This Privacy Policy describes how PIYA LLC collects, uses, stores, and protects your personal data when you use the website https://piya-web.com and the PIYA app (“the App”).
The showcase website piya-web.com is strictly informational. It does not collect personal data for commercial purposes. Certain technical data may be processed when accessing the website, such as security logs. Account management and subscription features are available through the Application or the related secure areas.
The processing activities described below mainly concern the PIYA Application. PIYA is committed to complying with:
The General Data Protection Regulation (GDPR – EU Regulation 2016/679)
International SaaS best practices
2. Controller du traitement
PIYA LLC Legal form: Limited Liability Company (LLC) Legal seat: Wyoming, United States Email : contact@piyamanagement.com
Representative in the EU: Nahardine MMADI
3. Personal data collected
3.1 Account data
Last name, first name, email address, profile picture
Account type (professional / team member and client)
3.2 Project data and content
Documents, photos, messages, and uploaded content
Interaction history within the Application
The user remains solely responsible for the content they upload, especially if it includes personal data relating to third parties.
3.3 Technical, analytics, and usage data
IP address, device type, operating system, browser
Connection and activity logs
Usage analytics data through Mixpanel
3.4 Payment data (paid services)
Processed by Stripe
Piya does not store banking data
3.5 Communications and security
Emails through SendGrid
4. Purposes and legal bases (GDPR)
Purpose
Example
Legal basis
Provide the service
Account creation, project management
Performance of a contract
Security & fraud prevention
OTP via SendGrid, logs, suspicious access detection
Legitimate interest
Analytics & improvement
Statistics through Mixpanel
Legitimate interest (hors UE) / Consentement (UE)
Notifications & communication
Essential transactional emails
Performance of a contract
Geolocation
Project tracking
Explicit consent (opt-in)
AI (OpenAI)
Text analysis of project descriptions (without voluntary transmission of sensitive personal data)
Performance of a contract
5. Sharing and processors
Data is never sold. Data is shared only with:
Hostinger – Hosting (EU)
AWS S3 – Storage & backups (EU & US)
Stripe – Secure payments (US & EU)
SendGrid – OTP delivery (US)
Firebase – Mobile notifications (US)
Mixpanel – Usage analytics (US)
OpenAI – AI processing (US, text prompts, without intentional processing of personal data)
Vercel – Support platform hosting (US)
All processors act under PIYA’s instructions and are subject to confidentiality and security commitments.
6. Transfers outside the EU & security
Transfers to the United States may occur based on Standard Contractual Clauses (SCCs) and/or the Data Privacy Framework, where available.
Security measures
TLS 1.3 in transit
AES-256 at rest for sensitive data
Restricted access and regular security logs
7. Cookies & trackers
Showcase website: no cookies collected
Application: analytics through Mixpanel to improve the user experience.
8. Retention periods de conservation
Account: until deletion
After deletion: 90-day retention, then permanent deletion
Billing: 6 years
Technical logs: 90 days
Data export is available within the Application.
9. User rights (GDPR)
Access, rectification, erasure
Portability
Restriction/objection
Complaint to the CNIL/local supervisory authority
Target response time: 30 days (extendable once). Identity verification may be required before processing.
10. Protection of minors
Piya is not intended for users under 16 years old (EU). No data is knowingly collected from minors.
11. Breach notification
The competent authority will be notified within 72 hours (GDPR)
Users will be informed in the event of a high risk
12. Changes
Piya LLC may modify this Policy at any time
Notification by email or in-app notice in the event of a major change