DiglotPrivacy Policy
Last updated: 12/06/2025
This Privacy Policy explains how Diglot (“we”, “us”, or “our”) collects, uses, and protects your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable French laws.
By using our website joindiglot.com, you agree to the terms of this policy.
1. Who we are
Controller: Michel Hognerud (sole proprietor)
33 Boulevard Henri Laclau
64400 Oloron-Sainte-Marie, France
Email: contact AT joindiglot.com
SIREN: 499 229 490
2. What data we collect
We collect and process the following categories of personal data:
- Identification data: email address, username
- Authentication data: hashed password
- Usage data: learning progress, language level estimations, activity logs (non-personal)
- Analytics data: pseudonymous unique identifier (UUID), aggregated usage events, and behavioral analytics collected through Microsoft Clarity
We do not collect:
- Special categories of data (sensitive data under Article 9 GDPR)
- User-generated content
3. Legal basis for processing
| Purpose | Legal basis |
|---|---|
| Creating and managing user accounts | Performance of a contract (Art. 6.1.b) |
| Providing access to content and progress tracking | Performance of a contract |
| Handling payments via Stripe | Performance of a contract |
| Improving the service (internal analytics only) | Legitimate interest (Art. 6.1.f) |
| Using Microsoft Clarity for behavioral analytics (session replay, heatmaps) | Consent (Art. 6.1.a) |
| Security and fraud prevention | Legal obligation & legitimate interest |
| Responding to user requests | Consent or contractual necessity |
4. Who processes your data
We may share your data with trusted service providers acting as data processors:
- OVH SAS – hosting provider (France)
- Stripe Payments Europe – payment processing (Ireland)
- Microsoft Clarity – behavior analytics (session replay, heatmaps)
- Internal tools used for analytics (no third-party advertising tools)
These processors are bound by data processing agreements and comply with the GDPR.
5. Where your data is stored
For self-hosted data, all storage remains within the European Union.
Some analytics data processed by Microsoft Clarity may be transferred outside the EU (e.g., to the United States). These transfers rely on Standard Contractual Clauses (SCCs) and Microsoft’s GDPR-compliant framework.
6. How long we keep your data
| Data type | Retention period |
|---|---|
| User account data | As long as your account is active |
| Progress & usage data | Until account deletion or 2 years of inactivity |
| Analytics UUID & events | Until account deletion or 2 years inactivity |
| Behavior analytics via Microsoft Clarity | Stored by Microsoft for up to 13 months |
| Logs & security data | Up to 12 months |
| Payment records | 6–10 years (legal obligation) |
You can delete your account at any time from your settings. This also deletes associated analytics identifiers.
7. Your rights
Under the GDPR, you have the following rights:
- Access – Know what data we hold about you
- Rectification – Request correction of inaccurate data
- Erasure – Request deletion of your data
- Restriction – Request limited processing under certain conditions
- Portability – Obtain your data in a structured, machine-readable format
- Objection – Object to processing based on our legitimate interests
To exercise your rights, contact us at contact AT joindiglot.com. We may ask for proof of identity to process your request.
8. Children
Use of Diglot is strictly prohibited for users under 15 years old.
We do not knowingly collect data from minors. If you believe such data was collected, please contact us immediately.
9. Cookies, tracking, and Do Not Track
Diglot uses both essential cookies and optional analytics cookies.
Essential cookies are required for the website to function.
Analytics cookies used by Microsoft Clarity are only activated after you give explicit consent through our cookie banner.
Clarity collects interaction data (clicks, scrolls, navigation patterns) but automatically masks any personal information entered into forms.
9.1. Do Not Track (DNT)
Diglot honors Do Not Track (DNT) signals sent by your browser.
When a DNT signal is detected:
- No analytics cookies are set
- No Microsoft Clarity scripts are loaded
- No pseudonymous analytics identifiers (UUIDs) are created
- Your choice is respected regardless of the cookie banner
You can enable DNT from your browser settings at any time.
9.2. Cookie choices
You may accept, refuse, or customize your cookie preferences at any time through our cookie banner or cookie settings page.
If you refuse analytics cookies—or if DNT is enabled—no analytics or behavioral tracking will take place.
10. Changes to this policy
We may update this Privacy Policy to reflect legal or technical changes.
If significant modifications occur, we will inform users by email or through a notification on the site.
11. Contact
For any questions regarding your personal data, you can contact us at:
📧 contact AT joindiglot.com
You also have the right to lodge a complaint with the CNIL:
https://www.cnil.fr/