GDPR / RGPD
Your data, protected
How MoulMall complies with the General Data Protection Regulation (GDPR / RGPD)
Last updated: March 2025 · In effect since 25 May 2018
MoulMall is committed to protecting your personal data. This page summarises your rights under the GDPR and how we process your information in compliance with EU Regulation 2016/679. For any questions, contact us at support@moulmall.com.
1. Data controller
The data controller for your personal information is MoulMall, operating the platform accessible via app.moulmall.com and moulmall.com.
DPO / data protection contact: support@moulmall.com
2. Data we collect
We only collect data that is necessary to provide the service:
- Identity data: first name, last name, email address
- Business data: company name, industry, company size
- Usage data: login logs, features used, pages visited
- Payment data: processed directly by Stripe (we never access card numbers)
- Operational data: products, orders, suppliers, invoices you enter into the platform
3. Purposes and legal bases
Your data is processed on the following legal bases:
- Contract performance: delivering the service, managing your account, billing
- Legitimate interest: improving the service, security, fraud prevention, anonymised analytics
- Consent: marketing communications (you can unsubscribe at any time)
- Legal obligation: retention of certain accounting records
4. Retention periods
- Active account data: retained for the duration of the subscription
- After cancellation: data retained for 30 days then deleted, unless required by law
- Billing data: 10 years (statutory accounting requirement)
- Login logs: maximum 12 months
5. Sub-processors and transfers
We use carefully selected sub-processors, all GDPR-compliant:
- Google Cloud Platform (europe-west1, France) — hosting and storage
- Stripe — payment processing (PCI-DSS certified)
- Brevo — transactional email delivery
- PostHog — anonymised product analytics
Your data is hosted in Europe (europe-west1 region). No transfers outside the EU without appropriate safeguards.
6. Your rights (Art. 15–22 GDPR)
As an EU resident, you have the following rights:
Right of access
Obtain a copy of all personal data we hold about you.
Right to rectification
Have inaccurate or incomplete information about you corrected.
Right to erasure
Request deletion of your personal data ("right to be forgotten").
Right to portability
Receive your data in a structured, machine-readable format.
Right to restriction
Temporarily restrict the processing of your data in certain circumstances.
Right to object
Object to processing based on legitimate interest, including for marketing purposes.
To exercise your rights, write to support@moulmall.com. We respond within one month as required by Article 12 GDPR.
7. Cookies
We only use cookies that are strictly necessary for the service to function (session, authentication). No third-party advertising cookies are placed without your consent.
- Session cookies: maintain your login state (session duration)
- CSRF cookie: protection against cross-site request forgery
- Anonymised analytics: aggregated data with no individual identification
8. Data security
We implement appropriate technical and organisational security measures:
- Data encrypted in transit (TLS 1.2+) and at rest
- Role-based access control (RBAC)
- Two-factor authentication available for all users
- Audit logs for sensitive actions
- Encrypted daily backups
- Google Cloud infrastructure certified ISO 27001
9. Complaints
If you believe that the processing of your personal data does not comply with the GDPR, you have the right to lodge a complaint with your national supervisory authority:
- France: CNIL — www.cnil.fr
- Morocco: CNDP — Commission Nationale de contrôle de la protection des Données à caractère Personnel
- Other EU countries: your local data protection authority