Privacy Policy

Last Updated: January 18, 2026

Introduction

Ethan Consulting (hereinafter “we”, “our”, “CountHub”) places great importance on protecting your personal data. This Privacy Policy describes how we collect, use, store, and protect your information when you use our CountHub.io service.

CountHub is a 100% GDPR-compliant service (General Data Protection Regulation) with exclusive hosting in France (European Union).

1. Data Controller

Company Name: Ethan Consulting Legal Form: SASU Address: 10 allées des boutons d’or, 78180 Montigny-le-Bretonneux, France SIRET: 801 930 694 00022 Email: contact[at]ethancg[dot]com

Data Protection Officer (DPO): Henrique VIDAL DPO Contact: contact[at]ethancg[dot]com

2. Data Collected

2.1 Registration Data

When you create a CountHub account, we collect:

First and last name (optional)
Email address (required - used as login identifier)
Password (hashed with bcrypt, never stored in plain text)
Preferred language (automatic browser detection)
Timezone (automatic detection)

2.2 Payment Data

For paid subscriptions, we collect via Stripe (PCI-DSS certified sub-processor):

Billing address (name, full address, postal code, country)
Payment information (credit card - stored by Stripe only, never by CountHub)
Stripe customer ID (to link your account to your payments)
Billing history (amounts, dates, payment statuses)

Important note: CountHub NEVER stores credit card numbers. All payment data is managed by Stripe (EU servers: Ireland and France).

2.3 Service Usage Data

When you use CountHub, we collect:

Countdowns created (target date, duration, custom text, language, timezone)
Customization settings (colors, fonts, size, GIF format)
Credit consumption (number of GIF views, creations, modifications)
Usage statistics (number of active countdowns, remaining credits)
API logs (HTTP requests, IP addresses, user-agents - 30-day retention)

2.4 Technical Data

IP address (for security, fraud detection, and rate limiting)
Browser information (user-agent, language, screen resolution)
Session cookies (authentication - see Cookie Policy)
Error logs (for debugging and service improvement)

2.5 Analytics Data

CountHub uses Plausible Analytics (hosted in Germany, GDPR-compliant):

Pages visited (without cookies, without cross-site tracking)
Country of origin (based on IP, without storing full IP)
Browser type and operating system
Referrer (website you came from)

Plausible is 100% cookie-free and does not require GDPR consent.

3. Legal Basis for Processing

In accordance with Article 6 of GDPR, we process your data on the following legal bases:

Data	Legal Basis	Purpose
Email, password	Contract (Art. 6.1.b)	Execution of subscription service
Billing address	Contract (Art. 6.1.b)	Invoicing and tax obligations
Payment data (Stripe)	Contract (Art. 6.1.b)	Payment processing
IP address, logs	Legitimate interest (Art. 6.1.f)	Security, fraud prevention
Analytics (Plausible)	Legitimate interest (Art. 6.1.f)	Service improvement
Email marketing	Consent (Art. 6.1.a)	Sending newsletters (opt-in only)

You can withdraw your consent at any time for email marketing.

4. Data Usage

We use your personal data only for:

4.1 Service Provision

✅ Create and manage your account
✅ Generate custom GIF countdowns
✅ Manage your subscription and credits
✅ Process your payments (via Stripe)
✅ Send you transactional emails (account confirmation, password reset, invoices)

4.2 Improvement and Security

✅ Detect and prevent fraud
✅ Enforce rate limits
✅ Analyze service performance (Plausible Analytics)
✅ Resolve technical issues (error logs)
✅ Improve user experience

4.3 Legal Obligations

✅ Retain billing data (French tax obligation - 10 years)
✅ Respond to legal requests from French authorities (if required by law)

📧 Newsletters and product updates (opt-in only)
📧 Promotional offers (opt-in only)

You can unsubscribe at any time via the “unsubscribe” link in each email.

5.1 Sub-processors (all EU-based)

CountHub shares your data only with the following sub-processors, all GDPR-compliant:

Sub-processor	Country (EU)	Purpose	Certification
Scaleway	🇫🇷 France	Hosting (servers, database, storage)	ISO 27001, HDS
Stripe	🇮🇪 Ireland / 🇫🇷 France	Payment processing	PCI-DSS Level 1
Brevo	🇫🇷 France	Transactional email delivery	ISO 27001
Plausible	🇩🇪 Germany	Cookie-free analytics	GDPR native

No data transfers to the United States or outside the European Union.

5.2 No Transfers to the United States

CountHub NEVER transfers your data to the United States, in compliance with the Schrems II ruling of the EU Court of Justice.

Why this matters:

❌ US CLOUD Act: US companies can be compelled to disclose your data to the US government
✅ CountHub (France): Subject only to French and European law

5.3 No Data Sales

We NEVER sell your personal data to third parties.

