Privacy Policy — Tipoo
Last updated: 26/04/2026
Preamble
This Privacy Policy describes how LecApp (hereinafter "the Publisher", "we", "us") collects, uses, retains, and protects the personal data of users of the Tipoo mobile application (hereinafter "the Application"), in compliance with:
- the General Data Protection Regulation (GDPR — EU Regulation 2016/679);
- the French Data Protection Act (Loi Informatique et Libertés), as amended;
- the guidelines of the CNIL (Commission Nationale de l'Informatique et des Libertés — French Data Protection Authority);
- the privacy requirements of the Apple App Store and Google Play Store.
By using the Application, the User acknowledges having read this Privacy Policy.
Article 1 — Identity of the Data Controller
The data controller for personal data collected through the use of the Application is:
LecApp Contact email: support@tipoo.fr Website: https://tipoo.fr
For any questions relating to the protection of your personal data, please contact us at: support@tipoo.fr
Article 2 — Data Collected
2.1 Data Relating to the User's Account
When creating and using their professional account, the User (professional pet groomer) directly provides us with the following data:
| Category | Data Collected | Purpose |
|---|---|---|
| Identity | First name, last name | Account identification |
| Professional contact | Email address | Authentication, service communications |
| Establishment | Name of the grooming establishment | Professional profile |
| Profile | Profile photo (optional) | Profile personalization |
2.2 Data Entered by the User into the Application (User's Client Data)
In the course of their professional activity, the User enters into the Application data concerning their own clients and their animals. The Publisher is not the data controller for this data: it acts as a data processor within the meaning of Article 28 of the GDPR.
This data includes:
| Category | Data Collected |
|---|---|
| User's clients | First name, last name, postal address, phone number, access codes (intercom, keypad codes) |
| Animals | Breed, name, date of birth, allergies, behavior, grooming history |
| Appointments | Dates, times, services performed |
| Invoicing | Invoice references, amounts, services |
This data is processed exclusively to enable the User to carry out their professional activity. It is never used for commercial purposes by the Publisher, nor shared with third parties.
Important: The User acts as data controller for their own clients' data. It is the User's responsibility to comply with their own GDPR obligations toward those individuals (information notices, legal basis, data subject rights, etc.).
2.3 Automatically Collected Data
| Category | Data Collected | Purpose |
|---|---|---|
| Technical data | Device type, operating system version, Application version | Stability and compatibility |
| Usage data | Error logs, crash reports | Service quality improvement |
The Application does not collect location data, contains no advertising, and performs no behavioral tracking for marketing purposes.
2.4 Data Not Collected
Tipoo does not collect:
- payment data (no payments are processed within the Application);
- GPS location data;
- biometric data;
- data relating to minors.
Article 3 — Legal Basis for Processing
In accordance with the GDPR, each data processing activity is based on an identified legal basis:
| Processing Activity | Legal Basis (GDPR Article 6) |
|---|---|
| User account management | Contract performance (Art. 6.1.b) |
| Provision of Application features | Contract performance (Art. 6.1.b) |
| Service improvement, error reporting | Legitimate interest of the Publisher (Art. 6.1.f) |
| Service-related communications | Contract performance and legitimate interest (Art. 6.1.b and 6.1.f) |
| Compliance with legal obligations | Legal obligation (Art. 6.1.c) |
| Processing of User's client data (data processing) | Performance of the data processing agreement |
Article 4 — Purposes of Processing
Personal data collected is used for the following purposes:
- Account creation and management: authentication, access to Application features;
- Service provision: secure storage and availability of the User's professional data;
- Service communications: sending important account-related notifications (updates to Terms, security incidents, major service changes);
- Continuous improvement: analysis of crash reports and aggregated usage data to improve Application stability and quality;
- Legal compliance: fulfilling applicable legal and regulatory obligations.
Article 5 — Recipients of Data
5.1 No Sharing with Third Parties for Commercial Purposes
Users' personal data is never sold, rented, or transferred to third parties for commercial or advertising purposes.
5.2 Technical Sub-Processors
The Publisher uses the following technical sub-processors for hosting and infrastructure management:
| Sub-Processor | Role | Location | Safeguards |
|---|---|---|---|
| Supabase, Inc. | Database hosting (PostgreSQL), authentication, file storage | United States (with EU region options) | European Commission Standard Contractual Clauses (SCCs) — Supabase Privacy Policy |
These sub-processors act exclusively on the Publisher's instructions and are bound by strict contractual obligations of confidentiality and security, in accordance with Article 28 of the GDPR.
5.3 Competent Authorities
The Publisher may be compelled to disclose personal data where required by law, including in response to a judicial order or instruction from a competent authority.
Article 6 — International Data Transfers
Application hosting is provided by Supabase, Inc., a company headquartered in the United States. This transfer is governed by the following mechanisms, in accordance with Chapter V of the GDPR:
- Standard Contractual Clauses (SCCs) adopted by the European Commission;
- Additional technical security measures, including encryption of data in transit (TLS) and at rest (AES-256).
Users are informed that their data may be hosted in data centers located outside the European Economic Area. The Publisher ensures that these transfers are governed by appropriate safeguards.
