Wiblo

Privacy Policy

PRIVACY POLICY - WIBLO

Last updated: January 24, 2026

Wiblo is committed to protecting your privacy and processing your personal data in a transparent, secure manner that complies with the General Data Protection Regulation (GDPR - EU 2016/679) and applicable laws in France.

This document explains:

  • What data we collect
  • Why and how we use it
  • Who we share it with
  • Your rights and how to exercise them
  • Our security measures
  • Cookie management

Contact: hello.wiblo@gmail.com

1. DATA CONTROLLER

Data Controller: SAS Hapy
Address: 60 Rue François 1er, 75008 Paris, France
Personal data contact: hello.wiblo@gmail.com

Wiblo processes data as:

  • Data controller for its own operational needs
  • Data processor for certain specific data (e.g., reviews transmitted to Creators)

2. PERSONAL DATA COLLECTED

2.1 - IDENTIFICATION DATA (mandatory)

Collected during registration and account creation:

Data Why? Legal basis
Phone number Anti-multi-account verification, 2FA, contact Legitimate interest (security), consent
Email address Primary identifier, notifications, account recovery Necessary for contract
First name/Last name or pseudonym User profile, public display (optional) Legitimate interest (community functioning)
Password Authentication (hashed, never stored in plain text) Necessary for contract

2.2 - PAYMENT DATA (managed by third parties)

Data Why? Legal basis
Banking information (card, IBAN) Project publication payment Necessary for contract (via Apple/Google)
Billing history Tax compliance, support Necessary for contract

IMPORTANT: Wiblo NEVER stores banking information. It is processed exclusively by Apple (App Store) and Google (Play Billing).

2.3 - USAGE & ACTIVITY DATA

Data Why? Legal basis
Test history Points allocation, levels, anti-fraud Necessary for contract
Published reviews Public display, quality analysis Consent, legitimate interest
Points/Levels Gamification, user progression Necessary for contract
Claimed rewards Delivery management and tracking Necessary for contract

2.4 - TECHNICAL DATA

Data Why? Legal basis
IP address Security, anti-fraud geolocation Legitimate interest (security)
Device type/OS Compatibility, analytics Legitimate interest
Device identifier User sessions Legitimate interest
Cookies (see section 9) Website/app functioning Consent

2.5 - OPTIONAL / SENSITIVE DATA

Data Why? Legal basis
Geolocation (opt-in) Reward eligibility verification Explicit consent
ID document (rare) Age/identity verification for Rewards >€50 Legitimate interest + consent
Marketing preferences Communication personalization Consent

NO SENSITIVE DATA: Wiblo does not collect health data, religion, sexual orientation, political opinions, etc.

3. PROCESSING PURPOSES

We process your data ONLY for:

3.1 - PRIMARY PURPOSES (necessary for contract)

1. Wiblo service provision:

  • Account creation and management
  • Points/Levels allocation based on your actions
  • Project publication (Creators)
  • Test and Review management (Testers)
  • Payment processing via IAP

2. Rewards management:

  • Eligibility verification (level, review quality, geolocation)
  • Reward delivery (partners)
  • Delivery and claim tracking

3. Security & integrity:

  • Fraud detection (multi-accounts, bots)
  • Abuse protection (IP monitoring, patterns)
  • Critical data backup

3.2 - SECONDARY PURPOSES (legitimate interest)

1. Platform improvement:

  • Anonymized trend analysis
  • Internal statistics (Tester→Creator conversion rate)
  • UX/UI optimization (analytics)

2. Customer support:

  • Response to your tickets and claims
  • History of your interactions with support

3. Legal compliance:

  • Tax obligations (invoices)
  • Response to authorities (judicial orders)

3.3 - MARKETING PURPOSES (consent)

1. Marketing communications:

  • Newsletter (new Projects, Rewards, events)
  • Special promotions (partner promo codes)
  • MANDATORY OPT-IN: You can unsubscribe at any time

