To Brass Logo

Privacy Policy

1. Data Controller

The data controller for personal data is:

  • To Brass SAS
  • 23 Rue Flandres Dunkerque 40, 44100 Nantes, France
  • Trade register: RCS Nantes – 932 769 409
  • Email: contact@tobrass.shop

2. Data Collection

To Brass collects only the data necessary to process orders: email address, first name, and last name. This data is stored securely and is never sold to third parties.

3. Data Usage and Legal Bases

Your data is used for the following purposes:

  • Process and confirm your orders — legal basis: performance of a contract (Art. 6.1.b GDPR)
  • Send you your download links — legal basis: performance of a contract (Art. 6.1.b GDPR)
  • Keep you informed about your order status — legal basis: performance of a contract (Art. 6.1.b GDPR)
  • Send newsletters if you have consented — legal basis: consent (Art. 6.1.a GDPR)
  • Comply with legal and accounting obligations — legal basis: legal obligation (Art. 6.1.c GDPR)

4. Cookies

The site uses only technical cookies necessary for proper operation (cart, session). No advertising or third-party tracking cookies are used.

5. Data Retention

Your account data is retained for 3 years after your last order. Accounting data (invoices, transactions) is retained for 10 years in accordance with French legal obligations.

6. International Transfers

Data may be transferred to servers outside the European Union via our providers Supabase and Stripe, which have appropriate safeguards in place (standard contractual clauses approved by the European Commission).

7. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access: obtain a copy of your data
  • Right to rectification: correct inaccurate data
  • Right to erasure: request deletion of your data
  • Right to data portability: receive your data in a structured format
  • Right to object: object to certain processing (including direct marketing)
  • Right to restriction of processing: request suspension of processing in certain cases

To exercise these rights, contact us at: contact@tobrass.shop

You also have the right to lodge a complaint with the CNIL (French Data Protection Authority): www.cnil.fr — 3, Place de Fontenoy, 75007 Paris, France.

8. Security

We use Supabase for secure data storage and Stripe for payments. No banking data is stored on our servers.