Last updated: December 16, 2025
Important Note: This English version is provided for convenience only. The French version of this Privacy Policy is the official and legally binding version. In case of any discrepancy or conflict between the French and English versions, the French version shall prevail.
The Association KATABUMP, registered under SIREN number 923 962 724, with its registered office located at 32, rue de Paris, 92100 Boulogne-Billancourt, France (hereinafter referred to as "we", "our", "us" or "the Association"), is committed to protecting and respecting your privacy. This privacy policy explains how we collect, use, share and protect your personal information when you use our application hosting service (including but not limited to Discord bots, web applications, backend services, APIs, and other compatible applications) and associated services (hereinafter referred to as "the Services").
This policy is part of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation - GDPR), as well as French Law No. 78-17 of January 6, 1978 on information technology, files and freedoms, as amended.
The data controller is the Association KATABUMP. You can contact our data protection officer at the following address: [email protected] or by mail at the Association's registered office address.
When creating your account and using our Services, we collect the following information that you voluntarily provide:
Account information: During registration, we collect your first name, last name, email address and an encrypted password. This information is necessary to create and manage your user account, authenticate you during logins, and allow you to access our Services.
Code and configuration information: When you use our hosting services, we collect and store your source code, configuration files, and logs generated by your application. This data is essential to provide the hosting service and allow you to manage your hosted applications.
Payment and billing information: As part of our Credits system, we collect your first and last name and billing address when purchasing Credits. Payment information (credit card number, bank details) is processed directly by our certified third-party payment providers and is never stored on our servers. We only retain transaction information necessary for managing your Credit balance and billing.
Communications: When you contact us through our customer support, contact forms or by email, we collect the content of your messages, as well as any information you choose to provide in this context.
When you use our Services, certain information is collected automatically:
Browsing and technical data: We automatically collect your IP address, the type of browser you use, your operating system, your screen resolution, your browsing language, pages visited, visit duration, and referral URLs. This information allows us to ensure the proper technical functioning of our Services, detect and prevent abuse, and improve user experience.
Performance data and metrics: We collect metrics relating to the operation of your hosted applications, including uptime, resource usage (CPU, RAM, bandwidth), errors and incidents, and general performance. This data is used to ensure service quality, provide you with statistics on your applications, and optimize infrastructure.
Cookies and similar technologies: We only use system cookies essential to the functioning of our Services, particularly to maintain your login session and remember your preferences. For more information, please consult our Cookie Policy.
We use your personal data for the following purposes:
Provision and maintenance of Services: Your data is used to create and manage your account, host your applications, ensure the technical operation of the platform, and give you access to the features of our Services.
Credits system management: We use your payment and billing information to manage your Credit balance, process your Credit purchases, calculate and apply prorated refunds in case of service deletion, and generate your invoices in accordance with our legal obligations.
Authentication and security: Your credentials are used to authenticate you during logins, protect your account against unauthorized access, and prevent fraud and abuse of our Services.
Customer support and assistance: When you open a support ticket, we use your data to diagnose and resolve technical issues, answer your questions, and improve the quality of our support. As stated in our Terms and Conditions of Use, by opening a ticket, you expressly authorize our team to access and modify necessary information strictly within the scope of the requested assistance.
Communication: We use your email address to send you important communications regarding our Services, such as security notifications, transaction confirmations, updates to our terms, and essential information about your account operation.
Service improvement: We analyze usage and performance data in an aggregated and anonymized manner to improve our Services, develop new features, optimize our infrastructures, and better understand our users' needs.
Compliance with legal obligations: We retain and process certain data to comply with our legal and regulatory obligations, particularly in tax, accounting and fraud prevention matters.
In accordance with GDPR, the processing of your personal data is based on the following legal bases:
Contract performance: Processing your data is necessary for the performance of the Terms and Conditions of Use that you have accepted, including providing hosting Services, managing your account, and processing your Credit transactions.
Legitimate interests: We process certain data based on our legitimate interests, such as improving our Services, securing our platform, detecting and preventing fraud, and optimizing our infrastructures. These legitimate interests do not prejudice your fundamental rights and freedoms.
Legal obligation: Certain processing is carried out to comply with our legal obligations, particularly regarding billing, retention of accounting data, and cooperation with competent authorities.
Consent: When required by law, we obtain your explicit consent before processing certain categories of data. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
We do not sell, rent, or transfer your personal data to third parties for commercial purposes. Your data may be shared with the following categories of recipients:
Authorized Association personnel: Our employees and collaborators who need to access your data to provide the Services, provide customer support, and manage the administrative and technical aspects of the platform.
Service providers: We use trusted third-party service providers to help us provide the Services, including: cloud infrastructure providers (OVHcloud, Cloudflare) for platform hosting; certified payment processors for secure transaction processing; analytics services to understand the use of our Services. These providers are contractually bound to process your data only according to our instructions and to maintain their confidentiality and security.
Legal and regulatory authorities: We may be required to disclose your data if required by law, court order, or to respond to a legal request from competent authorities. We may also disclose your data if necessary to protect our rights, property, safety or that of our users.
Successors in case of restructuring: In case of merger, acquisition, restructuring or sale of all or part of our assets, your personal data may be transferred to the new owner as part of the transaction. You will be informed of any change in ownership or use of your personal data.
The security of your personal data is a priority for us. We implement appropriate technical and organizational measures to protect your data against unauthorized access, modification, disclosure or unauthorized destruction.
Technical measures: We use data encryption in transit (HTTPS/TLS protocol) to secure communications between your browser and our servers. Passwords are hashed with robust cryptographic algorithms and are never stored in plain text. Our systems are protected by firewalls and intrusion detection systems. We perform regular data backups to ensure service continuity.