4. LEGAL BASES FOR PROCESSING

Purpose GDPR legal basis Details
Service provision Article 6.1.b
Necessary for contract		 Without this data, no service possible
Security Article 6.1.f
Legitimate interest		 Platform security priority
Improvement Article 6.1.f
Legitimate interest		 Anonymized A/B tests
Marketing Article 6.1.a
Consent		 Explicit opt-in required
Compliance Article 6.1.c
Legal obligation		 Invoices, authorities
Sensitive rewards Article 6.1.a
Consent		 Geolocation, identity verification

5. DATA RECIPIENTS

5.1 - INTERNAL RECIPIENTS

  • Wiblo team (support, moderation, development)
  • Restricted access by role (principle "need to know")

5.2 - SUB-CONTRACTORS / TECHNICAL PARTNERS

Partner Role Data shared Contract type
Apple/Google IAP payments Banking data Store contracts
Firebase/AWS Hosting Technical data Signed GDPR DPA
Stripe (future direct payments) Billing Payment data Signed DPA
Reward Partners (Amazon) Gift delivery Name, email, address Specific contract
Google Analytics Analytics Anonymized data Analytics DPA

ALL SUB-CONTRACTORS SIGN A GDPR DPA (DATA PROCESSING AGREEMENT).

5.3 - SHARING WITH CREATORS

  • Public reviews: Your published Reviews are visible to the Project Creator and the community
  • No sensitive identifiers: The Creator does not see your email, phone, IP, etc.
  • Aggregated statistics: The Creator sees anonymized stats (e.g., "50 French Testers, average rating 4.2")

5.4 - AUTHORITIES & LEGAL OBLIGATIONS

  • Judicial orders, police, tax authorities
  • Only upon legally founded request

WIBLO NEVER SELLS YOUR PERSONAL DATA TO THIRD PARTIES.

6. INTERNATIONAL DATA TRANSFERS

6.1 - DATA LOCATION

  • Main servers: Europe (AWS Frankfurt, Firebase EU)
  • Analytics: Google Analytics EU (not USA except anonymization)
  • Payments: Apple/Google (GDPR compliant)

6.2 - TRANSFERS OUTSIDE EU

Destination Legal basis Guarantees
USA (Google Analytics) SCC (Standard Contractual Clauses) IP anonymization + DPA
Partners outside EU Consent + SCC Case by case

7. DATA RETENTION PERIOD

Data type Retention period Reason
Active account Duration of your use + 3 years Support, legal, reactivation
Points/Rewards 5 years after last activity Tax, disputes
Invoices/Payments 10 years French tax obligations
Security logs 6 months GDPR + security
Public reviews Indefinitely (except deletion request) Historical value
Deleted data 30 days max (backup) Complete deletion

AFTER ACCOUNT DELETION: All personal data is deleted within 30 days, except legal obligations or security backups (anonymized).

8. YOUR GDPR RIGHTS

You have the following rights (Articles 15 to 22 GDPR):

Right Description How to exercise
ACCESS
(Art. 15)		 Obtain a copy of your data Form in app or email hello.wiblo@gmail.com
RECTIFICATION
(Art. 16)		 Correct inaccurate data Account settings or support
OBJECTION
(Art. 21)		 Refuse marketing/analytical processing Unsubscribe link or settings
ERASURE
("right to be forgotten" Art. 17)		 Request deletion of your data Form in app or email
PORTABILITY
(Art. 20)		 Retrieve your data in a structured format (JSON, CSV) Request by email
RESTRICTION
(Art. 18)		 Temporarily freeze processing of your data Request by email
COMPLAINT File a complaint with CNIL if rights not respected https://www.cnil.fr/fr/plaintes

RESPONSE TIME: Maximum 30 days after receipt of your request.

ID DOCUMENT: May be requested to verify your identity before processing your request (security).

9. COOKIES & TRACKING TECHNOLOGIES

9.1 - WHAT IS A COOKIE?

A cookie is a small text file stored on your device when you visit our application or website. It allows us to remember your preferences and improve your experience.

9.2 - COOKIES USED

Type Purpose Duration Legal basis
ESSENTIAL COOKIES • User session
• Login
• Security		 Session Necessary for contract
ANALYTICAL COOKIES • Google Analytics (anonymized)
• Usage statistics		 13 months Consent
MARKETING COOKIES
(if applicable)		 • Targeted advertising
• Retargeting		 13 months Consent

9.3 - COOKIE MANAGEMENT

You can refuse non-essential cookies:

  • In Wiblo application settings
  • Via your browser (if using web app)
  • Via your mobile device settings (iOS/Android)

REFUSING COOKIES = possible impact on certain features.

