Privacy Policy

Last updated: June 2026

At Cockpit Signature, we take the protection of your personal data very seriously. This policy explains what data we collect, why, how we use it, and what your rights are. It applies to all users of the cockpitsignature.com website and the Cockpit Resto application.

1. Who Are We?

Candice Obadia — Cockpit Signature
Sole proprietor — micro-entrepreneur scheme (BNC)
SIRET: 93987414500013
Email: contact@cockpitsignature.com

As data controller, Cockpit Signature decides how your personal data is collected and used.

2. What Data Do We Collect?

Data You Provide Directly

  • During registration: first name, last name, email, restaurant name, city, type of establishment, chosen plan
  • When using the app: management data entered manually (revenue, schedules, purchases, notes, tasks, etc.)
  • When contacting us: message, phone number if you call us
  • During payment: payment data is processed directly by Stripe — we do not store your card number

Data Collected Automatically

  • Browsing data: pages visited, session duration, IP address, browser type
  • Functional and analytics cookies (see section 8)
  • Application performance data

Data from Your Connected Tools

  • Data synced from Zelty (revenue, orders)
  • Data synced from Pennylane (purchases, expenses)
  • Data synced from Combo (schedules, payroll costs)

This data remains yours. We only import it to power your cockpit.

3. Why Do We Use Your Data?

Legal Basis: Performance of Contract

  • Create and manage your account
  • Provide features according to your plan
  • Process your payments via Stripe
  • Provide customer support

Legal Basis: Legitimate Interest

  • Improve application features
  • Analyze usage to fix bugs
  • Send you communications about important account updates

Legal Basis: Consent

  • Send you marketing emails and tips (newsletter) — you can unsubscribe at any time
  • Use non-essential analytics cookies

4. Who Has Access to Your Data?

We never sell your data. We only share it with:

SubprocessorRolePolicy
StripePayment processingstripe.com/en/privacy
AnthropicPowers Sabine, the AI assistant integrated into the app (Claude API)anthropic.com/privacy
NetlifyHosting of the Cockpit Resto applicationnetlify.com
SupabaseStorage of application datasupabase.com/privacy
InfomaniakHosting of the marketing websiteinfomaniak.com
ResendSending of transactional emailsresend.com/privacy

All our subprocessors are contractually required to respect the confidentiality and security of your data.

5. Artificial Intelligence — Sabine

The Cockpit Resto application includes Sabine, an automated analysis assistant powered by AI. Sabine uses the Claude API developed by Anthropic (PBC, San Francisco, USA) to analyze your data and provide management suggestions.

Data transmitted to Anthropic in this context is subject to their privacy policy (anthropic.com/privacy). Anthropic does not use it to train its models under API contracts.

In accordance with the European Regulation on Artificial Intelligence (AI Act, EU 2024/1689), Sabine is classified as a minimal-risk AI system. Each analysis is clearly identified as AI-generated within the interface.

6. Transfers Outside the European Union

Some of our providers (Stripe, Anthropic, Netlify, Supabase) are based in the United States. These transfers are governed by the European Commission’s Standard Contractual Clauses, in accordance with the GDPR.

7. Retention Period

  • Active account data: for the entire duration of your subscription
  • After cancellation: retained for 90 days, then permanently deleted
  • Billing data: 10 years (legal accounting obligation)
  • Browsing logs: 13 months maximum

8. Your Rights

  • Right of access: obtain a copy of your data
  • Right of rectification: correct inaccurate data
  • Right to erasure: request deletion of your data (see /suppression-donnees)
  • Right to portability: receive your data in a structured format
  • Right to object: object to certain processing
  • Right to restriction: temporarily suspend processing

To exercise these rights: contact@cockpitsignature.com — response time of 30 days maximum. In case of an unresolved dispute, you can contact the CNIL (www.cnil.fr).

9. Cookies

Strictly Necessary Cookies

Session, authentication — cannot be disabled.

Analytics Cookies

Google Analytics 4, Google Search Console, Meta Pixel — activated only after your consent. You can change your preferences at any time via the consent banner.

10. Security

We implement appropriate technical and organizational measures: encryption of data in transit (HTTPS/TLS), restricted access to production data, regular backups (Supabase Pro — 30 days of snapshots + PITR), role-based access management, two-factor authentication on all platforms.

11. Changes to This Policy

We may update this policy. In the event of a substantial change, you will be notified by email or through the application. The date of the last update is indicated at the top of the page.

12. Contact

contact@cockpitsignature.com
Cockpit Signature — Candice Obadia