Privacy Notice

1. Who we are

Sandrine. ("we", "us", "our") operates the Sandrine. platform (the "Service"). For personal data we collect about you when you use the Service, we are the data controller. For payment and billing data, our reseller Paddle.com acts as Merchant of Record and as a separate controller — see Paddle's privacy policy for details.

You can contact us about privacy at support@sandrine.life.

2. What we collect, why, and on what basis

• Account data — email address, name, password hash, language preference, plan tier. Used to create and secure your account, deliver the Service, and contact you about it. Legal basis: performance of contract.
• Manuscript and project content — the text, images, audio, and metadata you upload or generate inside the Service. Used solely to provide the editing, cover, formatting, publishing, and marketing features you ask for. Legal basis: performance of contract. We do not use your manuscript to train AI models.
• AI prompts and generated outputs — what you ask our AI features and what they return. Used to deliver the feature and, in aggregate and de-identified form, to monitor quality and misuse. Legal basis: performance of contract; legitimate interests in maintaining a safe Service.
• Usage and device data — pages visited, features used, error logs, IP address, browser, device type, approximate location derived from IP. Used to operate, secure, and improve the Service and to prevent fraud. Legal basis: legitimate interests; legal obligation for security logs.
• Support messages — what you send us when you ask for help. Used to answer you and to improve our docs. Legal basis: performance of contract; legitimate interests.
• Marketing communications — your email address and preferences if you opt in to product updates. You can unsubscribe at any time. Legal basis: consent.

Payment-related data (card details, billing address, tax ID, purchase history) is collected directly by Paddle when you check out. We receive a confirmation that the purchase succeeded, the customer reference, and the plan, but not your card number.

3. Who we share data with

We share personal data only with the categories of recipients required to operate the Service, all under written contracts that require them to protect your data:

• Hosting and infrastructure providers — to store and serve the Service.
• AI model providers — to process the prompts and content needed to deliver AI features. These providers process your content under contractual terms that prohibit using it to train their models.
• Analytics, error monitoring, and security tooling — to keep the Service stable and to detect abuse.
• Email delivery providers — to send transactional email (account confirmation, password reset, receipts).
• Paddle.com, our Merchant of Record — for sale of the Service, subscription management, payments, tax compliance, invoicing, and refund handling.
• Professional advisers — legal, accounting, and audit, only where necessary.
• Public authorities — where we are required by law or where we reasonably believe disclosure is necessary to protect our rights or the safety of others.

We do not sell your personal data.

4. International transfers

Where personal data is transferred outside your country (in particular outside the UK or EEA), we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, UK International Data Transfer Agreement, or adequacy decisions where they apply.

5. How long we keep data

• Account data: while your account is active, plus up to 24 months after deletion for fraud prevention and audit.
• Manuscripts and projects: deleted automatically 30 days after you delete the project, unless you have explicitly opted to keep them. You can also delete a project immediately at any time from the dashboard.
• Support messages: up to 24 months after the ticket closes.
• Server and security logs: typically up to 12 months.
• Billing records: retained by Paddle for the period required by tax and accounting law (typically 7–10 years).

6. Your rights

Depending on your country, you may have the right to:

• Access the personal data we hold about you;
• Correct inaccurate or incomplete data;
• Delete your data ("right to erasure");
• Restrict or object to certain processing;
• Receive your data in a portable format;
• Withdraw consent at any time, where processing is based on consent;
• Lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, email support@sandrine.life. We will respond within one month, or sooner where required by law.

7. Security

We use industry-standard technical and organisational measures to protect your data, including encryption in transit (TLS), encryption at rest for sensitive stores, role-based access controls, audit logging, and regular security review. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

8. Cookies and similar technologies

We use a small number of cookies and similar technologies:

• Strictly necessary — to keep you signed in, to remember your language preference, and to protect against abuse. These cannot be disabled.
• Analytics — to understand which features are used. We aggregate and de-identify analytics where possible.

You can manage cookies through your browser. Blocking strictly necessary cookies will break parts of the Service.

9. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.

10. Changes to this notice

We may update this notice from time to time. We will post the new version here with an updated effective date and, for material changes, notify you in-product or by email at least 14 days before the change takes effect.

11. Contact