9.4 - SIMILAR TECHNOLOGIES

Wiblo may also use:

  • Tracking pixels (analytics)
  • Mobile advertising identifiers (IDFA iOS, GAID Android)
  • Local storage / session storage

You can disable advertising tracking:

  • iOS: Settings > Privacy > Advertising Tracking
  • Android: Settings > Google > Ads > Disable personalization

10. DATA SECURITY

Wiblo implements technical and organizational measures to protect your personal data against unauthorized access, loss, destruction or alteration.

10.1 - TECHNICAL MEASURES

  • ✅ Communication encryption (HTTPS/TLS)
  • ✅ Passwords hashed with bcrypt (never stored in plain text)
  • ✅ Two-factor authentication (2FA) available
  • ✅ Sensitive data encryption in database
  • ✅ Encrypted and regular backups
  • ✅ DDoS attack protection

10.2 - ORGANIZATIONAL MEASURES

  • ✅ Restricted data access (limited team, "need to know" principle)
  • ✅ Mandatory GDPR training for all employees
  • ✅ Regular security audits (internal and external)
  • ✅ Continuous anti-fraud monitoring (logs, patterns)
  • ✅ Security incident response procedures
  • ✅ DPA contracts with all sub-contractors

10.3 - IN CASE OF DATA BREACH

In case of a data breach affecting your rights and freedoms, Wiblo commits to:

  • Notify CNIL within 72 hours (GDPR Article 33)
  • Inform you directly by email if high risk (GDPR Article 34)
  • Take all necessary corrective measures
  • Publish a transparency report

NO SYSTEM IS INFALLIBLE: Despite our efforts, no transmission over the Internet is completely secure. You use Wiblo at your own risk.

11. MODIFICATIONS TO THIS POLICY

Wiblo may modify this Privacy Policy at any time to reflect changes in our practices, legislation or services.

11.1 - CHANGE NOTIFICATIONS

In case of IMPORTANT changes (new data collected, new recipients, purpose change):

  • Email notification 7 days before effective date
  • In-app notification (pop-up on launch)
  • New version published with visible update date
  • Acceptance required to continue using Wiblo

11.2 - MINOR CHANGES

For minor modifications (corrections, clarifications):

  • Update of "Last updated" date
  • Publication without prior notification

11.3 - VERSION HISTORY

Previous versions of this Policy are archived and available upon request by email at hello.wiblo@gmail.com.

12. CONTACT & COMPLAINTS

12.1 - QUESTIONS ABOUT YOUR PERSONAL DATA

For any questions regarding the processing of your personal data or to exercise your GDPR rights:

  • 📧 Email: hello.wiblo@gmail.com
  • 📍 Postal address: SAS Hapy - 60 Rue François 1er, 75008 Paris, France

Email subject: [GDPR] followed by your request (e.g., [GDPR] Access request)

12.2 - RESPONSE TIME

We commit to responding to any request within a maximum of 30 calendar days from receipt.

If your request is complex or requires additional verification, we may extend this period by 2 months, informing you of the reasons for this extension.

12.3 - COMPLAINT TO CNIL

If you believe your rights are not respected or that the processing of your data is not compliant with GDPR, you have the right to file a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL):

IMPORTANT: We encourage you to contact us BEFORE filing a complaint with CNIL so we can resolve your issue amicably.

12.4 - GENERAL SUPPORT

For any other questions (technical, billing, usage):

13. COMPLIANCE

This Privacy Policy complies with:

  • ✅ General Data Protection Regulation (GDPR - EU 2016/679)
  • ✅ Data Protection Act (France, amended in 2018)
  • ✅ Apple App Store Review Guidelines (Section 5.1.1)
  • ✅ Google Play Store Data Safety Requirements
  • ✅ ePrivacy Directive (cookies and electronic communications)

Wiblo — Your privacy is our priority.
Last updated: January 24, 2026

← Back to Home