Privacy Policy
Last updated: 9 July 2026At Premo, we believe your data belongs to you. This policy explains, in plain language, what data we collect, why, how long we keep it, and how to exercise your rights.
1. Who we are
This policy describes how Dyweb ("we") collects, uses and protects your personal data when you use the mypremo.fr website and the Premo application (together, the "Service").
Data controller: Dyweb, a French EURL with share capital of €1,500, registered with the Poitiers Trade and Companies Register, SIRET 92013943300014, with its registered office at 12 route de Saint Citroine, France. Contact: contact@iolacorp.com.
We never sell, rent or trade your personal data.
2. Scope
This policy covers the mypremo.fr website (public pages, contact form, newsletter) and the Premo application, accessible once you create an account.
It does not apply to third-party websites we may link to, which have their own privacy policies.
3. Data we collect
We only collect the data necessary for the purposes described in this policy.
- Data you provide: first name, last name, email address, phone number, contact reason and the content of your message when you use the contact form; email address when you subscribe to the newsletter.
- Account data (application): login credentials, profile information and settings required to deliver the Service. [TO COMPLETE: list precisely the fields collected when a Premo account is created.]
- Content you create (application): projects, tasks, documents, comments and files you host in Premo. We act as host; you remain the owner.
- Automatically collected data: IP address, browser type (user-agent), timestamps, pages viewed and referring page, recorded in our technical logs.
- Analytics data: visit identifiers, interaction events (page views, clicks) and, where applicable, session recordings — only after you give consent (see section 6).
4. Legal bases for processing
In accordance with the GDPR, each processing activity relies on a specific legal basis:
- Performance of a contract: managing your account, providing and maintaining the Premo application.
- Consent: analytics, session recordings and sending the newsletter. You may withdraw it at any time.
- Legitimate interest: securing the Service, preventing fraud and abuse, improving our products, responding to your contact requests.
- Legal obligation: retaining certain data for accounting purposes or in response to a request from a competent authority.
5. Purposes
Your data is used to:
- Provide the Service: create and manage your account, host your projects and documents.
- Respond to your requests: process messages sent through the contact form.
- Communicate: send you service information, security alerts and, if you consented, our newsletter.
- Improve the Service: understand how features are used and fix defects.
- Ensure security: detect and prevent incidents, abuse and fraud attempts.
6. Cookies, trackers and analytics
No analytics tracker is set or activated before you give explicit consent. Until you accept, no analytics data is collected, either in the browser or on our servers.
We distinguish two categories:
- Strictly necessary storage: the premo.consent key, stored in your browser's local storage, records only your choice (accepted or declined). It cannot identify you and does not require consent.
- Analytics (consent required): Matomo, which we host ourselves, and PostHog (see section 7) set cookies and identifiers to measure traffic and usage of the Service.
You can change or withdraw your choice at any time via the "Cookie preferences" link in the footer, or by clearing site data in your browser. In line with the French CNIL's recommendations, analytics trackers have a maximum lifetime of 13 months and the resulting data is kept for no more than 25 months.
7. Recipients and processors
Your data is only accessible to authorised staff at Dyweb and to the processors strictly necessary to operate the Service. We do not share your data for any advertising purpose.
- PostHog: analytics and product-analysis tool, used in its cloud version hosted in the European Union (eu.i.posthog.com). Enabled only after your consent.
- Matomo: analytics tool, hosted on our own infrastructure. Enabled only after your consent.
- Hosting provider: [TO COMPLETE: legal name and address of the provider hosting the Premo servers, located in France.]
- Email service provider: [TO COMPLETE: name of the provider, if any.]
We may also disclose your data where required by law, upon request from a competent authority, or to establish and defend our legal rights. In the event of a merger, acquisition or sale of assets, your data may be transferred to the acquiring entity, which would remain bound by this policy.
8. Transfers outside the European Union
Our servers and those of our analytics processors are located in the European Union. In the normal operation of the Service, we do not transfer your personal data outside the EU.
Should such a transfer become necessary, it would be governed by the safeguards provided under the GDPR, in particular the European Commission's standard contractual clauses or an adequacy decision.
9. Retention periods
We keep your data only as long as necessary for the purposes pursued:
- Contact form messages: 3 years from the last contact.
- Newsletter subscription: until you unsubscribe, then deleted within 30 days.
- Account data and content (application): for the lifetime of the account, then deleted or anonymised within 30 days of its closure, unless a legal obligation requires otherwise.
- Technical logs (IP address, user-agent): 12 months maximum.
- Trackers and analytics data: 13 months for trackers, 25 months maximum for the associated data.
[TO VALIDATE: these periods follow the CNIL's recommendations. Adjust them if your actual practices differ.]
10. Security
We implement appropriate technical and organisational measures to protect your data:
- Encryption in transit: the entire Service is served over HTTPS, with an HSTS policy.
- Browser hardening: security headers (Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy).
- Access control: authentication, role and permission management, principle of least privilege.
- Hosting: infrastructure located in France, within a GDPR-compliant framework.
No method of transmission or storage is, however, 100% secure. We cannot guarantee absolute security, but we undertake to notify any data breach posing a risk to your rights, to you and to the CNIL, within the timeframes set by the GDPR.
11. Your rights
Under the GDPR and the French Data Protection Act, you have the following rights:
- Right of access: obtain confirmation that your data is processed and receive a copy of it.
- Right to rectification: have inaccurate or incomplete data corrected.
- Right to erasure: request deletion of your data, within the limits set by law.
- Right to portability: receive your data in a structured, machine-readable format.
- Right to object: object to processing based on our legitimate interest.
- Right to restriction: request the temporary suspension of a processing activity.
- Withdrawal of consent: withdraw your consent to analytics or the newsletter at any time, without affecting the lawfulness of prior processing.
- Post-mortem directives: set instructions regarding the fate of your data after your death.
To exercise these rights, write to us at contact@iolacorp.com. We respond within one month. If you believe your rights are not being respected, you may lodge a complaint with the CNIL (www.cnil.fr).
12. Protection of minors
The Service is not intended for people under 16. In France, a minor's consent to the processing of their data is only valid from the age of 15; below that age, the joint authorisation of the holder of parental responsibility is required.
We do not knowingly collect data about minors. If you believe a minor has provided us with data, contact us and we will delete it without delay.
13. Changes to this policy
We may amend this policy to reflect changes to our Service or to applicable regulations. The date of the latest update appears at the top of this page.
In the event of a material change, we will inform you by email or through a notice within the Service before it takes effect.
14. Contact us
For any question about this policy or your personal data: Dyweb — contact@iolacorp.com.
We have not appointed a Data Protection Officer (DPO), as this is not mandatory given our processing activities. Your requests are handled directly by Dyweb.