How we protect and use your personal data.
Last updated: 26 February 2026
Madeleine Agency (hereinafter "we", "our", or "us") is committed to protecting the privacy and security of its users' personal data. This privacy policy explains how we collect, use, share, and protect your personal information.
This policy complies with the General Data Protection Regulation (GDPR) and the French Data Protection Act.
Controller: Madeleine Agency
Legal form: SASU (Société par Actions Simplifiée Unipersonnelle)
Headquarters: 9 rue des Fauvelles, 92400 Courbevoie, France
Contact: our Contact page
DPO (Data Protection Officer): Not appointed
We use your personal data for: service delivery, billing, transactional and marketing communications (with consent), service improvement, security, and legal compliance.
We never sell your data to third parties.
We engage technical sub-processors to operate the service. Each sub-processor is bound by contractual data protection obligations.
| Service | Function | Location |
|---|---|---|
| Supabase | Database, authentication, file storage | Europe (Frankfurt) |
| Vercel | Platform hosting and deployment | United States (iad1 region) |
| Cloudflare Pages | Hosting of sites published via WebAtelier | Global network (CDN) |
| Stripe | Payment, billing, subscription management | United States / Europe |
| Anthropic (Claude Sonnet 4.6 and Opus 4.7) | Maia, AI agent: design, strategies, reasoning | United States |
| OpenAI | Vector embeddings for semantic search and Maia's memory | United States |
| fal.ai | AI image generation (Ideogram, FLUX) | United States |
| Replicate | AI image editing (Qwen) | United States |
| Resend | Transactional emails and native SendAtelier sends | United States |
| Sentry | Error monitoring and application performance | United States |
| Upstash Redis | Rate limiting (forms, analytics) | Europe (Frankfurt) / worldwide |
| Gandi | Domain name purchase and management for WebAtelier | France |
| LinkedIn API | OAuth connection and SocialAtelier publishing (LinkedIn) | United States |
| Meta Graph API | OAuth connection and SocialAtelier publishing (Facebook, Instagram) | United States |
These services comply with the GDPR or are covered by Standard Contractual Clauses (SCCs) issued by the European Commission.
MarketingAtelier uses artificial intelligence to deliver certain features. It is important that you understand how your data interacts with these systems.
AI commitments
You have rights in relation to your personal data: access, rectification, erasure, objection, restriction, portability, and withdrawal of consent at any time.
To exercise your rights: please use our contact form. We will respond within a maximum of 30 days.
You may also lodge a complaint with the CNIL, the French data protection authority (cnil.fr).
HTTPS / TLS encryption on all communications, hashed passwords, API keys and tokens encrypted with AES-256-GCM at rest, access restricted by row-level security (RLS), regular backups, 24/7 monitoring.
For any queries: our Contact page.