Privacy Policy

Passmate SAS, registered in France, is the data controller for personal data collected through passmate.io. Contact: contact@passmate.io – 68 chemin des Noisetiers, 38700 Le Sappey en Chartreuse, France.

We collect data you provide voluntarily (name, email, company, message via our contact form) and technical data collected through cookies with your consent (IP address, browser type, pages visited, session duration).

Contact form data: legitimate interest (responding to your inquiry). Analytics cookies (Google Analytics, Microsoft Clarity): your explicit consent. Marketing cookies: your explicit consent.

We use Google Consent Mode v2. Google Tag Manager may load before a choice is made, but analytics and marketing storage are denied by default and analytics or marketing cookies are not set until you explicitly accept. Server-side events may be sent without persistent identifiers for operational measurement. You can change your preferences at any time via the cookie banner. Categories: Necessary (session, locale, consent preference – always active), Analytics (Google Analytics 4, Microsoft Clarity – require consent), Marketing (future use – requires consent).

We share data only with: Google (Tag Manager infrastructure and Analytics/Consent Mode, with storage controlled by consent); Microsoft (Clarity – only after analytics consent); Cloudflare (CDN) – infrastructure only; Sanity (CMS) – content delivery only. We do not sell personal data.

Contact form submissions: 24 months. Analytics data: as defined by Google Analytics and Microsoft Clarity retention settings. Consent cookie: 13 months.

Under GDPR, you have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. To exercise these rights, contact us at contact@passmate.io. You also have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés), France's data protection authority.

Some data processors (Google, Microsoft, Cloudflare) may transfer data outside the EU/EEA. These transfers are protected by Standard Contractual Clauses (SCCs) or adequacy decisions as required by GDPR.