Privacy Policy
Last updated: May 17, 2026
1. Introduction
Stalexo is a SaaS platform designed for inspection agencies and independent inspectors. It is operated by Kubbeo, which acts as the data controller for all personal data collected through the platform.
We take your privacy seriously. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have over your information — in full compliance with the General Data Protection Regulation (GDPR) and applicable French law.
By using Stalexo, you acknowledge that you have read and understood this policy.
For any privacy-related question, you can reach us at: contact@stalexo.com
2. Who This Policy Applies To
This policy applies to:
- Agency administrators who create and manage a Stalexo workspace
- Team members invited to a workspace by an administrator
- Freelance inspectors who create a profile on the Stalexo Marketplace
- Visitors to the stalexo.com website
3. What Data We Collect
We only collect data that is strictly necessary to provide our services.
Account & identity data
- Full name
- Professional email address
- Company name and billing details
- Role within the platform (admin, inspector, etc.)
Professional data
- Certifications and qualifications (for marketplace profiles)
- Availability and location preferences
- Mission history and performance ratings
Usage data
- Features used and actions performed within the platform
- Login timestamps and session duration
- Device type and browser information
Payment data
- Subscription plan and billing cycle
- Payment status and invoice history
- Note: all card and banking details are handled exclusively by Stripe — we never store your payment credentials
Communications
- Messages sent through the in-app support chat
- Email correspondence with our team
4. How We Use Your Data
We use your data for the following purposes:
| Purpose | Legal basis |
|---|---|
| Providing and operating the platform | Contract performance |
| Managing your subscription and billing | Contract performance |
| Sending transactional emails (invoices, alerts, confirmations) | Contract performance |
| Improving platform features and fixing bugs | Legitimate interest |
| Ensuring platform security and preventing fraud | Legitimate interest |
| Complying with legal and tax obligations | Legal obligation |
| Sending product updates and new features | Legitimate interest (opt-out available) |
We do not use your data for advertising purposes, and we do not sell your data to third parties under any circumstances.
5. Data Sharing & Third-Party Processors
We work with a limited number of trusted third-party providers to operate the platform. Each of them is carefully selected and bound by strict data processing agreements.
| Provider | Purpose | Location |
|---|---|---|
| Stripe | Payment processing and subscription management | USA (GDPR-compliant, SCCs in place) |
| Base44 | Cloud infrastructure and application hosting | EU-based AWS infrastructure |
| Email provider | Transactional email delivery | EU |
We do not share your personal data with any other third party without your explicit consent, except where required by law.
6. Data Retention
We retain your data only for as long as necessary:
- Active account — data is kept for the duration of your subscription
- Cancelled account — data is retained for 12 months after cancellation, then permanently deleted
- Financial records — invoices and billing data are kept for 10 years as required by French accounting law
- Support conversations — retained for 24 months for quality and legal purposes
You can request early deletion of your data at any time (see Section 8).
7. Data Security
We take technical and organizational measures to protect your data against unauthorized access, loss, or disclosure:
- All data is transmitted over encrypted connections (HTTPS/TLS)
- Access to production data is restricted to authorized personnel only
- Payment data is handled by Stripe, which is PCI DSS Level 1 certified
- Regular security reviews and dependency updates
Despite our best efforts, no system is 100% secure. If you suspect a security breach affecting your account, contact us immediately at contact@stalexo.com.
8. Your Rights Under GDPR
As a data subject, you have the following rights:
- Right of access — request a copy of all personal data we hold about you
- Right to rectification — correct any inaccurate or incomplete data
- Right to erasure — request deletion of your personal data (“right to be forgotten”)
- Right to restriction — ask us to limit how we process your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interest
- Right to withdraw consent — where processing is based on consent, you can withdraw it at any time
To exercise any of these rights, send a request to contact@stalexo.com. We will respond within 30 days.
If you believe your rights have been violated, you also have the right to lodge a complaint with the CNIL (Commission Nationale de l’Informatique et des Libertés) at www.cnil.fr.
9. Cookies
Stalexo uses a limited number of cookies strictly necessary for the platform to function:
- Session cookies — to keep you logged in during your session
- Preference cookies — to remember your language and display settings
We do not use advertising or tracking cookies. No third-party analytics tools (such as Google Analytics) are installed on the platform without your prior consent.
10. Children’s Privacy
Stalexo is a professional B2B platform intended for adults. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has provided us with personal data, please contact us at contact@stalexo.com and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will notify you by email and update the “Last updated” date at the top of this page.
We encourage you to review this policy periodically.
12. Contact
For any question, request, or concern regarding this Privacy Policy:
Stalexo — operated by Kubbeo 📧 contact@stalexo.com
We are committed to resolving any privacy concern promptly and transparently.