Privacy
Your data belongs to you
GDPR-native. Zero-Knowledge by default. No dark patterns.
Controller
Un pour tous et tous pour un (RNA W751278475) is the data controller for Bonjour.
What we collect
- Account: name, email, hashed password, role.
- Usage: activity log (kept for analytics and auditability).
- Payments: handled by Stripe and PayPal — we never see card numbers.
- Sanctuary files: encrypted in your browser; we cannot read them.
Sanctuary mode
When Sanctuary mode is on, files and AI drafts are encrypted with AES-GCM 256 before they leave your device. Keys live in RAM and are wiped when you close the tab.
48-hour rule
Files uploaded in Sanctuary mode are auto-deleted after 48 hours. The activity log stays for statistical analysis but never contains file contents.
Your rights
Access, rectification, erasure, portability, restriction and objection — write to contact@unpourtousettouspourun-asso.fr. You may also lodge a complaint with the CNIL.
Sub-processors
Cloudflare (hosting), Supabase (database & auth, EU region), Stripe, PayPal, Lovable AI Gateway.