Rechtliches
Richtlinien und Bedingungen für die Nutzung von AutomationView.
Privacy Policy
AutomationView - Privacy Policy
Last Updated: 01/04/2026
1. Introduction
RCAutomSolutions, a French Société par Actions Simplifiée (SAS) registered under number 101 673 341 R.C.S. Dijon with its registered office at 14 E Rue Pierre de Coubertin, France (“Company”, “We”, “Us”, or “Our”), is committed to protecting your privacy and personal data.
This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you:
- Visit our website at https://automationview.app (“Website”);
- Create an account and manage your licence;
- Download, install, and use the AutomationView desktop software (“Software”);
- Contact our support team;
- Purchase a subscription through our payment partner Paddle.
This Privacy Policy is drafted in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the French Loi n° 78-17 du 6 janvier 1978 relative à l’informatique, aux fichiers et aux libertés (“Loi Informatique et Libertés”), and the ePrivacy Directive 2002/58/EC as transposed into French law.
2. Data Controller
The data controller responsible for the processing of your personal data described in this Privacy Policy is:
RCAutomSolutions 14 E Rue Pierre de Coubertin 21000, Dijon, France
RCS Dijon 101 673 341 R.C.S. Dijon SIRET: 101 673 341 00018
Data Protection Contact: Email: contact@rcautomsolutions.com Postal address: 14 E Rue Pierre de Coubertin
3. Personal Data We Collect
We collect different categories of personal data depending on your interaction with us. Below is a detailed breakdown.
3.1 Account Registration and Authentication
When you create an account on our Website or within the Software, we collect:
| Data Category | Specific Data | Purpose |
|---|---|---|
| Identity data | Full name, email address | Account creation, communication |
| Authentication data | Password (hashed), Firebase User ID (UID) | Secure access to your account |
| Account metadata | Account creation date, last login date | Account management |
This data is processed through Google Firebase Authentication.
3.2 Purchase and Transaction Data
When you purchase a subscription, your payment is processed by Paddle.com Market Limited (“Paddle”), our Merchant of Record. Paddle collects and processes your payment data directly.
Data processed by Paddle (as independent data controller):
- Full name, billing address, email address
- Payment method details (credit card number, PayPal account, etc.)
- VAT/tax identification numbers (for business purchases)
- Transaction history, invoices
We do not collect, process, or store your payment method details. Paddle shares the following limited data with us for order fulfilment purposes:
| Data Received from Paddle | Purpose |
|---|---|
| Email address | Licence activation, account linking |
| Country of residence | Tax compliance, regional compliance |
| Subscription plan and status | Licence provisioning |
| Transaction identifier and amount | Order records, support |
For details on how Paddle processes your data, please refer to Paddle’s Privacy Policy.
3.3 Licence Verification Data
The Software periodically communicates with our servers to verify your licence. During this process, the following data is transmitted:
| Data Category | Specific Data | Purpose |
|---|---|---|
| Licence data | Licence key or subscription identifier | Verify active subscription |
| Device data | Unique device identifier (generated locally) | Enforce seat/device limits |
| User identifier | Firebase UID | Link licence to account |
| Software data | Application version, operating system type and version | Compatibility and support |
3.4 Website Analytics (Umami)
We use Umami, a self-hosted, privacy-focused analytics solution, to understand how visitors use our Website. Umami collects:
- Page views and page URLs visited
- Referral source (the page you came from)
- Browser type and version
- Operating system
- Device type (desktop, mobile, tablet)
- Country of origin (derived from IP address, which is not stored)
Umami does not use cookies, does not collect personal data, and does not track individual users across sessions. IP addresses are used transiently for geolocation only and are never stored. All analytics data is aggregated and cannot be used to identify individual visitors.
Umami is hosted on our own server at IONOS within the European Union. No data is transferred to third parties.
3.5 Software Analytics (Firebase Analytics) - Consent-Based
With your explicit consent, the Software may collect usage analytics through Google Firebase Analytics to help us improve the product. This data includes:
| Data Category | Specific Data | Purpose |
|---|---|---|
| App instance ID | Anonymous identifier generated per installation | Distinguish installations (not users) |
| Usage events | Features used, actions performed (anonymised) | Product improvement |
| Session data | Session duration, frequency of use | Usage patterns |
| Device information | OS version, device model, screen resolution | Compatibility optimisation |
| Crash data | Error logs, stack traces (no personal data) | Bug fixing and stability |
This analytics collection is entirely optional and opt-in. On first launch of the Software, you will be presented with a clear consent dialog. Analytics collection is disabled by default and will only be activated if you provide explicit consent. You may change your preference at any time in the Software’s settings.
Firebase Analytics data is processed by Google LLC and may be transferred to servers located in the United States (see Section 8 - International Data Transfers).
