PRIVACY POLICY β WIBLO
Last updated: January 24, 2026
Wiblo is committed to protecting your privacy and processing your personal data in a transparent, secure manner that complies with the General Data Protection Regulation (GDPR - EU 2016/679) and applicable laws in France.
This document explains:
- What data we collect
- Why and how we use it
- Who we share it with
- Your rights and how to exercise them
- Our security measures
- Cookie management
Contact: hello.wiblo@gmail.com
1. DATA CONTROLLER
Data Controller: SAS Hapy
Address: 60 Rue François 1er, 75008 Paris, France
Personal data contact: hello.wiblo@gmail.com
Wiblo processes data as:
- Data controller for its own operational needs
- Data processor for certain specific data (e.g., reviews transmitted to Creators)
2. PERSONAL DATA COLLECTED
2.1 β IDENTIFICATION DATA (mandatory)
Collected during registration and account creation:
| Data | Why? | Legal basis |
|---|---|---|
| Phone number | Anti-multi-account verification, 2FA, contact | Legitimate interest (security), consent |
| Email address | Primary identifier, notifications, account recovery | Necessary for contract |
| First name/Last name or pseudonym | User profile, public display (optional) | Legitimate interest (community functioning) |
| Password | Authentication (hashed, never stored in plain text) | Necessary for contract |
2.2 β PAYMENT DATA (managed by third parties)
| Data | Why? | Legal basis |
|---|---|---|
| Banking information (card, IBAN) | Project publication payment | Necessary for contract (via Apple/Google) |
| Billing history | Tax compliance, support | Necessary for contract |
IMPORTANT: Wiblo NEVER stores banking information. It is processed exclusively by Apple (App Store), Google (Play Billing), and Paddle (web payments).
2.3 β USAGE & ACTIVITY DATA
| Data | Why? | Legal basis |
|---|---|---|
| Test history | Points allocation, levels, anti-fraud | Necessary for contract |
| Published reviews | Public display, quality analysis | Consent, legitimate interest |
| Points/Levels | Gamification, user progression | Necessary for contract |
| Claimed rewards | Delivery management and tracking | Necessary for contract |
2.4 β TECHNICAL DATA
| Data | Why? | Legal basis |
|---|---|---|
| IP address | Security, anti-fraud geolocation | Legitimate interest (security) |
| Device type/OS | Compatibility, analytics | Legitimate interest |
| Device identifier | User sessions | Legitimate interest |
| Cookies (see section 9) | Website/app functioning | Consent |
2.5 β OPTIONAL / SENSITIVE DATA
| Data | Why? | Legal basis |
|---|---|---|
| Geolocation (opt-in) | Reward eligibility verification | Explicit consent |
| ID document (rare) | Age/identity verification for Rewards >β¬50 | Legitimate interest + consent |
| Marketing preferences | Communication personalization | Consent |
NO SENSITIVE DATA: Wiblo does not collect health data, religion, sexual orientation, political opinions, etc.
