Privacy Policy

1. Data Controller

Personal data processed through the Okurio application is controlled by Thomas VIAL, an individual, located in Paris, France.

Privacy support is available on our support page.

2. Data We Collect

Depending on your use of the service, we may process:

• Account data: email, name, avatar, date of birth.
• Wishlist and item data: titles, descriptions, prices, images, URLs, and reservation status.
• Technical and security data: application logs, session information, auth tokens, password reset tokens, push tokens (if enabled).
• Transactional email data: delivery of technical links (password reset, guest reservation confirmation).

3. Purposes and Legal Bases

• Service delivery (contract performance): account creation, authentication, wishlist management, reservation management.
• Security and abuse prevention (legitimate interest): account protection, incident detection, defense of legal rights.
• Legal obligations: limited retention where required by law.

4. Email and Technical Uses

We collect and use email addresses for technical purposes required to operate the service, including forgotten-password links and transactional emails.

5. Affiliate and External Links

Some external links may be affiliate links. Okurio may receive a commission after click and purchase, at no additional cost to users.

6. No Sale of Personal Data

Personal data is not sold to third parties.

7. Recipients and Data Location

Data is accessible only to authorized persons or services strictly required to run Okurio. Production data is hosted in France.

8. Retention Period

Data is retained while your account is active. When your account is deleted, associated data is deleted, subject to temporary technical backups and legal retention duties.

9. Security Measures

Reasonable technical and organizational measures are implemented, including encrypted network transport in production, encryption at rest at infrastructure level, password hashing, and hashing of sensitive tokens.

10. Your Rights

Under GDPR, you have rights including access, rectification, erasure, restriction, objection, and portability where applicable. You can exercise your rights from our support page.

11. Minors

For users in France, the recommended minimum age to use the service is 15 years old.

12. CNIL Complaint

If you believe your rights are not respected, you may submit a complaint to the French supervisory authority (CNIL).

13. Policy Updates

This policy may be updated at any time. The "Last updated" date at the top of this page applies.