Pills.
Privacy policy

Your data,
in plain language.

Pills. is a Legal Operations firm. We know what personal data is worth and what the GDPR requires. This page tells you, in plain language, what we do with your information when you visit this site or contact us.

Last updated · 23 April 2026
In brief

What you need
to remember.

  • We only collect what we need to reply to you and, if you wish, send you our publications.

  • We use no tracking cookies, no behavioural analytics, no advertising pixels.

  • Your data stays stored in the European Union when technically possible. When it isn't, we frame the transfer with the European Commission's standard contractual clauses.

  • You can at any time access your data, have it corrected or deleted, and unsubscribe from the newsletter in one click.

Contents
01 · Controller

Who decides
what's done with your data.

The data controller within the meaning of GDPR article 4.7 is:

Company name
Pills.
Legal form
EURL (single-member limited liability company under French law)
SIREN
884 060 013
Registered office
289 chemin de la Qualité, 34980 Montferrier-sur-Lez

Given the size of the activity (sole practitioner), Pills. is not required to designate a Data Protection Officer (DPO). For any question about your data, you can still write directly to the address above.

02 · Data collected

What we collect,
and why.

Data
First name, last name, email, company, role, message content
When
You fill in the contact form
Purpose
Reply to your request, call you back, send you a proposal
Legal basis
Legitimate interest (GDPR art. 6.1.f): replying to a contact request
Retention
3 years from our last exchange
Data
Email address (plus first and last name if opt-in from the contact form)
When
You subscribe to our newsletter (footer or checkbox on the contact form)
Purpose
Send you our monthly publications
Legal basis
Consent (GDPR art. 6.1.a), with double opt-in via confirmation email
Retention
Until you unsubscribe (one click on the unsubscribe link at the bottom of every email)
Data
Technical logs: IP address, browser type, pages visited, timestamps
When
You browse the site
Purpose
Security, abuse detection, troubleshooting technical issues
Legal basis
Legitimate interest (GDPR art. 6.1.f): keeping the site operational
Retention
12 months maximum (our host's logs)
What we don't do

  • We never sell your data to third parties.

  • We use no tracking cookies, no behavioural analytics, no advertising pixels.

  • We do not profile your visits and make no automated decisions about you.

  • We do not cross-reference what you entrust to us with third-party databases.

03 · Recipients

Who receives
your data.

Your data is accessible only to Steve Chrétien, in his capacity as data controller. We use 3 technical sub-processors strictly necessary to operate the site and our relationship with you.

Vercel Inc.
Site hosting
Location
United States (parent company), with processing in an EU region for served content
Guarantees
European Commission's standard contractual clauses. SOC 2 Type II and ISO 27001 certifications.
Resend (Drasner, Inc.)
Sending contact emails and managing the newsletter list
Location
United States (parent company), EU region (Ireland) selected for storage
Guarantees
Standard contractual clauses. Documented GDPR compliance. Data stored in EU.
Google LLC (Google Fonts)
Web typography for the site
Location
United States
Guarantees
Standard contractual clauses and EU–US Data Privacy Framework
04 · Transfers

When your data
leaves the EU.

Sensitive section. GDPR strictly governs transfers outside the EU. Here is exactly what happens to your data.

Our sub-processors (Vercel, Resend, Google) have their parent companies in the United States. Where possible, data is stored and processed within a European region:

  • Resend: newsletter and email data stored in Ireland (selected EU region).
  • Vercel: content served from an EU region; technical logs may transit through the United States.
  • Google Fonts: direct loading from Google servers, may involve a transfer to the United States.

When a transfer outside the EU takes place, it is framed by the standard contractual clauses adopted by the European Commission (decision 2021/914), and where applicable by the EU–US Data Privacy Framework.

05 · Your rights

What you can
require from us.

GDPR and the French Data Protection Act grant you 8 rights over your personal data. You can exercise them at any time, free of charge, without giving any specific reason.

Access

Obtain a copy of the data we hold about you.

Rectification

Correct inaccurate or incomplete data.

Erasure

Request the deletion of your data ("right to be forgotten").

Restriction

Suspend processing, notably while resolving a dispute.

Objection

Object to processing based on our legitimate interest.

Portability

Recover your data in a structured and readable format.

Withdraw consent

At any time, without justification. For the newsletter: one click is enough.

Post-mortem instructions

Define what happens to your personal data after your death.

How to exercise them

An email to hello@pills.legal. is enough. We reply within one month, in line with GDPR article 12. To unsubscribe from the newsletter, the link at the bottom of each email is enough.

In case of serious doubt about your identity, we may ask for a justification before acting, always within the principle of minimisation.

06 · Cookies and trackers

No tracker,
no pixel.

0tracking
cookies

This site uses no advertising cookies and no behavioural analytics tool (Google Analytics, Meta Pixel, Hotjar, etc.: none of that).

We use only:

  • sessionStorageA first-visit indicator (to avoid replaying the welcome animation). Cleared when the tab closes.
  • Technical cookiesOur host may set cookies strictly necessary for the site to work (load balancing, security). They are exempt from consent under article 82 of the French Data Protection Act.
07 · Security

How we
protect your data.

  • Encryption in transit

    All communications with this site go through HTTPS (TLS 1.3).

  • Encryption at rest

    Data stored at our sub-processors is encrypted at rest (AES-256).

  • Restricted access

    Only Steve Chrétien accesses contact messages and the subscriber list, from devices protected by strong authentication.

  • Minimisation

    We collect only what is strictly necessary for the stated purpose.

  • Breach notification

    In case of a data breach posing a risk to your rights and freedoms, we notify the CNIL within 72 hours and inform you individually if the risk is high (GDPR art. 33 and 34).

08 · Contact and complaints

A question,
a dispute?

Write to us first at hello@pills.legal. We reply within one month.
If our reply doesn't satisfy you, you can file a complaint with the CNIL (Commission nationale de l'informatique et des libertés), the French supervisory authority.

Write to usFile with the CNIL
Historique

Version actuelle · 23 April 2026

Versions précédentes
  • 23 April 2026
    First publication. Detail of legal bases (GDPR art. 6.1), nomenclature of sub-processors (Vercel, Resend, Google Fonts) and list of the 8 GDPR rights with exercise procedures.