Privacy Policy
Last updated: April 13, 2026
Summary: Anticips does not sell your data, does not track you, uses no advertising cookies, and integrates no third-party analytics. Your data stays in Europe, isolated from other clients' data.
1. Data Controller
The data controller is the operator of Anticips, a sole proprietor registered in France.
SIREN: 980 901 011 · Email:
2. Data Collected
Account data: Name, email address, hashed password — for authentication purposes.
Business data (incidents, sites, assets): Incident descriptions, attached photos, site/asset locations, resolution statuses — for the operation of the maintenance management service.
Billing data: Payment details are processed directly by Stripe. Anticips stores no credit card data — only a Stripe customer ID.
Technical logs: Error and access logs retained for maintenance and security, not used for advertising or analytics.
3. Cookies
Anticips uses no tracking cookies, no third-party analytics (Google Analytics, Hotjar, etc.), and serves no targeted advertising.
| Cookie | Purpose | Duration |
|---|---|---|
| laravel_session | User session (authentication) | Session |
| XSRF-TOKEN | CSRF protection (security) | Session |
| locale | Language preference (FR/EN) | Session |
These cookies are strictly necessary for the application to function and do not require consent under the ePrivacy Directive.
4. Retention
— Active account data: retained for the duration of the subscription.
— After cancellation: data is kept in read-only mode for 30 days, then permanently deleted.
— Technical logs: maximum 90 days.
5. Sub-processors & Data Sharing
| Provider | Role | Location |
|---|---|---|
| Railway Corporation | Hosting (database + server) | Europe (EU region) |
| Stripe, Inc. | Online payment processing | US / Europe |
| Anthropic, PBC | AI analysis of incidents (text descriptions only) | United States |
| Resend | Transactional email delivery | United States |
No data is sold or shared for advertising or commercial purposes.
6. Data Isolation (multi-tenant)
Each client account has a dedicated, isolated database schema. One client's data is never accessible by another client. This architecture ensures strict data separation.
7. Your Rights (GDPR)
Under GDPR, you have the following rights:
— Access: obtain a copy of your personal data
— Rectification: correct inaccurate data
— Erasure: request deletion of your data
— Portability: receive your data in machine-readable format
— Objection: object to a specific processing activity
To exercise these rights:
. Response within 30 days.
If you believe your rights are not being respected, you may lodge a complaint with the relevant supervisory authority.
8. Security
Data is transmitted over HTTPS (TLS 1.2+). Passwords are hashed using bcrypt. Access to production data is strictly limited.