This Privacy Policy explains what personal data Empi collects, why we collect it, who processes it on our behalf, and the rights you have. It applies to the Empi website and Service. For a focused summary of your rights under the GDPR, see our GDPR notice.
<h2>1. Who is responsible</h2>
<p>
The data controller is <strong>Empi</strong>, France. For any privacy question, contact
<a href="mailto:[email protected]">[email protected]</a>.
</p>
<h2>2. Data we collect</h2>
<ul>
<li><strong>Account data</strong>: email address, name, password hash (or your identity provider's token if you sign in with a partner), language and theme preferences.</li>
<li><strong>Your Content</strong>: tasks, notes, projects, comments, and similar material you create.</li>
<li><strong>Calendar data</strong>: when you connect Google Calendar or Microsoft 365, the events and availability needed to compute your capacity.</li>
<li><strong>Billing data</strong>: plan, billing country, and the limited payment metadata our payment processor returns. We do not store full card numbers.</li>
<li><strong>Usage and device data</strong>: log data, approximate location from IP, device and browser type, and product analytics events.</li>
</ul>
<h2>3. Why we use it and our legal bases</h2>
<ul>
<li><strong>To provide the Service</strong> (perform our contract with you): run your account, store and sync Your Content, schedule your week, connect your calendar.</li>
<li><strong>To bill and prevent fraud</strong> (contract and legal obligation): process Subscriptions, taxes, and chargebacks.</li>
<li><strong>To secure and improve the Service</strong> (legitimate interests): diagnostics, abuse prevention, aggregated analytics. We balance these against your rights.</li>
<li><strong>Communications and non-essential analytics</strong> (consent, where required): product emails you can opt out of, and analytics or cookies that need consent.</li>
</ul>
<h2>4. Processors and sub-processors</h2>
<p>
We use a small set of vetted providers to run the Service. They process data only
on our instructions and under data-processing agreements.
</p>
<table>
<thead>
<tr><th>Provider</th><th>Purpose</th><th>Region</th></tr>
</thead>
<tbody>
<tr><td>Scaleway</td><td>Hosting, key management (KMS), object storage</td><td>EU (France)</td></tr>
<tr><td>Google</td><td>Google Calendar integration; route estimates for commute buffers</td><td>EU / US (SCCs)</td></tr>
<tr><td>Microsoft</td><td>Microsoft 365 calendar integration</td><td>EU / US (SCCs)</td></tr>
<tr><td>Clerk</td><td>Authentication, when you sign in with a partner identity</td><td>EU</td></tr>
<tr><td>PostHog</td><td>Product analytics</td><td>EU</td></tr>
<tr><td>Sentry</td><td>Error monitoring</td><td>EU</td></tr>
</tbody>
</table>
<p class="legal-note">
This list may change as the Service evolves. We keep an up-to-date list and will
give notice of material changes.
</p>
<h2>5. How we protect your data</h2>
<p>
Your task and note content is encrypted at rest using per-tenant envelope
encryption: a per-tenant key, wrapped by a master key held in our key management
service, with AES-256-GCM on the stored fields. Each Workspace is isolated at the
database boundary so one tenant cannot read another's data. Access to production
systems is restricted and logged.
</p>
<h2>6. International transfers</h2>
<p>
Your data is hosted in the European Union. Where a processor is outside the EU/EEA,
we rely on an adequacy decision or the European Commission's Standard Contractual
Clauses, with additional safeguards where appropriate.
</p>
<h2>7. Retention</h2>
<p>
We keep Your Content while your account is active. If your account stays inactive for
an extended period (around three months with no sign-in), we email you one or more
advance warnings and then delete the account and its content; signing in at any time
keeps the account active and stops the deletion. When you delete content or close
your account, we delete or anonymise it within a reasonable period, except for
backups (kept for a limited window) and records we must retain by law (for example,
invoices). Where you request a GDPR crypto-shred, the tenant key is destroyed and
the corresponding ciphertext becomes permanently unrecoverable, backups included.
</p>
<h2>8. Cookies and local storage</h2>
<p>
We use strictly necessary cookies and browser storage to keep you signed in and to
remember your theme (<code>empi_theme</code>) and language (<code>empi_lang</code>).
Non-essential analytics or cookies are used only with your consent where required.
</p>
<h2>9. Your rights</h2>
<p>
Subject to the GDPR, you have rights of access, rectification, erasure,
restriction, portability, and objection, and the right to withdraw consent. Our
<a href="gdpr.html">GDPR notice</a> explains each right and how to exercise it.
Contact <a href="mailto:[email protected]">[email protected]</a>.
</p>
<h2>10. Children</h2>
<p>
The Service is not directed to children under 16, and we do not knowingly collect
their personal data.
</p>
<h2>11. Changes</h2>
<p>
We may update this Policy. For material changes we will give reasonable notice. The
"last updated" date above reflects the current version.
</p>
<h2>12. Contact</h2>
<p>
<strong>Empi</strong>, France. Privacy:
<a href="mailto:[email protected]">[email protected]</a>.
</p>