3. PROCESSING PURPOSES
We process your data ONLY for:
3.1 β PRIMARY PURPOSES (necessary for contract)
1. Wiblo service provision:
- Account creation and management
- Points/Levels allocation based on your actions
- Project publication (Creators)
- Test and Review management (Testers)
- Payment processing via IAP
2. Rewards management:
- Eligibility verification (level, review quality, geolocation)
- Reward delivery (partners)
- Delivery and claim tracking
3. Security & integrity:
- Fraud detection (multi-accounts, bots)
- Abuse protection (IP monitoring, patterns)
- Critical data backup
3.2 β SECONDARY PURPOSES (legitimate interest)
1. Platform improvement:
- Anonymized trend analysis
- Internal statistics (TesterβCreator conversion rate)
- UX/UI optimization (analytics)
2. Customer support:
- Response to your tickets and claims
- History of your interactions with support
3. Legal compliance:
- Tax obligations (invoices)
- Response to authorities (judicial orders)
3.3 β MARKETING PURPOSES (consent)
1. Marketing communications:
- Newsletter (new Projects, Rewards, events)
- Special promotions (partner promo codes)
- MANDATORY OPT-IN: You can unsubscribe at any time
4. LEGAL BASES FOR PROCESSING
| Purpose | GDPR legal basis | Details |
|---|---|---|
| Service provision | Article 6.1.b β Necessary for contract | Without this data, no service possible |
| Security | Article 6.1.f β Legitimate interest | Platform security priority |
| Improvement | Article 6.1.f β Legitimate interest | Anonymized A/B tests |
| Marketing | Article 6.1.a β Consent | Explicit opt-in required |
| Compliance | Article 6.1.c β Legal obligation | Invoices, authorities |
| Sensitive rewards | Article 6.1.a β Consent | Geolocation, identity verification |
5. DATA RECIPIENTS
5.1 β INTERNAL RECIPIENTS
- Wiblo team (support, moderation, development)
- Restricted access by role (principle "need to know")
5.2 β SUB-CONTRACTORS / TECHNICAL PARTNERS
| Partner | Role | Data shared | Contract type |
|---|---|---|---|
| Apple/Google | IAP payments | Banking data | Store contracts |
| Firebase/AWS | Hosting | Technical data | Signed GDPR DPA |
| Paddle | Web Merchant of Record | Payment data | Signed DPA |
| Reward Partners (Amazon) | Gift delivery | Name, email, address | Specific contract |
| Google Analytics | Analytics | Anonymized data | Analytics DPA |
ALL SUB-CONTRACTORS SIGN A GDPR DPA (DATA PROCESSING AGREEMENT).
5.3 β SHARING WITH CREATORS
- Public reviews: Your published Reviews are visible to the Project Creator and the community
- No sensitive identifiers: The Creator does not see your email, phone, IP, etc.
- Aggregated statistics: The Creator sees anonymized stats (e.g., "50 French Testers, average rating 4.2")
5.4 β AUTHORITIES & LEGAL OBLIGATIONS
- Judicial orders, police, tax authorities
- Only upon legally founded request
WIBLO NEVER SELLS YOUR PERSONAL DATA TO THIRD PARTIES.
6. INTERNATIONAL DATA TRANSFERS
6.1 β DATA LOCATION
- Main servers: Europe (AWS Frankfurt, Firebase EU)
- Analytics: Google Analytics EU (not USA except anonymization)
- Payments: Apple/Google (GDPR compliant)
6.2 β TRANSFERS OUTSIDE EU
| Destination | Legal basis | Guarantees |
|---|---|---|
| USA (Google Analytics) | SCC (Standard Contractual Clauses) | IP anonymization + DPA |
| Partners outside EU | Consent + SCC | Case by case |
7. DATA RETENTION PERIOD
| Data type | Retention period | Reason |
|---|---|---|
| Active account | Duration of your use + 3 years | Support, legal, reactivation |
| Points/Rewards | 5 years after last activity | Tax, disputes |
| Invoices/Payments | 10 years | French tax obligations |
| Security logs | 6 months | GDPR + security |
| Public reviews | Indefinitely (except deletion request) | Historical value |
| Deleted data | 30 days max (backup) | Complete deletion |
AFTER ACCOUNT DELETION: All personal data is deleted within 30 days, except legal obligations or security backups (anonymized).
8. YOUR GDPR RIGHTS
You have the following rights (Articles 15 to 22 GDPR):
| Right | Description | How to exercise |
|---|---|---|
| ACCESS (Art. 15) | Obtain a copy of your data | Form in app or email hello.wiblo@gmail.com |
| RECTIFICATION (Art. 16) | Correct inaccurate data | Account settings or support |
| OBJECTION (Art. 21) | Refuse marketing/analytical processing | Unsubscribe link or settings |
| ERASURE (Art. 17) | Request deletion of your data | Form in app or email |
| PORTABILITY (Art. 20) | Retrieve your data in a structured format (JSON, CSV) | Request by email |
| RESTRICTION (Art. 18) | Temporarily freeze processing of your data | Request by email |
| COMPLAINT | File a complaint with CNIL if rights not respected | cnil.fr/fr/plaintes |
RESPONSE TIME: Maximum 30 days after receipt of your request.