6. Retention Period

Data Type	Retention Period	Legal Basis
Active account	As long as account is active	Contract
Deleted account	30 days (grace period)	Legitimate interest
Billing data	10 years after last transaction	Tax obligation (France)
API logs	30 days	Legitimate interest (security)
Error logs	90 days	Legitimate interest (debugging)
Analytics (Plausible)	24 months (aggregated, anonymous)	Legitimate interest

After account deletion:

✅ All your personal data is deleted within 30 days
✅ Billing data is retained for 10 years (legal obligation)

In accordance with Articles 15 to 22 of GDPR, you have the following rights:

7.1 Right of Access (Art. 15)

You can request a copy of all your personal data.

How: Send an email to contact[at]ethancg[dot]com Response time: Maximum 1 month

7.2 Right to Rectification (Art. 16)

You can correct your inaccurate personal data.

How: Modify your information in your account settings, or contact us

7.3 Right to Erasure / “Right to be Forgotten” (Art. 17)

You can request deletion of your data.

How:

Delete your account in settings (automatic deletion within 30 days)
Or send an email to contact[at]ethancg[dot]com

Exceptions: Billing data will be retained for 10 years (legal tax obligation)

7.4 Right to Restriction of Processing (Art. 18)

You can request to limit the use of your data.

How: Contact us at contact[at]ethancg[dot]com

7.5 Right to Data Portability (Art. 20)

You can receive your data in a structured, commonly used, and machine-readable format (JSON).

How:

Export your countdowns from your dashboard
Or request a complete export at contact[at]ethancg[dot]com

7.6 Right to Object (Art. 21)

You can object to processing your data for marketing purposes.

How: Click “unsubscribe” in emails, or contact us

7.7 Right Not to be Subject to Automated Decision-Making (Art. 22)

CountHub uses no automated profiling or automated decision-making with legal effects on you.

8. Data Security

CountHub implements the following security measures to protect your data:

8.1 Technical Security

✅ Encryption in transit: HTTPS/TLS 1.3 (all communications)
✅ Encryption at rest: Available for database (Scaleway)
✅ Hashed passwords: bcrypt (never stored in plain text)
✅ Secure cookies: httpOnly, Secure, SameSite=Strict
✅ CSRF protection: Anti-CSRF tokens on all requests
✅ Rate limiting: IP-based request limiting (DDoS prevention)
✅ Input validation: Protection against SQL injection and XSS
✅ Secure authentication: Sessions with Better-Auth (secure library)

8.2 Organizational Security

✅ Restricted access: Only authorized personnel access data
✅ Audit logs: All data access is logged
✅ Daily backups: Database backed up automatically (7-day retention)
✅ Secure hosting: Scaleway (ISO 27001, HDS certified)

8.3 Data Breach Notification

In case of a personal data breach, we commit to:

✅ Notify CNIL within 72 hours (Art. 33 GDPR)
✅ Inform you directly if your rights are affected (Art. 34 GDPR)
✅ Take all measures to limit damage

9. Cookies

CountHub only uses essential cookies for service operation. No advertising tracking cookies are used.

For more information, see our Cookie Policy.

Cookies used:

Authentication session (httpOnly, secure)
CSRF protection (secure)
Language preference (optional)

No GDPR consent required (exempt cookies - Art. 5(3) ePrivacy Directive).

10. International Transfers

CountHub NEVER transfers your data outside the European Union.

✅ Hosting: France (Scaleway Paris DC3)
✅ Database: France (Scaleway Paris DC3)
✅ GIF storage: France (Scaleway Object Storage)
✅ Payments: Ireland/France (Stripe EU)
✅ Emails: France (Brevo)
✅ Analytics: Germany (Plausible)

Schrems II compliance: No risk of access by US government (US CLOUD Act).

11. Minors

CountHub is intended for users aged 18 and over.

If you are under 18, you must obtain parental consent before creating an account.

If we discover that a minor under 13 has created an account without parental consent, we will immediately delete the account.

12. Policy Changes

We may modify this Privacy Policy to reflect changes in our practices or for legal reasons.

In case of significant changes:

✅ We will inform you by email (30 days before effective date)
✅ The “Last Updated” date will be updated
✅ You can refuse changes by deleting your account

Check this page regularly to stay informed.

13. Complaint to CNIL

If you believe your GDPR rights are not being respected, you can file a complaint with the French supervisory authority:

Commission Nationale de l’Informatique et des Libertés (CNIL) 3 Place de Fontenoy TSA 80715 75334 Paris CEDEX 07 France

Phone: +33 1 53 73 22 22 Website: www.cnil.fr Complaint form: https://www.cnil.fr/fr/plaintes

14. Contact

For any questions regarding this Privacy Policy or exercising your GDPR rights:

Data Protection Officer (DPO): Henrique VIDAL Email: contact[at]ethancg[dot]com Postal Address: Ethan Consulting 10 allées des boutons d’or 78180 Montigny-le-Bretonneux France

Response time: Maximum 1 month (Art. 12.3 GDPR)

15. Data Processing Agreement (DPA)

For companies wishing to use CountHub as a data processor (Art. 28 GDPR), a Data Processing Agreement (DPA) is available upon request.

Contact us: contact[at]ethancg[dot]com

Document created on January 18, 2026 Compliant with GDPR (Regulation EU 2016/679) and French Data Protection Act Last revision: January 18, 2026