Privacy Policy

Effective date: June 5, 2026

Data Controller & Privacy Framework

Data Controller: AdminLanding SASU — RCS Annecy 101 595 734 — 431 Route des Chateaux, 74250 La Tour, France

Legal Bases:

  • Art. 6(1)(b) GDPR — Performance of contract (account management, service delivery, billing, and generation of the documents you request — including rental documents that contain your tenants' personal data). We do NOT rely on consent for tenant data.
  • Art. 6(1)(c) GDPR — Legal obligation (tax records, invoice retention)
  • Art. 6(1)(a) GDPR — Consent (marketing communications, analytics cookies)
  • Art. 6(1)(f) GDPR — Legitimate interest (security, fraud prevention, service improvement)

Privacy Contact: privacy@adminlanding.com

President: Julien Maurice

Sensitive Identifiers — Processed Locally

We apply a privacy-by-design approach to regulated personal identifiers such as your social security number (NIR), Swiss social insurance number (AVS/AHV), bank IBAN/BIC, tax identification number, passport number, and residence permit number. The architecture varies by document type, and we describe each case honestly below.

Most document types — client-side only.

For cross-border health insurance forms (CERFA 14445) and French health insurance CERFA forms, your NIR and AVS numbers are entered on your device and written into the final PDF's form fields entirely in your browser, using local JavaScript. