Logo Countz.ioCountz.io
Create

Privacy policy

Last updated: May 17, 2026

This policy describes how Countz.io ("we", "Countz") collects, uses and protects your personal data when you use countz.io. It complies with the EU General Data Protection Regulation (GDPR) and the French Informatique et Libertés act.

1. Data controller

The data controller is the publisher of Countz.io. For any question about your data, contact us at the email listed in the legal notice.

2. Data we collect

We only collect data necessary to run the service:

  • Countdown content you create (message, target date, design). No account required.
  • Email address (optional) if you enable email reminders or payment notification.
  • Payment data handled exclusively by Stripe — we never store card numbers.
  • Technical data (IP address, user-agent, visited pages) processed by our host (Vercel) for security and logging.
  • Analytics cookies (PostHog, Vercel Analytics) only if you consent via the cookie banner.

3. Purposes and legal bases

  • Providing the service (creating, sharing, displaying countdowns) — contractual performance (GDPR Art. 6.1.b).
  • Sending email reminders — explicit consent (GDPR Art. 6.1.a).
  • Processing premium payments via Stripe — contractual performance.
  • Audience measurement and service improvement — consent (GDPR Art. 6.1.a), via the cookie banner.
  • Security, abuse prevention, server logs — legitimate interest (GDPR Art. 6.1.f).

4. Retention

  • Countdowns: kept while active; deleted on request at any time.
  • Reminder email addresses: deleted as soon as you unsubscribe (link at the bottom of every email).
  • Marketing email addresses (if you consent): kept until you opt out.
  • Stripe payment data: retained by Stripe under its own legal rules (10 years for accounting).
  • Analytics data: 14 months maximum (CNIL recommendation).

5. Sub-processors

We share certain data with carefully selected providers:

  • Vercel Inc. (hosting, USA — Standard Contractual Clauses)
  • Supabase Inc. (database, EU)
  • Stripe Inc. (payments, GDPR-certified)
  • Resend (transactional emails)
  • PostHog (analytics, EU — eu.posthog.com)

6. Your rights

Under GDPR Articles 15 to 22, you have the following rights:

  • Right of access to your data
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to object to processing
  • Right to data portability
  • Right to withdraw your consent at any time

To exercise these rights, contact us via the email in the legal notice. You can also use our automated endpoints: deletion (/api/me/delete) and export (/api/me/export).

You may also lodge a complaint with the CNIL (www.cnil.fr).

7. Cookies and trackers

We use strictly necessary cookies (preferences, language) that do not require consent, and analytics cookies subject to your consent via the banner. You can change your choices at any time via the "Manage cookies" link at the bottom of any page.

8. Contact

For any question about this policy or your data, reach us via the contact information in the legal notice.