Skip to content
Not Nori logo
Language

Legal document

Privacy Policy

Currently published version of this document.

Back to legal pages

Data Controller

The controller of the personal data collected through notnori.com is:

Léandre Desmaretz-Lespagnol, acting in his own name

Data We Collect and Why

Priority access request via /subscriptions

  • Data processed: first name, last name, email address, postal address entered by the user, country, marketing consent, honeypot field, and technical metadata required to secure and process the request
  • Purposes: processing prelaunch signup and priority access requests, estimating prelaunch demand, and following up with the user about the prelaunch
  • Legal basis:
    • legitimate interest for organising the prelaunch and assessing demand;
    • consent for marketing communications when the corresponding option is selected

Interest qualification via /checkout

  • Data processed: first name, last name, email address, postal address entered by the user, country, marketing consent, simulated product selection data when present, honeypot field, and technical metadata required to secure and process the request
  • Purposes: measuring purchase intent and demand, organising the prelaunch, and understanding product interest. No real order is created.
  • Legal basis:
    • legitimate interest for understanding demand and structuring the prelaunch;
    • consent for marketing communications when the corresponding option is selected

Simple prelaunch signup via /account

  • Data processed: email address, optional first name, marketing consent, honeypot field, and security-related technical metadata
  • Purposes: creating a simple prelaunch signup, following up with the user about the prelaunch, and managing priority access
  • Legal basis:
    • legitimate interest for administering the prelaunch;
    • consent for marketing communications when the corresponding option is selected

Security and abuse prevention

  • Data processed: IP address, timestamps, and request-related technical metadata
  • Purposes: protecting the website against abuse, applying rate limits, detecting automated or abnormal submissions, and maintaining form and API security
  • Legal basis: legitimate interest

Error monitoring and service stability

  • Data processed: technical data related to application errors and website execution, such as browser type, visited page, technical session identifiers, and error traces
  • Purposes: monitoring errors, diagnosing incidents, and improving service stability and security
  • Legal basis: legitimate interest

No Real Payments and No Banking Data

The website does not collect, process, or store banking or payment card data as part of the fake-door prelaunch phase. The /subscriptions, /checkout, and /account flows are used only for prelaunch signup, interest qualification, and priority access management. No real payment is processed.

Retention Periods

| Data category | Retention period | | --- | --- | | Prelaunch signup and fake-door qualification data used to assess demand | 12 months from submission | | Marketing consent and related marketing contact data | 24 months from collection or until consent is withdrawn | | Technical logs, IP addresses, and anti-abuse data | 90 days | | Sentry error-monitoring data | 90 days |

Recipients and Sub-processors

Personal data may be shared, on a need-to-know basis, with the following sub-processors:

  • Hetzner Online GmbH — infrastructure hosting within the European Union
  • Resend, Inc. — email delivery and marketing synchronisation
  • Functional Software, Inc. (Sentry) — error monitoring and application stability

Personal data is not sold or disclosed to third parties for their own marketing purposes.

International Transfers

Some data may be transferred outside the European Union when processors located in the United States are involved, in particular Resend and Sentry. Such transfers are protected by appropriate safeguards, including standard contractual clauses where required.

Your Rights

Under the GDPR, you may exercise the following rights:

  • right of access;
  • right to rectification;
  • right to erasure;
  • right to restriction of processing;
  • right to object to processing based on legitimate interest;
  • right to data portability where the legal conditions are met;
  • right to withdraw consent at any time for processing based on consent.

To exercise your rights, write to: [email protected]

We may ask for identity verification where necessary.

Complaints

If you believe that your rights have not been respected, you may lodge a complaint with the competent supervisory authority. In France, this authority is:

Commission Nationale de l'Informatique et des Libertes (CNIL)

  • Website: cnil.fr
  • Address: 3 Place de Fontenoy - TSA 80715 - 75334 Paris Cedex 07, France

Cookies

The website uses only cookies and trackers that are strictly necessary for operation, security, and technical service management. No advertising cookies, marketing personalisation cookies, or advertising trackers are used within the scope described in this policy. On that basis, no cookie consent banner is required.

Updates

This policy may be updated to reflect changes to the website, the processing actually carried out, or the applicable regulatory framework.

Last updated: March 4, 2026