Privacy Policy

Last updated: December 5, 2025

This Privacy Policy aims to inform users of the Insta Notion Feed website (hereinafter "the Application") about how their personal data is collected, processed, and protected by SARL Mousquetech, in accordance with:

  • Regulation (EU) 2016/679 (GDPR),
  • the amended French Data Protection Act (Loi Informatique et LibertĂ©s),
  • and CNIL recommendations.

1. Publisher and Data Controller

SARL Mousquetech
200 rue de la Croix Nivert
75015 Paris – France

Email address: contact@insta-notion-feed.com

Mousquetech acts as data controller for all data collected via the Application and website.

Regarding data present in your Notion databases, Mousquetech acts as data processor, within the meaning of Article 28 of the GDPR.

2. Personal Data Collected

We collect different categories of data depending on the use of the Service:

2.1 Data Provided Directly by the User

During account creation:

  • First name, last name
  • Email address
  • Password (hashed, never stored in plain text)
  • Profile and billing data
  • Optional professional information

When using the Application:

  • Notion OAuth token (encrypted via Fernet/AES-128-CBC with HMAC)
  • Notion refresh token (encrypted, for automatic renewal)
  • Notion bot identifier (bot_id, unique identifier for your integration)
  • Notion workspace identifier and name connected
  • Selected Notion database ID
  • Feed settings and configuration
  • Technical logs related to usage

2.2 Data Present in the Client's Notion Databases

To generate Feeds from Notion, we access primarily read-only data present in the Notion databases you have authorized via OAuth.

This data may include:
- Images
- Videos
- Files
- Dates
- Titles, texts, page properties
- Metadata generated by Notion
- Existing comments on pages

We do not modify the content of your Notion pages.

Exception: comment insertion – Visitors to your public Feeds can add comments that are automatically synchronized to the corresponding Notion pages (see section 2.6).

We only access the fields necessary to generate your Feed.
We do not index, resell, or exploit any content from your Notion databases.

The Client is responsible for the content of their Notion databases and guarantees having the necessary rights.

2.3 Automatically Collected Data

  • Technical logs
  • IP address
  • Browser type
  • Pages visited
  • Timestamp
  • Cookies necessary for operation
  • Audience measurement data

2.4 Payment Data (Stripe)

All payments are processed via Stripe, Inc., which collects:
- Card number
- Expiration date
- Security code
- Country and anti-fraud information
- Transaction history

Stripe acts as data controller for the payment portion.
Mousquetech never stores your banking data.

2.5 Temporary Cache (Redis)

To ensure optimal performance and avoid Notion API limitations, we temporarily cache:

  • Post content (title, text, dates)
  • Image and media URLs
  • Comment list
  • Display metadata

This data is stored in Redis and:
- Automatically updated via Notion webhooks
- Deleted upon workspace disconnection
- Not retained after account deletion
- Maximum lifetime: 7 days

2.6 Visitor Comments

Visitors to your public Feeds can add comments. These comments are:

  • Sent to the corresponding Notion page
  • Associated with the visitor's username (or Feed pseudonym if anonymous)
  • Subject to protective measures against abuse

The Feed owner sees comments directly in Notion.

We do not moderate comments. The Notion workspace owner is responsible for managing comments on their pages.

3. Processing Purposes

We use your data for the following purposes:

3.1 Service Provision

  • Account creation and management
  • Connection to Notion via OAuth
  • Feed generation and display
  • Dashboard management
  • Comment synchronization
  • Hosting and maintenance

3.2 Administrative and Commercial Management

  • Billing
  • Subscription management
  • Automatic renewal
  • Support request processing
  • Sending important notifications

3.3 Security and Fraud Prevention

  • Suspicious activity detection
  • Technical verifications
  • Server logs
  • Abuse protection

3.4 Service Improvement

  • Statistical analysis
  • UX optimization
  • Debugging and technical support

4. Legal Basis for Processing

In accordance with Article 6 of the GDPR, the processing of your data is based on:

  • Contract performance: access to the Service, Feed generation, subscription.
  • Consent: Notion OAuth connection, non-essential cookies, newsletters.
  • Legitimate interest: Service improvement, security, performance cache.
  • Legal obligation: billing, accounting.

5. Data Recipients

Your data is strictly accessible to:
- Mousquetech and its authorized staff
- Our hosting provider: Hostinger
- Payment service provider: Stripe
- Notion (via OAuth integrations you activate)
- Analysis or support tools

We do not sell or rent your personal data.
In case of legal obligation, your data may be transmitted to a competent authority.