3.6 Support Communications
When you contact us for support, we may collect:
- Your name and email address
- The content of your communications
- Any files or screenshots you share
- Technical information about your system and Software installation (if provided)
4. Legal Basis for Processing
Under the GDPR, we process your personal data based on the following legal grounds:
| Processing Activity | Legal Basis (GDPR Article) | Details |
|---|---|---|
| Account creation and authentication | Article 6(1)(b) - Contractual necessity | Processing is necessary to provide you with an account and access to the Software |
| Licence verification | Article 6(1)(b) - Contractual necessity | Processing is necessary to verify your subscription and enforce licence terms |
| Purchase and order fulfilment | Article 6(1)(b) - Contractual necessity | Processing data received from Paddle to provision your licence |
| Website analytics (Umami) | Article 6(1)(f) - Legitimate interest | Our legitimate interest in understanding Website usage to improve our services. Umami is privacy-respecting, uses no cookies, and collects no personal data. This processing qualifies for the CNIL audience measurement consent exemption. |
| Software analytics (Firebase) | Article 6(1)(a) - Consent | Collected only with your explicit, freely given, informed, and specific consent |
| Support communications | Article 6(1)(b) - Contractual necessity or Article 6(1)(f) - Legitimate interest | Necessary to respond to your requests and provide technical assistance |
| Legal compliance and record-keeping | Article 6(1)(c) - Legal obligation | Retention of transaction records as required by French commercial and tax law |
| Renewal notifications | Article 6(1)(c) - Legal obligation | Required by French consumer protection law (Articles L215-1 to L215-3 Code de la consommation) |
5. Data Sharing and Third-Party Processors
We share your personal data only with the following third parties, each acting in a specific capacity:
5.1 Paddle.com Market Limited - Independent Data Controller
Role: Independent data controller (not a data processor) Data shared: Paddle collects and controls buyer payment data independently. We receive limited order data from Paddle (see Section 3.2). Location: United Kingdom, Ireland, United States Privacy Policy: https://www.paddle.com/legal/privacy
Paddle and the Company each act as independent data controllers for the personal data they respectively process. Paddle determines its own purposes and means of processing for payment and transaction data.
5.2 Google LLC (Firebase) - Data Processor / Sub-processor
Role: Data processor (for Authentication, Cloud Functions, Firestore) and processor/joint controller (for Firebase Analytics) Services used: Firebase Authentication, Firebase Cloud Functions, Cloud Firestore, Firebase Analytics (consent-based only) Data processed: Account data, licence verification data, usage analytics (with consent) Location: Data may be processed in the United States and other countries where Google operates facilities Legal framework: EU-U.S. Data Privacy Framework; Standard Contractual Clauses (SCCs) DPA: Firebase Data Processing and Security Terms Privacy information: https://firebase.google.com/support/privacy
5.3 IONOS SE - Data Processor
Role: Data processor (hosting provider) Services used: Web hosting, server infrastructure Data processed: All data hosted on the Website and server (account data, Umami analytics database) Location: European Union (Germany) DPA: IONOS standard Data Processing Agreement
5.4 Umami - Self-Hosted (No Third Party)
Umami is self-hosted on our own server at IONOS within the EU. No data is transmitted to any third party in connection with Umami analytics. The Company is both the data controller and the operator of the Umami instance.
5.5 No Sale of Personal Data
We do not sell, rent, or trade your personal data to any third party for marketing, advertising, or any other commercial purpose.
6. Cookies and Tracking Technologies
6.1 Website
Our Website uses a minimal approach to cookies and tracking:
| Technology | Type | Purpose | Consent Required? |
|---|---|---|---|
| Firebase Authentication | Local storage / IndexedDB | Maintain your authenticated session - strictly necessary for logged-in functionality | No (strictly necessary) |
| Umami Analytics | No cookies, no local storage | Privacy-respecting website analytics | No (CNIL audience measurement exemption) |
We do not use any advertising cookies, marketing trackers, social media pixels, or third-party tracking scripts on our Website.
Because we only use strictly necessary storage (Firebase Auth) and a CNIL-exempt analytics tool (Umami), a cookie consent banner is not currently required under the ePrivacy Directive as interpreted by the CNIL. However, we transparently disclose all technologies used on this page.
If we introduce any non-essential cookies or tracking technologies in the future, we will update this Privacy Policy and implement a consent management mechanism before deployment.
6.2 Desktop Software
The Software itself does not use cookies. The Software may store the following data locally on your Device:
| Data Stored Locally | Purpose |
|---|---|
| Authentication tokens | Maintain your logged-in session |
| Licence verification cache | Allow offline operation during the grace period |
| User preferences and settings | Personalise your experience |
| Firebase Analytics data (if consented) | Queued analytics events awaiting transmission |
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
| Data Category | Retention Period | Justification |
|---|---|---|
| Account data (active user) | Duration of the account | Contractual necessity |
| Account data (inactive user) | 3 years after last interaction | CNIL recommendation; to facilitate account reactivation |
| Transaction and billing records | 10 years from the transaction date | French Commercial Code (Article L123-22) and tax law obligations |
| Licence verification logs | Duration of the active subscription | Contractual necessity |
| Website analytics (Umami) | Maximum 25 months | CNIL audience measurement exemption condition |
| Software analytics (Firebase) | Maximum 14 months | Configured in Google Analytics 4 settings |
| Support communications | 3 years after resolution | Legitimate interest; statute of limitations |
| Consent records | 5 years from the date of consent | Proof of compliance with GDPR consent requirements |
After the applicable retention period expires, personal data is securely deleted or anonymised.
8. International Data Transfers
Some of our service providers process data outside the European Economic Area (EEA). We ensure that adequate safeguards are in place for all international transfers:
| Provider | Data Transferred | Destination | Legal Mechanism |
|---|---|---|---|
| Google LLC (Firebase) | Account data, licence data, analytics (if consented) | United States | EU-U.S. Data Privacy Framework (DPF); Standard Contractual Clauses (SCCs) as fallback |
| Paddle.com Market Limited | Payment and transaction data (as independent controller) | United Kingdom, United States | UK Adequacy Decision (28 June 2021); Standard Contractual Clauses (Module 1: Controller-to-Controller) |
| IONOS SE | All hosted data | European Union (Germany) | No transfer outside EEA - no additional safeguards required |
You may request a copy of the applicable Standard Contractual Clauses by contacting us at contact@rcautomsolutions.com.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encryption in transit: All data transmitted between your browser/Software and our servers is encrypted using TLS 1.2 or higher.
- Encryption at rest: Sensitive data stored on our servers is encrypted.
- Authentication security: Passwords are hashed using industry-standard algorithms (Firebase Authentication). We do not store plaintext passwords.
- Access controls: Access to personal data is restricted to authorised personnel on a need-to-know basis.
- Infrastructure security: Our servers are hosted by IONOS within the EU, benefiting from IONOS’s physical and network security measures.
- Firebase security: Firebase services comply with SOC 1, SOC 2, SOC 3, and ISO 27001 certifications.
- Regular reviews: We periodically review our security measures and update them as necessary.
While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
10. Your Rights Under the GDPR
As a data subject, you have the following rights under the GDPR. You may exercise any of these rights by contacting us at contact@rcautomsolutions.com.
10.1 Right of Access (Article 15)
You have the right to obtain confirmation as to whether we process your personal data, and if so, to access that data along with information about the purposes, categories, recipients, retention periods, and your rights.
10.2 Right to Rectification (Article 16)
You have the right to request the correction of inaccurate personal data and the completion of incomplete data.
10.3 Right to Erasure - “Right to be Forgotten” (Article 17)
You have the right to request the deletion of your personal data when:
- The data is no longer necessary for the purposes for which it was collected;
- You withdraw consent (for consent-based processing);
- You object to processing and there are no overriding legitimate grounds;
- The data has been unlawfully processed.
This right is subject to legal retention obligations (e.g., the 10-year retention of transaction records under French law).
10.4 Right to Restriction of Processing (Article 18)
You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of the data or have objected to processing pending verification.
10.5 Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller, where the processing is based on consent or contract and carried out by automated means.
10.6 Right to Object (Article 21)
You have the right to object to processing based on legitimate interest (Article 6(1)(f)) at any time. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
For website analytics (Umami): You may opt out at any time by [enabling the “Do Not Track” setting in your browser / using our opt-out mechanism at https://automationview.app/privacy-settings].
10.7 Right to Withdraw Consent (Article 7(3))
Where processing is based on your consent (specifically, Firebase Analytics in the Software), you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal. You may withdraw consent through the Software’s settings menu.
10.8 Right to Lodge a Complaint
If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. The competent authority in France is:
Commission Nationale de l’Informatique et des Libertés (CNIL) 3 Place de Fontenoy, TSA 80715 75334 Paris Cedex 07, France Website: https://www.cnil.fr
You may also lodge a complaint with the supervisory authority of the EU Member State where you reside or work.
10.9 How to Exercise Your Rights
To exercise any of your rights, please contact us at:
Email: contact@rcautomsolutions.com Postal address: 14 E Rue Pierre de Coubertin
We will respond to your request within one (1) month of receipt. This period may be extended by two (2) further months for complex or numerous requests, in which case we will inform you of the extension within the first month.
We may request additional information to verify your identity before processing your request.
11. Children’s Privacy
AutomationView is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16 without verifiable parental consent.
If the School plan is used in an educational setting involving students under 16, the educational institution is responsible for obtaining any necessary parental consent and for ensuring compliance with applicable laws, including the GDPR’s provisions on children’s data (Article 8).
If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take steps to delete that data promptly.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
For material changes (new categories of data collected, new third-party processors, changes in legal basis), we will:
- Notify you via email at least thirty (30) days before the changes take effect;
- Update the “Last Updated” date at the top of this page;
- Where required, obtain your renewed consent.
For non-material changes (clarifications, formatting), we will update the page and the “Last Updated” date.
We encourage you to review this Privacy Policy periodically.
13. Contact Information
For any questions, concerns, or requests related to this Privacy Policy or to the processing of your personal data:
RCAutomSolutions 14 E Rue Pierre de Coubertin 21000, Dijon, France
Data Protection Contact: contact@rcautomsolutions.com
For payment and billing-related privacy inquiries: Paddle.com Market Limited Privacy Policy: https://www.paddle.com/legal/privacy
This Privacy Policy was last updated on 01/04/2026.