Privacy Policy

1. Data Controller

Reloadium is operated by a French company and acts as the data controller for personal data processed through our services.

Contact: contact@reloadium.com

2. Data We Collect

We collect the minimum data necessary to provide and improve the service.

Account data

Your email address and display name, obtained via Google Sign-In (Firebase Authentication). We do not store your Google password.

Usage logs

Metadata about AI requests: app identifier, model used, token counts, credit cost, and timestamp. We do not log the content of your prompts or AI responses.

Credit balance

Your current credit balance and transaction history (credits added, credits deducted), stored in Firebase Realtime Database.

Payment data

Payment transactions are processed by Stripe. We store only the Stripe customer ID and subscription status. Card numbers and full payment details are never stored by Reloadium.

Analytics data

Page views, app usage events, device type, browser type, and approximate location (country/region), collected via Google Analytics (Firebase). Data is aggregated and used to understand usage patterns. Google Analytics does not collect your name, email, or prompt content.

Technical data

Standard server logs including IP address, browser type, and request timestamps, collected automatically by Firebase Hosting and Google Cloud.

App Check data

Firebase App Check uses Google reCAPTCHA Enterprise (invisible, score-based) to verify that requests originate from a genuine app instance. reCAPTCHA collects hardware and software information (such as device and application data) and sends it to Google for analysis. No personal data is collected beyond what is described in Google's reCAPTCHA terms.

3. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases under EU GDPR Article 6:

• Contract performance (Art. 6(1)(b)) — processing your account data, credit balance, and usage logs is necessary to deliver the service you subscribed to.
• Legitimate interests (Art. 6(1)(f)) — retention of aggregated usage logs for fraud detection, abuse prevention, and service improvement, where these interests are not overridden by your rights.
• Legal obligation (Art. 6(1)(c)) — retaining payment records to comply with French accounting and tax regulations.

4. How We Use Your Data

• Authenticate you and maintain your session.
• Track and deduct credits for each AI request you make.
• Process subscription and credit pack payments via Stripe.
• Detect and prevent fraudulent or abusive usage.
• Send transactional emails (payment receipts, subscription confirmations) via Stripe.
• Improve the service by analysing aggregated, anonymised usage patterns.
• Comply with legal obligations (tax records, law enforcement requests where legally required).

5. Third-Party Processors

We share data with the following sub-processors, each bound by data processing agreements:

Google Firebase (Auth, Realtime Database, Hosting, Cloud Functions)

Stores account data and credit balances, runs server-side functions, and hosts the web applications. Data is stored in the EU (europe-west1). Privacy policy: https://firebase.google.com/support/privacy

Google Gemini API

Processes AI prompts to generate responses. We use the paid tier, which means Google does not use your data to train AI models. Privacy policy: https://ai.google.dev/gemini-api/terms

Stripe

Processes payments and manages subscriptions. Stripe is the merchant of record for billing. Privacy policy: https://stripe.com/privacy

Google Analytics

Collects aggregated usage analytics (page views, app events, device info) to help us understand how the service is used and improve it. Data is processed in Google's infrastructure. Privacy policy: https://policies.google.com/privacy

Google reCAPTCHA Enterprise

Used via Firebase App Check to protect our API from abuse and ensure requests come from genuine app instances. reCAPTCHA Enterprise is invisible (no user interaction required) and score-based. Terms: https://cloud.google.com/terms/service-terms

6. Data Retention

• Account data: retained for as long as your account is active, plus 30 days after deletion to allow for recovery.
• Usage logs (AI request metadata): retained for 12 months for fraud detection and service improvement, then automatically deleted.
• Payment records: retained for 10 years to comply with French accounting regulations (Code de commerce, Art. L123-22).
• Credit balance: deleted when your account is deleted.
• Technical server logs: retained for 90 days by Google Cloud infrastructure, then automatically deleted.

7. Cookies and Local Storage

Reloadium uses browser localStorage (not cookies) for:

• Theme preference (dark/light mode) — key: `theme`.
• Language preference — key: `i18nextLng`.
• AI settings (preferred model, custom endpoint configuration) — key: `reloadium-ai-settings`.
• Firebase Authentication session token — managed automatically by the Firebase SDK.
• Google Analytics cookies (`_ga`, `_ga_*`) — used to distinguish unique users and sessions. These are first-party cookies set by the Google Analytics SDK. Retention: up to 2 years.

8. Your Rights (GDPR)

If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the following rights under GDPR:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate data.
• Right to erasure ("right to be forgotten") — request deletion of your account and associated personal data.
• Right to data portability — request your data in a machine-readable format.
• Right to restriction of processing — request that we limit how we use your data in certain circumstances.
• Right to object — object to processing based on legitimate interests.
• Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.

9. Exercising Your Rights

To exercise any of the rights listed above, contact us at contact@reloadium.com. We will respond within 30 days. We may ask you to verify your identity before processing your request.

You also have the right to lodge a complaint with the French data protection authority (CNIL) at https://www.cnil.fr if you believe we have not handled your data lawfully.

10. International Data Transfers

Our primary infrastructure (Firebase) stores data in the EU (europe-west1, Belgium). Some Google Cloud services and Stripe may process data in the United States.

Where data is transferred outside the EEA, it is protected by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an equivalent level of protection to that within the EEA.

11. Children's Privacy

The Service is not directed to children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, contact us at contact@reloadium.com and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Service and updating the "Last updated" date at the top of this page.

Your continued use of the Service after the effective date of any updated policy constitutes your acceptance of the changes.

13. Contact

For any privacy-related questions, data requests, or complaints, contact us at:

Email

contact@reloadium.com

Data Protection Authority (France)

CNIL — https://www.cnil.fr