Back to home
Data protection

Privacy policy.

Lowai Dev is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act ("Loi Informatique et Libertés") as amended on 6 January 1978.

Last updated
19 April 2026
Version
1.0
Compliant with
GDPR · CNIL
— 01

Preamble

This privacy policy is intended to inform users of the lowai.dev website and clients of Lowai Dev about how their personal data is collected, processed, and protected.

It applies to any person who interacts with Lowai Dev, whether by visiting the site, completing a form, requesting a quote, subscribing to a service, or by any other means.

We are committed to collecting only strictly necessary data, processing it fairly and transparently, and protecting it with all due diligence.

— 02

Data controller

The data controller for personal data is:

Entity
[To fill in — Lowai Dev, full legal name]
Representative
[First name LAST NAME]
Address
[Registered address]
Dedicated email
privacy@lowai.dev
General email
contact@lowai.dev

Given the size of the organisation and the nature of its processing activities, Lowai Dev is not legally required to appoint a Data Protection Officer (DPO). All requests relating to personal data can be addressed directly to the data controller.

— 03

Data collected

We collect only the data necessary to deliver our services. No "sensitive" data within the meaning of Article 9 of the GDPR (ethnic origin, political opinions, religious beliefs, health data, sexual orientation, etc.) is collected.

Data collected directly via the quote form

  • Identification: first name, last name.
  • Contact details: email address, phone number (optional).
  • Professional information: company or project name (optional).
  • Project information: type of site required, number of pages, selected options, desired timeline, free-text message.

Data collected in the context of a project

  • Billing data: name, address, company registration number, VAT number where applicable.
  • Submitted content: texts, images, documents provided for the project.
  • Technical credentials: hosting access, domain names, third-party service credentials required for the project.

Data collected automatically

When simply browsing the site, certain technical data may be collected by our hosting provider for security and operational purposes: IP address, browser type, operating system, pages visited, date and time of connection. This data is anonymised after six (6) months.

No third-party tracking tool (such as Google Analytics) is active on the site by default without prior consent (see the Cookies section).

— 04

Purposes of processing

Data is collected and processed for the following purposes:

  • Responding to a quote request: processing the form, sending the estimate, following up with the person.
  • Delivering the project: communicating during the project, issuing quotes and invoices, delivering work.
  • Managing the business relationship: client follow-up, after-sales support, handling potential disputes.
  • Complying with legal obligations: retention of accounting documents, tax and social obligations.
  • Ensuring site security: prevention and detection of intrusion attempts, abuse, or fraud.

Data is not subject to any fully automated decision-making or profiling within the meaning of the GDPR.

— 05

Legal basis for processing

Each processing activity is based on a clear legal ground:

  • Performance of a contract or pre-contractual measures (Art. 6.1.b GDPR): for processing quote requests and delivering services.
  • Legal obligation (Art. 6.1.c GDPR): for retention of invoices and accounting documents.
  • Legitimate interest (Art. 6.1.f GDPR): for site security, management of the business relationship, and defence of Lowai Dev's interests in the event of a dispute.
  • Consent (Art. 6.1.a GDPR): for any processing requiring explicit authorisation (non-essential cookies, future commercial communications).
— 06

Data recipients

Data collected is strictly reserved for Lowai Dev and its potential technical sub-processors, who operate under controlled conditions.

No selling, no advertising

Lowai Dev does not sell, rent, or share your data with third parties for commercial or advertising purposes.

Sub-processors

Your data may be processed by the following providers, selected for their GDPR compliance:

Hosting
Hostinger International Ltd. — EU (Lithuania / Cyprus)
Payments
Stripe Payments Europe Ltd. — EU (Ireland)
Transactional email
Hostinger (SMTP)
Accounting
[Name of accounting software or firm]

Public authorities

Data may be transmitted to competent authorities (tax administration, police or judicial services) where required by law.

— 07

Retention periods

We retain your data for the period strictly necessary for the purposes for which it was collected:

Quote requests with no follow-up
3 years from last contact
Active client data
Duration of the business relationship
Inactive client data
3 years after last contact
Invoices & accounting records
10 years (legal obligation, art. L. 123-22 French Commercial Code)
Connection logs
6 months maximum
Cookies (if consent given)
13 months maximum

At the end of these periods, data is either permanently deleted or anonymised for statistical purposes.

— 08

Data security

Lowai Dev implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk:

  • Encrypted communications via HTTPS (SSL certificate).
  • Password hashing using current standards (bcrypt).
  • Protection against common attacks (CSRF, XSS, SQL injection).
  • Regular, encrypted backups.
  • Data access limited to strictly authorised persons.
  • Hosting with certified, GDPR-compliant providers.

Notification in the event of a breach

In the event of a personal data breach likely to result in a risk to the rights and freedoms of data subjects, Lowai Dev undertakes to:

  • Notify the incident to the CNIL within 72 hours.
  • Inform the affected individuals as soon as possible, in accordance with Article 34 of the GDPR.
— 09

Transfers outside the European Union

Lowai Dev gives preference to service providers based within the European Union. No personal data is transferred outside the EU without appropriate safeguards.

In the exceptional case where a transfer to a third country were necessary, it would be governed by one of the mechanisms provided for under the GDPR: an adequacy decision by the European Commission, standard contractual clauses, or binding corporate rules.

— 10

Your rights

In accordance with Articles 15 to 22 of the GDPR, you have the following rights over your personal data:

  • Right of access — Obtain confirmation that your data is being processed and receive a copy.
  • Right to rectification — Request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — Request deletion of your data, subject to legal retention obligations.
  • Right to restriction of processing — Request that the processing of your data be suspended in certain circumstances.
  • Right to data portability — Receive your data in a structured, commonly used, machine-readable format, or request its transmission to another data controller.
  • Right to object — Object at any time, on grounds relating to your particular situation, to processing based on legitimate interest.
  • Right to withdraw consent — Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to set post-mortem directives — You may define directives regarding the retention, deletion, and communication of your data after your death.

How to exercise your rights

To exercise any of these rights, send your request by email to privacy@lowai.dev or by post to the registered address.

To safeguard the confidentiality of your data, proof of identity may be requested in cases of reasonable doubt about your identity. A response will be provided within a maximum of one (1) month, extendable by two months for complex requests.

— 11

Cookies & trackers

The lowai.dev website uses a minimal number of cookies, strictly necessary for its proper operation.

Cookies in use

Technical session
Necessary for operation — no consent required
Preferences
Storing your browsing choices — duration 13 months

No advertising cookies

No advertising cookies, no social network trackers, and no third-party analytics tools are active by default on this site. Should an audience measurement tool be added in the future, a consent banner would be displayed and your choice would be respected.

Managing cookies

You can configure your browser at any time to refuse cookies. The main browsers offer dedicated settings:

  • Chrome: Settings → Privacy and security → Cookies
  • Firefox: Settings → Privacy & Security
  • Safari: Preferences → Privacy
  • Edge: Settings → Cookies and site permissions

Note: fully disabling cookies may affect certain features of the site.

— 12

Contact & complaints

Contact us

For any questions regarding this privacy policy or the processing of your personal data, you can contact us:

  • By email: privacy@lowai.dev
  • By post: at the registered address given in the legal notice

Complaint to the CNIL

If you believe that the processing of your personal data does not comply with applicable regulations, you have the right to lodge a complaint with the competent supervisory authority:

Authority
Commission Nationale de l'Informatique et des Libertés (CNIL)
Address
3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
Phone
+33 1 53 73 22 22
Website
www.cnil.fr

We would however invite you to contact us first: most situations can be resolved quickly and amicably.