9. COOKIES & TRACKING TECHNOLOGIES
9.1 β WHAT IS A COOKIE?
A cookie is a small text file stored on your device when you visit our application or website. It allows us to remember your preferences and improve your experience.
9.2 β COOKIES USED
| Type | Purpose | Duration | Legal basis |
|---|---|---|---|
| ESSENTIAL COOKIES | User session, Login, Security | Session | Necessary for contract |
| ANALYTICAL COOKIES | Google Analytics (anonymized), Usage statistics | 13 months | Consent |
| MARKETING COOKIES (if applicable) | Targeted advertising, Retargeting | 13 months | Consent |
9.3 β COOKIE MANAGEMENT
You can refuse non-essential cookies:
- In Wiblo application settings
- Via your browser (if using web app)
- Via your mobile device settings (iOS/Android)
9.4 β SIMILAR TECHNOLOGIES
Wiblo may also use:
- Tracking pixels (analytics)
- Mobile advertising identifiers (IDFA iOS, GAID Android)
- Local storage / session storage
10. DATA SECURITY
Wiblo implements technical and organizational measures to protect your personal data against unauthorized access, loss, destruction or alteration.
10.1 β TECHNICAL MEASURES
- β Communication encryption (HTTPS/TLS)
- β Passwords hashed with bcrypt (never stored in plain text)
- β Two-factor authentication (2FA) available
- β Sensitive data encryption in database
- β Encrypted and regular backups
- β DDoS attack protection
10.2 β ORGANIZATIONAL MEASURES
- β Restricted data access (limited team, "need to know" principle)
- β Mandatory GDPR training for all employees
- β Regular security audits (internal and external)
- β Continuous anti-fraud monitoring (logs, patterns)
- β Security incident response procedures
- β DPA contracts with all sub-contractors
10.3 β IN CASE OF DATA BREACH
In case of a data breach affecting your rights and freedoms, Wiblo commits to:
- Notify CNIL within 72 hours (GDPR Article 33)
- Inform you directly by email if high risk (GDPR Article 34)
- Take all necessary corrective measures
- Publish a transparency report
11. MODIFICATIONS TO THIS POLICY
11.1 β CHANGE NOTIFICATIONS
In case of IMPORTANT changes (new data collected, new recipients, purpose change):
- Email notification 7 days before effective date
- In-app notification (pop-up on launch)
- New version published with visible update date
- Acceptance required to continue using Wiblo
11.2 β MINOR CHANGES
For minor modifications (corrections, clarifications):
- Update of "Last updated" date
- Publication without prior notification
11.3 β VERSION HISTORY
Previous versions of this Policy are archived and available upon request by email at hello.wiblo@gmail.com.
12. CONTACT & COMPLAINTS
12.1 β QUESTIONS ABOUT YOUR PERSONAL DATA
- π§ Email: hello.wiblo@gmail.com
- π Postal address: SAS Hapy - 60 Rue FranΓ§ois 1er, 75008 Paris, France
Email subject: [GDPR] followed by your request (e.g., [GDPR] Access request)
We commit to responding within a maximum of 30 calendar days.
12.2 β COMPLAINT TO CNIL
- π cnil.fr/fr/plaintes
- π§ plaintes@cnil.fr
- π CNIL - 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07
13. COMPLIANCE
This Privacy Policy complies with:
- β General Data Protection Regulation (GDPR - EU 2016/679)
- β Data Protection Act (France, amended in 2018)
- β Apple App Store Review Guidelines (Section 5.1.1)
- β Google Play Store Data Safety Requirements
- β ePrivacy Directive (cookies and electronic communications)
Wiblo β Your privacy is our priority.
Last updated: January 24, 2026