debounce.proBack to Home

GDPR Compliance

Last Updated: November 15, 2025

1. Our Commitment to GDPR Compliance

The Tichon Company, operating debounce.pro, is committed to complying with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This page provides detailed information about how we protect your personal data and ensure compliance with GDPR requirements.

Data Controller:

The Tichon Company

1 rue Corot, 75016 Paris, France

Phone: 06 12 45 78 98

Email: contact@debounce.pro

2. Legal Basis for Processing

We process personal data only when we have a valid legal basis under GDPR Article 6:

2.1 Consent (Article 6(1)(a))

We process data based on your explicit consent when you:

  • Accept cookies for analytics and preferences
  • Subscribe to marketing communications
  • Participate in surveys or feedback requests

You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

2.2 Contract Performance (Article 6(1)(b))

Processing is necessary to perform our contract with you:

  • Creating and managing your account
  • Providing email validation services
  • Processing payments and issuing invoices
  • Providing customer support

2.3 Legal Obligation (Article 6(1)(c))

Processing is necessary to comply with legal obligations:

  • Tax record retention (French tax law requires 7 years)
  • Responding to lawful requests from authorities
  • Compliance with accounting regulations

2.4 Legitimate Interests (Article 6(1)(f))

Processing is necessary for our legitimate interests:

  • Detecting and preventing fraud and security threats
  • Improving and optimizing our services
  • Conducting analytics to understand usage patterns
  • Enforcing our terms of service

We have conducted a legitimate interest assessment to ensure your rights are not overridden.

3. Your Rights as a Data Subject

Under GDPR, you have the following rights regarding your personal data:

✓ Right to Access (Article 15)

You have the right to request a copy of your personal data we hold.

How to exercise: Email contact@debounce.pro with "Data Access Request" in the subject line.

Response time: 30 days (may be extended to 60 days for complex requests)

✓ Right to Rectification (Article 16)

You have the right to correct inaccurate or incomplete personal data.

How to exercise: Update your account settings or email us with corrections.

✓ Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data in certain circumstances.

How to exercise: Email contact@debounce.pro with "Data Deletion Request."

Note: We may retain certain data where we have a legal obligation (e.g., billing records for tax purposes).

✓ Right to Restriction of Processing (Article 18)

You have the right to request that we restrict processing of your personal data in certain situations.

How to exercise: Email contact@debounce.pro with specific reasons for restriction.

✓ Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

How to exercise: Request data export via your dashboard or email us.

Format provided: JSON or CSV

✓ Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

How to exercise: Email contact@debounce.pro or use unsubscribe links in marketing emails.

✓ Right to Withdraw Consent (Article 7(3))

Where processing is based on consent, you have the right to withdraw consent at any time.

How to exercise: Adjust cookie settings, unsubscribe from emails, or contact us.

✓ Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with a supervisory authority.

French Supervisory Authority: Commission Nationale de l'Informatique et des Libertés (CNIL)

Website: www.cnil.fr

4. Technical and Organizational Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk (GDPR Article 32):

4.1 Technical Measures

  • Encryption: TLS/SSL for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access control (RBAC) and multi-factor authentication
  • Pseudonymization: Where applicable, personal data is pseudonymized
  • Regular Testing: Penetration testing and vulnerability assessments
  • Backup and Recovery: Regular automated backups with disaster recovery procedures
  • Monitoring: 24/7 security monitoring and intrusion detection systems

4.2 Organizational Measures

  • Staff Training: Regular GDPR and data protection training for all employees
  • Data Protection Policies: Comprehensive internal policies and procedures
  • Vendor Management: Due diligence and contractual safeguards with processors
  • Incident Response: Documented breach notification procedures
  • Privacy by Design: Data protection integrated into system design
  • Data Protection Impact Assessments: Conducted for high-risk processing

5. Data Processing Activities

In accordance with GDPR Article 30, we maintain records of processing activities:

Processing ActivityData CategoriesLegal BasisRetention
Account ManagementName, email, password hashContractActive + 30 days
Email ValidationEmail addresses, validation resultsContract90 days
Payment ProcessingBilling information, invoicesContract, Legal obligation7 years
AnalyticsUsage data, IP addressesConsent, Legitimate interest26 months
Customer SupportSupport tickets, communicationsContract, Legitimate interest3 years

6. International Data Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place as required by GDPR Chapter V:

6.1 Transfer Mechanisms

  • Standard Contractual Clauses (SCCs): We use EU Commission-approved SCCs with third-party processors
  • Adequacy Decisions: We rely on adequacy decisions where available
  • Supplementary Measures: Additional technical measures (encryption, pseudonymization) are implemented

6.2 Third-Party Processors

Service ProviderLocationSafeguard
Stripe (Payment Processing)USASCCs, Privacy Shield successor
Vercel (Hosting)USASCCs
Supabase (Database)EUEEA-based (no transfer)

7. Data Breach Notification

In accordance with GDPR Article 33 and 34, we have procedures in place for data breach management:

7.1 Breach Detection and Assessment

  • Continuous monitoring systems to detect potential breaches
  • Incident response team to assess severity and impact
  • Documentation of all security incidents

7.2 Notification Timeline

  • To Supervisory Authority (CNIL): Within 72 hours of becoming aware of the breach
  • To Affected Data Subjects: Without undue delay if high risk to rights and freedoms

7.3 Breach Communication

If we need to notify you of a breach, we will provide:

  • Nature of the breach
  • Likely consequences
  • Measures taken or proposed to address the breach
  • Contact point for more information

8. Data Protection Officer

While not legally required under GDPR Article 37 for our scale of operations, we have designated a Data Protection Officer (DPO) to oversee GDPR compliance:

Data Protection Officer

The Tichon Company

1 rue Corot

75016 Paris, France

Email: contact@debounce.pro

Subject line: "Attention: Data Protection Officer"

9. Privacy by Design and Default

In accordance with GDPR Article 25, we implement privacy by design and by default:

9.1 Privacy by Design

  • Data protection considerations integrated from the system design phase
  • Data minimization - we only collect necessary data
  • Purpose limitation - data used only for specified purposes
  • Storage limitation - automatic data deletion after retention periods

9.2 Privacy by Default

  • Strongest privacy settings applied by default
  • Non-essential cookies disabled by default
  • Marketing communications opt-in (not opt-out)
  • Minimal data processing by default

10. Accountability and Compliance

We demonstrate accountability through:

  • Documentation: Comprehensive records of processing activities
  • Policies: Internal data protection policies and procedures
  • Training: Regular staff training on GDPR compliance
  • DPIAs: Data Protection Impact Assessments for high-risk processing
  • Audits: Regular compliance audits and reviews
  • Contracts: GDPR-compliant data processing agreements with processors

11. Exercising Your Rights and Filing Complaints

11.1 Contact Us

To exercise any of your GDPR rights or for any data protection questions:

The Tichon Company

Data Protection Officer

1 rue Corot

75016 Paris, France

Phone: 06 12 45 78 98

Email: contact@debounce.pro

11.2 Supervisory Authority

You have the right to lodge a complaint with the French data protection authority:

Commission Nationale de l'Informatique et des Libertés (CNIL)

3 Place de Fontenoy - TSA 80715

75334 Paris Cedex 07, France

Phone: +33 1 53 73 22 22

Website: www.cnil.fr

Online complaint form: www.cnil.fr/fr/plaintes

12. Updates to GDPR Compliance

We continuously review and update our GDPR compliance practices. This page will be updated to reflect any changes in our data protection practices or in response to regulatory guidance. Significant changes will be communicated to users via email or website notice.