Privacy Policy

The data controller for personal data collected through crescosystem.com and the client portal is:

• Company: CRESCO System
• Representative: Max Faust
• Address: 59 rue de Ponthieu, Bureau 326, 75008 Paris, France
• Email: contact@crescosystem.com

Contact / discovery form:

• First and last name
• Professional email address
• Phone number (optional, with country code)
• Agency name (optional)
• Agency type
• Selected package (Audit / Systems Build / Partnership / undecided)
• Description of your problem or project
• Preferred time slot for a discovery call

Website browsing:

• Anonymous analytics data (with your prior consent)

Project data:

• Project name and associated phases
• Milestones, deliverables, and progress statuses
• Planned start and end dates
• Project updates and communications

Billing data:

• Invoice amounts and payment statuses
• Stripe payment references
• Transaction history

Session data:

• Your project code is stored exclusively in the browser's sessionStorage
• It is automatically cleared when the tab or browser is closed
• It is never transmitted to any external server, except during the initial validation request to the portal API
• It is removed from the URL immediately after validation, leaving no trace in browser history

The data we collect is used to:

• Process and respond to discovery requests and call bookings
• Manage the client relationship and project follow-up via the portal
• Issue quotes, invoices, and process payments
• Improve the website and our services (anonymous analytics)

• Legitimate interest: responding to inbound enquiries and managing the commercial relationship
• Contract performance: client project management, portal access, and invoicing
• Legal obligation: retention of accounting and tax records
• Consent: analytics cookies (collected via the cookie banner)

Your data may be shared with the following sub-processors, strictly within the scope of service delivery:

• Notion - Project, lead, and communication data storage (United States, GDPR coverage via Standard Contractual Clauses)
• Stripe - Payment processing and transaction history (United States, PCI-DSS Level 1 certified)
• Resend - Transactional email delivery
• Make.com - Internal workflow automation
• Vercel Inc. - Website + portal hosting and encrypted data transmission (340 Pine Street Suite 701, San Francisco, CA 94104, USA)

No data is sold or transferred to third parties for commercial purposes.

The following technical measures are in place to protect data accessed via the client portal:

• Random project codes: access codes are randomly generated in the format CM-XXXX-XXXX, with no link to personal information
• No stored passwords: authentication relies solely on project codes - no password database
• Ephemeral sessions: all session data is cleared when the browser is closed
• HTTPS only: all data is transmitted over TLS-encrypted connections
• URL sanitisation: the project code is removed from the URL immediately after validation to prevent exposure in history or server logs

• Lead data: 2 years from the last point of contact
• Project data (portal): retained for the duration of the engagement and for 5 years after its close (French accounting requirement)
• Payment data: 10 years (French legal requirement - Article L.123-22 et seq. of the Commercial Code)
• Session data (portal): duration of the browser session only - no server-side retention

Under the General Data Protection Regulation (GDPR) and the French Data Protection Act, you have the following rights:

• Right of access: obtain a copy of the data held about you
• Right to rectification: correct inaccurate or incomplete data
• Right to erasure: request deletion of your data ("right to be forgotten")
• Right to portability: receive your data in a structured, machine-readable format
• Right to object: object to processing based on your particular situation
• Right to restriction: request a temporary suspension of processing

To exercise any of these rights, contact us at: contact@crescosystem.com

You also have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés): www.cnil.fr

crescosystem.com uses cookies. To learn more about the categories in use and manage your preferences, use the cookie banner accessible at the bottom of every page.

Essential cookies are required for the site to function and cannot be disabled. Analytics and third-party cookies are only activated with your explicit consent.

Some of our sub-processors (Notion, Stripe, Vercel) are based in the United States. These transfers are governed by Standard Contractual Clauses approved by the European Commission and/or recognised certifications (EU–US Data Privacy Framework).

CRESCO System reserves the right to update this privacy policy at any time. Changes take effect upon publication on this page. We encourage you to review this page periodically.