Privacy Policy

Effective date: 31 August 2025

1. Who We Are (Data Controller)

Koterie Studio EURL (operating as “Koterie”) is the data controller for personal data processed via the Koterie website and platform.

  • Address: 11 Rue Gavarni, 75116 Paris, France
  • Email (privacy contact): contact@koterie.club
  • RCS Paris: 990 026 346 — SIRET: 990 026 346 00017 — VAT: FR63 990026346
  • Data Protection Officer (DPO): Not appointed

2. Scope

This Policy explains how we collect, use, share, store, and protect personal data when you browse our site, create an account, buy tickets, subscribe to Insider, attend events (including Petit Tablées), use in-platform Chat, or receive our emails. The original version is in French; in case of conflict, the French version prevails.

3. What Data We Collect

  • Profile data: first name, last name, date of birth (for 18+ eligibility), current location, hometown, industry, profession, interests, social media handles, intentions, and responses to questions.
  • Account & usage: login details, account settings, event RSVPs/attendance history, hosting submissions (including Petit Tablée reservation proof), in-platform Chat messages.
  • Transactions: subscription tier, ticket purchases, amounts, currency, payment status, last 4 digits/card brand (from Stripe). We do not store full card numbers.
  • Device & logs (Cloudflare): IP address, approximate location (country/city), user-agent, referrer, timestamp, request/response metadata, security and performance signals (e.g., bot/fraud indicators).
  • Emails: transactional emails (via Resend) and marketing newsletters (via Flodesk), plus your preferences/unsubscribe status.
  • Media: photos/videos captured at events (see §9).
  • Special categories: we do not intentionally collect sensitive data. If you voluntarily share dietary notes for a venue, we use it only for the event and do not retain it longer than necessary.

4. Why We Use Your Data (Purposes & Legal Bases)

  • Provide the Services (accounts, tickets, Insider, event management, Chat): contract necessity (GDPR Art. 6(1)(b)).
  • Payments & invoicing (via Stripe), bookkeeping: contract necessity and legal obligation (Art. 6(1)(b),(c)).
  • Security, fraud prevention & performance (Cloudflare logs, abuse handling, moderation): legitimate interests (Art. 6(1)(f)).
  • Service emails (confirmations, updates, changes): contract necessity (Art. 6(1)(b)).
  • Marketing emails (newsletters, invitations via Flodesk): consent (Art. 6(1)(a)); you can withdraw consent anytime.
  • Event imagery (photos/videos): consent provided by attending the event (see §9). You may withdraw consent at any time; withdrawal does not affect prior lawful use.
  • Analytics/cookies (if added in future beyond essential Cloudflare): consent via our cookie banner.

5. Who Processes Your Data (Processors & Recipients)

  • Cloudflare, Inc. — hosting/CDN, security & performance logs.
  • Stripe, Inc. — payment processing (SCA, fraud prevention). Koterie receives limited payment metadata only.
  • Resend, Inc. — transactional email delivery.
  • Flodesk, Inc. — marketing email delivery and subscriber management.
  • Event partners/venues: only what is necessary to run an event (e.g., headcount and first names). We do not share your direct contact details.
  • Authorities or advisors: where required by law or to protect rights/safety.

6. Hosts & Attendee Details

For Petit Tablées and other member-hosted meet-ups, communication happens inside the Platform. Hosts do not receive attendee emails or phone numbers. We may show first names and reservation status for coordination.

7. International Transfers

Some providers (Cloudflare, Stripe, Resend, Flodesk) may process data outside the EU/EEA (e.g., USA). Where transfers occur, we rely on Standard Contractual Clauses (SCCs) and appropriate safeguards. We also implement technical and organizational measures (e.g., TLS, access controls). You can contact us for details.

8. Data Retention

  • Profile & account: kept while your account is active; deleted upon request or after prolonged inactivity (e.g., 24 months), unless retention is required by law.
  • Event & Chat history: retained while your account is active; limited safety logs may be kept up to 12 months after deletion.
  • Marketing (no purchase): up to 3 years from last interaction or until you unsubscribe.
  • Contracts & invoices: 10 years (French accounting rules).
  • Security logs (Cloudflare): typically up to 12 months.
  • Reservation proofs (Petit Tablées): only as long as needed to validate the event (typically 30–90 days post-event).

9. Photos & Video at Events

By attending a Koterie event, you consent to being photographed/filmed and to Koterie using such imagery for community documentation and promotional purposes (website, social media, newsletters). You may withdraw consent at any time by telling a host on site or contacting us at contact@koterie.club. Where feasible, we will stop using future imagery and take reasonable steps to remove prior content under our control.

10. Cookies & Similar Technologies

  • Essential cookies (Cloudflare) for security, routing, and performance — always active.
  • Non-essential cookies (analytics/marketing) — currently not used; if we add them, we will request your consent via our cookie banner and list details in our Cookie Notice.

You can manage consent any time through the banner or your browser settings. See our Cookie Notice for details.

11. Marketing Communications

Transactional emails (e.g., confirmations, updates) are sent via Resend and do not require consent. Marketing emails (newsletters, invites) are sent via Flodesk with your consent (or soft opt-in where permitted). You can unsubscribe at any time via the email link or by contacting us.

12. Your Rights (GDPR)

You have the right to access, rectify, erase, restrict, or object to processing of your personal data, and to data portability. You may withdraw consent at any time (without affecting lawfulness before withdrawal). You may also set instructions for your data after death (French “droit à la mort numérique”).

To exercise your rights, email contact@koterie.club. We may need to verify your identity. You can lodge a complaint with the CNIL at www.cnil.fr.

13. Children

Our Services are for adults (18+). We do not knowingly collect data from minors. If you believe a minor has provided data, contact us and we will delete it.

14. Security

We use appropriate technical and organizational measures (TLS encryption in transit, access controls, least-privilege, monitoring). No method is 100% secure; we act promptly on suspected incidents and, where required, notify authorities and affected individuals.

15. International Users

We are established in France. If you access the Services from outside the EU/EEA, your data may be processed where our providers operate, under safeguards described in §7.

16. Changes to This Policy

We may update this Policy to reflect legal, technical, or business changes. We will post updates here and, where appropriate, notify you by email or in-app. Continued use after the effective date means you accept the changes.

17. Contact

Questions or requests: contact@koterie.club