1. Ownership and Editorial Responsibility

As part of the provision of the Site and the processing of Orders, Changeset may collect Personal Data. The confidentiality of Personal Data is important to Changeset , which has implemented strict rules and procedures to protect it.

2. Definitions

For the purposes of this Privacy Policy, the following definitions shall apply to all capitalized terms, singular and plural:

• Client is the client of Changeset , who Orders Services on the Site;

• Order is any order of Services by the Client, with Changeset ;

• Account is the account of the Client on the Site, accessible by his login and password, and containing his personal information and his history on the Site;

• GitHub is a hosting and management service for software development (https://github.com);

• Party designates Changeset and/or the Client;

• Privacy Policy the present document, accessible on the Site;

• Service(s) are the services marketed by Changeset and notably detailed on the Site at the following address: https://changeset.io;

• Site the Changeset site and its components (computer code, graphic elements, databases, documentation, etc.) published by the Changeset company, as well as any other means of displaying the site (for example a mobile application);

• Users means any person authorized by the Client to connect to the Software and benefit from the Services in accordance with the provisions of the contract.

3. Scope and Modification of the Privacy Policy

This Privacy Policy governs the collection, processing, and disclosure of Personal Data by Changeset in the context of the use of the Site by the Clients, and the processing of their Orders. It also details the modalities of exercise of their rights by all persons concerned by the Personal Data. The Client must read the entire Privacy Policy and accept it without reservation.

Changeset reserves the right to modify the Privacy Policy at any time by publishing a new version on its Site. The modified version must be accepted before any next Order. Otherwise, the Client will not be able to place an Order on the Site.

The Changeset site may contain links to a third-party site. The latter may have a different privacy policy and Changeset will not be held liable for them.

4. How is personal data collected?

Changeset may collect Personal Data from the Customer in different ways:

• By an Order placed by the Client on the Site;

• During the processing of payments by Changeset and its payment provider;

• For any contact with Changeset related to a problem of the use of the Site or during an Order;

• During any contact with Changeset .

5. What personal data is collected and for what purposes

In accordance with the principle of minimization, Changeset collects and processes Personal Data to fulfill its contractual obligations towards the Client, and to comply with its legal obligations, in particular, to fight against fraud.

The Client has however the possibility to refuse to provide some of these Personal Data, being understood that this may have an impact on the proper functioning of the Site. Changeset may collect and process the following Personal Data if they have been provided:

• Contact details and information of the Client (e-mail address).

  This information is necessary for the proper processing and follow-up of the Orders, as well as for all exchanges between the Client and Changeset . With the Client's express agreement, they can also be used for marketing purposes.

• GitHub connection information (OAuth token)

  The use of the Software and the Services requires the Client to have an account on the Github platform and Changeset to access it via the Software. For this purpose Changeset collects an OAuth token from GitHub, allowing to request data from the GitHub API on behalf of the Client. This OAuth token is stored encrypted and secure in our database and is protected against unauthorized access.

6. Payment Information

All transactions are carried out by a payment provider that complies with the obligations applicable to this activity. Changeset will not have access to the payment information as it only passes through the Changeset payment provider.

The payment provider of Changeset is: Stripe. The general terms and conditions of the payment provider are available at the following address: https://stripe.com/privacy.

7. Cookies

Changeset avoids using cookies as much as possible. We only use the following cookies on the Site:

• Internal cookies store session information. They are mandatory for the proper functioning of the site.

Those technical cookies cannot be refused, as they are necessary for the proper functioning of the Site.

8. Subprocessors

To provide its services, Changeset may engage third parties to carry out data-processing activities involving customer data access.

As a condition to permitting a Subprocessor to process Personal Data, Changeset will enter into a written agreement with the Subprocessor containing data protection obligations no less protective than Changeset 's with respect to Customer Personal Data.

Changeset will restrict its Subprocessors' access to only what is necessary to maintain the Services or to provide the Services to Customers and Users.

Changeset reserves the right to engage and substitute Subprocessors as it deems appropriate, but shall: (a) remain responsible to Customer for the provision of the Services and (b) be liable for the actions and omissions of its Subprocessors undertaken in connection with Changeset 's performance of this agreement to the same extent Changeset would be liable if performing the Services directly.

These subprocessors are identified below with their locations and the types of services they provide to Changeset .

Vendor	Location	Type of Service
Render.com	USA	Storage provider

You can request to be notified of subprocessors' changes by opening a ticket at howdy@changeset.io.

9. Disclosure of Personal Data

Personal Data will never be transferred to a third party without the prior consent of the Client.

Changeset may however transfer the Personal Data under the following conditions:

• If Changeset is acquired by a third party, in which case the Personal Data will be transferred to the buyer, who will be substituted to Changeset in the application of this Privacy Policy.

• If Changeset is required to transmit Personal Data in response to a legal obligation.

Changeset uses service providers (subprocessors), who can have access to the Personal Data, which the Customer accepts.

These service providers are committed to Changeset to respect their legal and regulatory obligations regarding personal data. The Personal Data may also be transmitted to any administrative authority requesting it, or in the application of the law or a court order.

10. Security of Personal Data

Changeset ensures that Personal Data is stored in conditions that respect industry standards. Changeset commits itself to respect the regulations applicable to the security of Personal Data and cannot exclude its responsibility in this respect.

Changeset ensures that its employees and service providers in charge of processing Personal Data are subject to an appropriate confidentiality obligation.

In the event of a breach of Personal Data, Changeset will inform the Client as soon as possible. Changeset will store the Personal Data for the duration necessary to achieve the purpose pursued without exceeding the duration of the business relationship increased by the prescription periods and after exhaustion of the means of appeal. In this case, Changeset will delete all Personal Data, except those strictly necessary to maintain its commercial accounting and to respect its legal obligations.

11. Rights of the Data Subject

In accordance with the GDPR, any data subject has the following rights at any time and without charge for all Personal Data transmitted to Changeset :

• right of access;

• right of rectification, modification;

• right to limit the processing;

• right of opposition;

• right to erasure;

• right of portability.

It is possible to exercise these rights by contacting Changeset at the following contact address: howdy@changeset.io with proof of identity. In accordance with its legal obligations, Changeset will comply within a maximum period of one (1) month from the receipt of the request.

Failing this, the Customer has the possibility of lodging a complaint with the competent control authority, the CNIL, either online or by post.