← Back to home Legal · GDPR

Privacy Policy

This policy describes how Barel collects, uses and protects your personal data, in compliance with the General Data Protection Regulation (GDPR) and the French Data Protection Act.

Last updated: April 28, 2026 Version: 1.0

1. Data controller

The controller of personal data is:

CompanyDEVOP SAS
SIREN939 144 325
Registered office1225 rue du Mouliès, 40160 Parentis-en-Born, France
Legal representativeFlorent Togniotti
GDPR contact[email protected]

2. Data collected

2.1 Data provided directly by the User

  • Identification data: last name, first name, business email, password;
  • Billing data: company name, address, VAT number, payment method (handled by Stripe);
  • LinkedIn data: credentials for your LinkedIn account (encrypted), profile, conversations, contacts;
  • Prospecting data: imported prospect lists (name, role, company, email, LinkedIn profile).

2.2 Data collected automatically

  • Connection data: IP address, browser, operating system, access dates and times;
  • Usage data: pages visited, features used, anonymized statistics;
  • Cookies (see section 10).

3. Processing purposes

Your data is collected and processed for the following purposes:

  • Creating and managing your account;
  • Providing the Service (sending messages, Inbox management, lead qualification);
  • Billing and payment management;
  • Customer support and technical assistance;
  • Service improvement and new feature development;
  • Marketing communications (with your consent, 1-click unsubscribe);
  • Compliance with legal and regulatory obligations.

4. Legal bases

In accordance with article 6 of the GDPR, processing is based on the following:

  • Performance of contract: data necessary to provide the Service;
  • Consent: marketing communications, non-essential cookies;
  • Legitimate interest: security, fraud prevention, Service improvement;
  • Legal obligation: accounting and tax retention.

5. Retention period

Active accountFor the entire duration of Service use
Inactive account3 years after last login
Billing data10 years (accounting obligation)
Connection logs1 year
Cookies13 months maximum
Prospecting dataDeleted upon account cancellation

6. Recipients & sub-processors

Your data is accessible to authorized teams at Devop SAS and to our technical sub-processors, strictly limited to their needs:

CloudflareHosting & CDN (USA, global edge network)
StripePayment processing (EU/USA)
OpenAI / AnthropicArtificial intelligence models
SendGrid / PostmarkTransactional emails
Google AnalyticsAnonymized statistics (with consent)

All our sub-processors are contractually committed to GDPR compliance via Data Processing Agreements (DPAs).

7. Transfers outside the European Union

Some sub-processors may process data in the United States (Cloudflare, Stripe, OpenAI). These transfers are framed by:

  • The EU-US Data Privacy Framework (DPF) for certified sub-processors;
  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Additional technical measures (encryption, pseudonymization).

8. Security

Barel implements appropriate technical and organizational measures to protect your data:

  • Encryption in transit (TLS 1.3) and at rest (AES-256);
  • Strong authentication (2FA available);
  • Regular security audits;
  • Encrypted automatic backups;
  • Strict access policy based on the principle of least privilege.

In the event of a data breach likely to result in a risk to your rights and freedoms, we will notify the CNIL within 72 hours and inform you without undue delay.

9. Your GDPR rights

In accordance with articles 15 to 22 of the GDPR, you have the following rights:

  • Right of access: obtain a copy of the data concerning you;
  • Right to rectification: correct inaccurate or incomplete data;
  • Right to erasure: request the deletion of your data ("right to be forgotten");
  • Right to restriction: restrict the processing of your data;
  • Right to portability: retrieve your data in a structured format;
  • Right to object: object to processing, particularly for prospecting purposes;
  • Right to withdraw your consent at any time;
  • Right to set instructions regarding the fate of your data after death.

To exercise these rights, write to [email protected] stating your request and attaching proof of identity if necessary. We respond within 30 days.

10. Cookies

The site uses cookies to ensure its operation, measure traffic and improve your experience.

10.1 Cookie categories

  • Essential cookies: session, authentication, cart (no consent required);
  • Analytics cookies: Google Analytics, anonymized audience measurement (consent required);
  • Marketing cookies: only with explicit consent.

10.2 Managing cookies

You can change your preferences at any time via the cookie banner or your browser settings.

11. Contact & complaints

For any question regarding this policy or your data:

📧 [email protected]
📍 Devop SAS, 1225 rue du Mouliès, 40160 Parentis-en-Born, France

If you believe your rights are not respected, you may lodge a complaint with the French Data Protection Authority (CNIL):

🌐 www.cnil.fr
📍 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07

A question about your data? We respond to any GDPR request within 30 days.
Contact our team →