6. Retention Period

We apply the following periods:

Data Type Duration
User account As long as the account is active
Notion OAuth tokens Until revocation by the Client or account deletion
Redis cache Maximum 7 days
Server logs 12 months
Billing & legal obligations 10 years
Marketing data 3 years after last contact

In case of account deletion, data is deleted within 30 days, except for contrary legal obligations.

7. Data Security

We implement appropriate technical and organizational measures, including:
- TLS communication encryption
- Notion OAuth tokens encryption via Fernet (AES-128-CBC + HMAC)
- Password hashing (Argon2/bcrypt)
- Strict limitation of internal access
- User data isolation (Row-Level Security)
- Security and audit logs
- Backups
- Server monitoring

No system offers absolute security, but we do everything to protect your data.

8. Notion Data – Role of Data Processor

Regarding content present in your Notion databases, Mousquetech acts as data processor within the meaning of GDPR.

We commit to:
- access only strictly necessary data,
- only store them temporarily in Redis cache for operation,
- never modify page content (exception: visitor comment insertion),
- never transmit them to third parties,
- never use them for commercial purposes,
- not retain a copy after account deletion,
- notify you in case of a data breach affecting your content.

The Client remains entirely responsible for their obligations as data controller (information, legal basis, security, right of access, etc.).

9. Your Rights (GDPR)

You have the following rights:
- Right of access
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restriction of processing
- Right to data portability
- Right to object
- Right to withdraw consent
- Right to define post-mortem directives

To exercise your rights:
contact@insta-notion-feed.com

We will respond within 30 days maximum.
In case of dispute, you can contact CNIL: https://www.cnil.fr

10. Cookies

In accordance with GDPR and CNIL directives, we use a consent banner to manage cookies placed on your browser.

10.1 Essential Cookies (Always Active)

These cookies are strictly necessary for the website operation and exempt from consent:

Cookie Purpose Duration
sessionid Management of your login session 24 hours
csrftoken Protection against CSRF attacks (security) 1 year
django_language Memorization of your language preference (FR/EN) 1 year
cookie_consent Memorization of your cookie choices 1 year

10.2 Analytics and Monitoring Cookies (Optional)

These cookies require your explicit consent via the cookie banner:

Cookie Purpose Duration Third Party
sentry_monitoring Technical error detection and performance monitoring 90 days Sentry (United States)

You can accept, refuse, or modify your preferences at any time via the cookie banner or the "Manage cookies" link in the footer.

10.3 Third-Party Cookies

Depending on your use of the Service, third-party cookies may be placed by:

  • Stripe: anti-fraud security during payment

These cookies are subject to the privacy policies of their respective publishers.

11. Monitoring and Error Detection (Sentry)

We use Sentry (Functional Software, Inc.) to monitor performance and detect technical errors in the Application. The use of Sentry is subject to your acceptance of "Analytics & Monitoring" cookies via our consent banner.

  • Full IP address
  • User ID (if logged in)
  • Technical information: browser, operating system, visited URL
  • Error traces (stack traces) and performance data
  • Event timestamps

Purpose

Detect and correct malfunctions, monitor performance and improve Service quality.

Consent (Article 6.1.a of GDPR).

Retention Period

90 days on Sentry servers, then automatic deletion.

Transfer Outside EU

Sentry is hosted in the United States. This transfer is governed by Standard Contractual Clauses (SCC) in accordance with GDPR.

You can revoke your consent at any time via the "Manage cookies" link in the footer.

For more information: Sentry Privacy Policy

12. Transfers Outside EU

Some data may be transferred outside the European Union, particularly to:
- Stripe (United States) – Payments
- Notion (United States) – OAuth integration and API
- Sentry (United States) – Monitoring and errors

These providers are subject to:
- Standard Contractual Clauses (SCC),
- or equivalent guarantees validated by the European Commission.

Mousquetech frames these transfers in accordance with GDPR requirements.

13. Policy Modification

Mousquetech reserves the right to modify this Policy to reflect:
- legal developments,
- technical changes,
- Service improvements.

Any significant modification will be notified by email or via the Dashboard.

The applicable version is the one in force at the time of Service use.

14. Contact

For any questions regarding this Policy or your data:
contact@insta-notion-feed.com
SARL Mousquetech – 200 rue de la Croix Nivert, 75015 Paris