Article 7 — Data Security
The Publisher implements appropriate technical and organizational measures to protect data against loss, accidental destruction, unauthorized disclosure, or alteration, including:
- Encryption at rest: AES-256;
- Encryption in transit: TLS (Transport Layer Security) protocol;
- Secure authentication: password and session management via Supabase Auth;
- Access control: data access restricted to authorized Users only through Row Level Security (RLS) policies;
- Regular backups: performed by the hosting provider;
- Monitoring: access monitoring and anomaly detection.
Despite these measures, no data transmission or storage system can guarantee absolute security. Users are encouraged to take the necessary precautions to protect their own login credentials.
7.1 Data Breach Procedure
In the event of a personal data breach likely to result in a risk to the rights and freedoms of data subjects, the Publisher undertakes to:
- notify the CNIL within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR;
- inform affected Users without undue delay if the breach is likely to result in a high risk, in accordance with Article 34 of the GDPR.
Article 8 — Data Retention Periods
Personal data is retained for the following periods:
| Data Category | Retention Period |
|---|---|
| User account data (active account) | For the entire duration of service use |
| User account data (after termination) | 3 years from account closure, then deletion |
| User's client data | Retained during account activity; deleted within 30 days of User account deletion |
| Technical logs and error reports | 12 months |
| Billing and accounting data | 10 years in accordance with legal accounting obligations (if applicable) |
Upon expiry of these periods, data is securely deleted or anonymized.
Article 9 — Data Subject Rights
In accordance with the GDPR and the French Data Protection Act, Users and, where applicable, the Users' clients (in respect of data concerning them) have the following rights:
9.1 Right of Access (Art. 15 GDPR)
You have the right to obtain confirmation as to whether personal data concerning you is being processed, and to receive a copy of that data.
9.2 Right to Rectification (Art. 16 GDPR)
You have the right to obtain the rectification of inaccurate personal data concerning you and to have incomplete data completed.
9.3 Right to Erasure (Art. 17 GDPR)
You have the right to obtain the erasure of your personal data in the cases provided for by the GDPR (in particular where the data is no longer necessary in relation to the purposes for which it was collected).
9.4 Right to Restriction of Processing (Art. 18 GDPR)
You have the right to obtain restriction of processing of your data in the cases provided for by the GDPR.
9.5 Right to Data Portability (Art. 20 GDPR)
You have the right to receive your data in a structured, commonly used, and machine-readable format, and to transmit it to another data controller, where processing is based on consent or contract performance.
9.6 Right to Object (Art. 21 GDPR)
You have the right to object, on grounds relating to your particular situation, to the processing of your personal data where that processing is based on the Publisher's legitimate interests.
9.7 Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.
9.8 Exercising Your Rights
To exercise your rights, you may submit your request:
- By email: support@tipoo.fr
The Publisher commits to responding to all requests within one month of receiving the request (this period may be extended by two months in cases of complexity or high volume of requests, with prior notification to the User).
Proof of identity may be requested to verify the identity of the applicant.
9.9 Right to Lodge a Complaint with the CNIL
If you believe that the processing of your personal data does not comply with applicable regulations, you have the right to lodge a complaint with the competent supervisory authority:
Commission Nationale de l'Informatique et des Libertés (CNIL) 3 Place de Fontenoy — TSA 80715 — 75334 PARIS CEDEX 07 Phone: +33 (0)1 53 73 22 22 Website: https://www.cnil.fr
Article 10 — Cookies and Trackers
10.1 Mobile Application
The Tipoo mobile application does not use cookies. It may use technical identifiers specific to the mobile platform (session identifiers) that are strictly necessary for the operation of the service.
10.2 Website (tipoo.fr)
The tipoo.fr website may use technically necessary cookies for its operation. No advertising or marketing tracking cookies are used.
Article 11 — Children's Privacy
The Tipoo Application is intended exclusively for professional use and is not directed at persons under the age of 18. The Publisher does not knowingly collect personal data from minors. If the Publisher were to discover that it has inadvertently collected personal data from a minor, such data would be deleted as soon as possible.
Article 12 — No Advertising and No Data Sharing
Tipoo formally commits to:
- Not displaying advertising within the Application;
- Not selling Users' personal data to third parties;
- Not sharing data for advertising targeting purposes;
- Not performing profiling for commercial purposes.
Article 13 — Updates to the Privacy Policy
The Publisher reserves the right to modify this Privacy Policy at any time, including to reflect changes in legislation or regulation, or in Application features.
Material changes will be brought to Users' attention by:
- notification within the Application;
- email to the address registered upon sign-up.
The "Last updated" date at the top of this document is updated with each revision. Users are encouraged to review this Policy regularly.
Article 14 — Data Processing Agreement (DPA)
As a data processor for the data that the User enters into the Application (the User's client data), the Publisher undertakes to process such data exclusively on behalf of and on the instructions of the User (data controller), in accordance with Article 28 of the GDPR.
A Data Processing Agreement (DPA) can be provided to Users upon request. For any such request, please contact: support@tipoo.fr
Contact
For any questions regarding this Privacy Policy or the exercise of your rights:
LecApp Email: support@tipoo.fr Website: https://tipoo.fr
Competent supervisory authority: CNIL — https://www.cnil.fr
© LecApp — All rights reserved.