Organizational measures: Access to personal data is strictly limited to employees and contractors who need it to perform their duties. We regularly train our staff on data protection best practices. We conduct regular security audits and vulnerability tests. Security incident management procedures are in place to respond quickly in case of data breach.
Despite these measures, no system is completely secure. Due to the risks inherent in transmitting information over the Internet, we cannot guarantee absolute security of your data. You are also responsible for the security of your login credentials and must notify us immediately of any unauthorized use of your account.
We retain your personal data only for the period necessary for the purposes for which it was collected, or in accordance with legal retention obligations.
Active account data: As long as your account is active, we retain your account information, source code, configurations and Credits to allow you to use our Services.
Closed account data: After closing your account, we delete most of your data within 30 days. Some data may be retained longer to comply with our legal obligations (particularly billing data which is retained for 10 years in accordance with French tax legislation) or to resolve disputes.
Backup data: Your data may continue to exist in our backup systems for a maximum period of 90 days after deletion from our production systems.
Logs and technical data: Technical logs and connection data are retained for a maximum period of 12 months for security and fraud detection purposes.
In accordance with GDPR and the French Data Protection Act, you have the following rights regarding your personal data:
Right of access: You have the right to obtain confirmation that we process your personal data and, if applicable, to access this data and obtain information on its processing.
Right to rectification: You may request correction of your inaccurate or incomplete personal data. You can also directly modify certain of your information via your account settings.
Right to erasure: You may request deletion of your personal data in certain circumstances, particularly when the data is no longer necessary for the purposes for which it was collected, or when you withdraw your consent.
Right to restriction of processing: You may request restriction of processing of your data in certain cases, particularly when you contest the accuracy of your data or the lawfulness of processing.
Right to data portability: You have the right to receive your personal data in a structured, commonly used and machine-readable format, and to transmit it to another controller.
Right to object: You may object to the processing of your personal data for reasons relating to your particular situation, when processing is based on our legitimate interest.
Right to withdraw your consent: When processing is based on your consent, you may withdraw it at any time, without affecting the lawfulness of processing before withdrawal.
Right to lodge a complaint: If you believe that we do not respect your data protection rights, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) in France.
To exercise your rights, you can contact us at [email protected] or by mail to our registered office address. We will respond within a maximum of one month from receipt of your request. Proof of identity may be requested to verify your identity.
Primary hosting within the EEA: Your personal data is primarily hosted and processed within the European Economic Area (EEA). Our main hosting infrastructure is located in France, with our provider OVHcloud (2 rue Kellermann, 59100 Roubaix, France), thus ensuring that your data remains subject to the protections offered by GDPR and French legislation.
Content Delivery Network (CDN): To optimize the performance and availability of our Site and Services, we use the Content Delivery Network (CDN) services of Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, United States). In this context, certain limited technical data (IP address, session cookies, browsing data) may transit through Cloudflare servers, including those located outside the EEA. This data is used solely for caching, security (DDoS attack protection), and network performance optimization purposes.
Cloudflare is certified under the EU-US Data Privacy Framework and has implemented standard contractual clauses approved by the European Commission to ensure an adequate level of protection for your data during transfers outside the EEA. Data is retained by Cloudflare only for the time strictly necessary to provide its CDN and security services.
No other transfers outside the EEA: Except for the Cloudflare CDN mentioned above, your personal data is not transferred outside the EEA. All our other service providers and subcontractors are located in the EEA or guarantee that data remains within the EEA.
Safeguards for future transfers: Should we use new providers in the future involving data transfers outside the EEA, we would ensure that appropriate safeguards are in place to ensure an adequate level of protection for your data, in accordance with GDPR. These safeguards could include standard contractual clauses, certification mechanisms, or other legal mechanisms recognized by data protection authorities.
You can obtain more information about the safeguards implemented regarding Cloudflare or any other data transfer by contacting us at [email protected].
Our Services are not intended for persons under 13 years of age. In accordance with our Terms and Conditions of Use, you must be at least 13 years old to create an account and use our Services.
We do not knowingly collect personal information from minors under 13 years of age. If we learn that we have collected personal data from a child under 13 without verifiable parental or legal guardian consent, we will take steps to delete this information as soon as possible.
If you are a parent or legal guardian and believe that your child has provided us with personal data without your consent, please contact us at [email protected].
We reserve the right to modify this Privacy Policy at any time to reflect changes in our data processing practices, regulatory developments, or addition of new features to our Services.
In case of substantial modification of this policy, we will inform you by email at the address associated with your account and/or by notification on our website, at least 30 days before the modifications take effect. Minor or purely technical modifications may be made without prior notification.
The most recent version of this Privacy Policy is always available on our website. We encourage you to regularly consult this page to stay informed of our data protection practices.
Your continued use of our Services after the modifications take effect constitutes acceptance of the new policy. If you do not accept the modifications, you must stop using our Services and close your account.
For any questions regarding this Privacy Policy, to exercise your rights, or to contact our data protection officer, you can reach us by the following means:
By email: [email protected] (questions regarding data protection and exercise of your rights)
By postal mail: Association KATABUMP, Attention: Data Protection Officer, 32 Rue de Paris, 92100 Boulogne-Billancourt, France
SIREN: 923 962 724
We commit to responding to all requests within a maximum of one month from their receipt. This period may be extended by two additional months if necessary, taking into account the complexity and number of requests. In this case, we will inform you of this extension within one month from receipt of the request, explaining the reasons for the delay.