Privacy Policy

Last updated: November 8, 2025

This Privacy Policy explains how Moneysab (the “Company”) processes personal data in connection with its website (moneysab.com), the Cardexis product suite (“Cardexis”) and related services. We comply with the EU General Data Protection Regulation (GDPR) and applicable laws.

1) Data Controller

Moneysab (France). Contact: sales@moneysab.com. Mailing location: Aix-en-Provence, France.

2) What Data We Process

  • Contact & Demo forms: name, work email, company, phone (optional), scope (issuing/acquiring), selected modules, message content, consent checkbox.
  • Commercial interactions: emails exchanged, meeting notes, proposals, contract metadata.
  • Website analytics (minimal): page views, events (e.g., “Request Demo” clicks). We do not attempt to identify you from analytics and avoid collecting sensitive data.
  • Client portal (Cardexis Access): account identifiers, role/permissions, audit logs (security & support), technical telemetry (errors, performance). Customer content (e.g., settlement files, invoices) is processed under the service agreement and kept logically separate per tenant.

3) Purposes & Legal Bases

  • Respond to enquiries / provide demos (Art. 6(1)(b) performance of contract or pre-contractual steps).
  • Provide and improve Cardexis (Art. 6(1)(b) contract; Art. 6(1)(f) legitimate interest for quality, security, and product improvement).
  • Security & fraud prevention (Art. 6(1)(f) legitimate interest; Art. 6(1)(c) where legal obligations apply).
  • Marketing to professionals (Art. 6(1)(a) consent where required; otherwise Art. 6(1)(f) legitimate interest, with opt-out always available).

4) Retention

  • Contact/demo records: up to 24 months after last interaction (or sooner upon request).
  • Contractual/account data: for the contract term and legal archiving periods.
  • Telemetry/audit logs: typically 6–18 months (security, support, compliance).
  • Customer content (files/invoices): per customer agreement and deletion schedule.

5) Sharing & Processors

We use vetted sub-processors for hosting and tooling. Typical categories: cloud hosting, email delivery, error monitoring, analytics. We require appropriate data protection commitments (DPAs).

  • Hosting: EU/CH cloud (e.g., Infomaniak in Switzerland by default) or on-prem at the customer’s request.
  • Email/CRM/support tools: business communications and ticketing providers.
  • Analytics/monitoring: privacy-respecting measurement and application telemetry.

We do not sell personal data. We may disclose data if required by law or to protect rights, safety, and systems.

6) International Transfers

When data is processed outside the EU/EEA/CH, we use appropriate safeguards (e.g., Standard Contractual Clauses) and risk assessments. EU/CH hosting is the default for Cardexis; on-prem deployments keep data within your environment.

7) Security

We apply DevSecOps practices: least-privilege access, code reviews, CI/CD, secrets hygiene, encryption in transit, network segmentation, monitoring and audit logs. No security measure is perfect; we operate incident response procedures.

8) Your Rights (GDPR)

You can request access, rectification, erasure, restriction, portability, and object to processing. If we rely on consent, you may withdraw it at any time. To exercise rights, contact sales@moneysab.com. You may also lodge a complaint with your local supervisory authority (e.g., CNIL in France).

9) Cookies & Similar Technologies

We aim to minimize tracking. Where non-essential cookies are used, we will present a consent banner and honor your choices. You can also manage cookies in your browser settings.

10) Third-Party Links

Our website may link to external sites. We are not responsible for their privacy practices. Please review their policies.

11) Children's Data

Our services target business users. We do not knowingly collect data from children.

12) Changes to this Policy

We may update this Policy to reflect legal, technical, or business developments. Material changes will be highlighted on this page. The “Last updated” date shows the latest version.

Contact

Questions about privacy? Email sales@moneysab.com or use our contact form.