Stripe: Payment processing
  • Crisp: Customer support chat service (website chat conversations, user identification for support purposes)
  • Cloudflare: Website security and content delivery network (CDN) services. All website requests pass through Cloudflare for security, DDoS protection, and performance optimization. Cloudflare may collect IP addresses, request headers, and other technical information necessary for these security services.
  • Error reporting services: Diagnostic information and error logs for troubleshooting and service improvement
Note: We operate our own infrastructure and do not use third-party cloud hosting providers (such as AWS, Google Cloud, or Azure) for data storage and processing. All data is stored on our own servers. However, website traffic passes through Cloudflare for security and performance purposes.

6.2 Legal Requirements

We may disclose your data if required by:
  • Valid legal processes (subpoenas, court orders)
  • Government requests for national security
  • Compliance with applicable laws and regulations
  • Protection of our rights and interests

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity, subject to the same privacy protections.

6.4 Data We Do Not Share

We do not:
  • Sell your personal data to third parties
  • Share data for advertising purposes
  • Provide data to data brokers
  • Use data for purposes unrelated to our services

7. Your Rights Under GDPR

7.1 Right of Access

You have the right to:
  • Request confirmation of data processing
  • Obtain a copy of your personal data
  • Receive information about processing purposes
  • Request details about data recipients

7.2 Right to Rectification

You can:
  • Correct inaccurate personal data
  • Complete incomplete personal data
  • Update your account information
  • Modify your preferences

7.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your data when:
  • Data is no longer necessary for the original purpose
  • You withdraw consent for processing
  • Data has been unlawfully processed
  • Legal obligations require deletion

7.4 Right to Restrict Processing

You can request restriction when:
  • You contest the accuracy of data
  • Processing is unlawful but you don't want deletion
  • We no longer need the data but you need it for legal claims
  • You've objected to processing pending verification

7.5 Right to Data Portability

You can:
  • Receive your data in a structured, machine-readable format
  • Transfer data to another service provider
  • Request direct data transfer where technically feasible

7.6 Right to Object

You can object to processing based on:
  • Legitimate interests (including profiling)
  • Direct marketing purposes
  • Scientific or historical research
  • Statistical purposes

7.7 Right to Withdraw Consent

You can withdraw consent at any time for:
  • Marketing communications
  • Optional features requiring consent
  • Data processing based solely on consent

8. Data Retention

8.1 Account Data

  • Active accounts: Data retained while account is active
  • Deleted accounts: Data permanently deleted within 30 days
  • Backup systems: Data removed from backups within 90 days

8.2 Financial Records

  • Payment records: Retained for 7 years for tax compliance
  • Subscription history: Retained for 3 years for business purposes
  • Refund records: Retained for 2 years for dispute resolution

8.3 Legal Obligations

Some data may be retained longer if required by:
  • Legal proceedings or disputes
  • Regulatory investigations
  • Tax and accounting requirements
  • Contractual obligations

9. Data Security

9.1 Technical Safeguards

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and monitoring
  • Regular Updates: Security patches and system updates

9.2 Organizational Safeguards

  • Staff Training: Regular security awareness training
  • Background Checks: Screening for personnel with data access
  • Incident Response: Documented procedures for security breaches
  • Audit Trails: Comprehensive logging of data access and modifications

9.3 Third-Party Security

  • Vendor Assessment: Due diligence on all service providers
  • Data Processing Agreements: Contractual security requirements
  • Regular Reviews: Ongoing monitoring of third-party security

10. International Data Transfers

10.1 Data Location

  • Primary data processing: European Union (our own infrastructure)
  • Backup storage: European Union (our own infrastructure)
  • Service providers: EU-based where possible

10.2 Transfer Safeguards

When data is transferred outside the EU:
  • Adequacy Decisions: Transfers to countries with adequate protection
  • Standard Contractual Clauses: EU-approved data transfer agreements
  • Binding Corporate Rules: For multinational service providers

11. Children's Privacy

11.1 Age Restrictions

  • Minimum age: 13 years
  • Users under 16: Parental consent required (EU)
  • Users under 18: Parental consent recommended

11.2 Special Protections

  • Enhanced privacy protections for minors
  • Limited data collection and processing
  • Parental access to children's data
  • Right to deletion of childhood data

12. Local Storage and Tracking Technologies

12.1 Essential Data

  • Application session management
  • Security features
  • Local configuration
  • Software functionality

12.2 Application Analytics and Services

  • Customer Support: Crisp chat widget for customer support communications (collects chat messages, user identification, and session information)
  • Error Reporting: Automatic error reporting and diagnostic information collection for troubleshooting and service improvement
  • No Third-Party Advertising: We do not use third-party advertising trackers or sell your data to advertisers
  • Privacy-Focused: All data collection is minimized and used solely for service improvement and support purposes

12.3 Local Data Management

  • Application privacy settings
  • Local data storage controls
  • Opt-out mechanisms
  • Regular data storage audits

13. Data Breach Notification

13.1 Internal Procedures

  • Detection: Automated monitoring and incident detection
  • Assessment: Risk evaluation and impact analysis
  • Containment: Immediate steps to limit breach scope
  • Investigation: Forensic analysis and root cause identification

13.2 Notification Timeline

  • Supervisory Authority: Within 72 hours of discovery
  • Affected Individuals: Within 7 days if high risk
  • Documentation: Comprehensive breach records
  • Follow-up: Ongoing monitoring and remediation

13.3 Individual Rights

  • Right to be informed of breaches affecting you
  • Right to compensation for damages
  • Right to lodge complaints with supervisory authorities
  • Right to seek judicial remedies

14. Privacy by Design

14.1 Data Minimization

  • Collect only necessary data
  • Process data for specified purposes
  • Retain data only as long as needed
  • Delete data when no longer required

14.2 Privacy-Friendly Defaults

  • Strict privacy settings by default
  • Opt-in rather than opt-out mechanisms
  • Clear and prominent privacy choices
  • Regular privacy setting reviews

14.3 Transparency

  • Clear privacy notices
  • Plain language explanations
  • Regular privacy policy updates
  • Proactive privacy communications

15. Updates to This Privacy Policy

15.1 Notification Methods

  • Email notifications for material changes
  • In-app notifications and alerts
  • Website banner announcements
  • Account dashboard notifications

15.2 Review and Updates

  • Regular policy reviews and updates
  • Changes communicated 30 days in advance
  • Opportunity to review and object to changes
  • Continued use implies acceptance

16. Contact Information and Complaints

16.1 Data Protection Queries

For any questions about this Privacy Policy or our data practices: Paul Irolla
Data Protection Officer: Paul Irolla
Email: [email protected]
Address: 2 bis rue des bons français, 44000 Nantes, France

16.2 Supervisory Authority

If you're not satisfied with our response, you can contact: Commission Nationale de l'Informatique et des Libertés (CNIL)
Website: https://www.cnil.fr
Phone: 01 53 73 22 22
Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07

16.3 European Supervisory Authorities

EU residents can contact their local data protection authority:
  • European Data Protection Board: https://edpb.europa.eu
  • Find your local authority: https://edpb.europa.eu/about-edpb/board/members
By using Meet Lea, you acknowledge that you have read, understood, and agree to the collection, use, and processing of your personal information as described in this Privacy Policy.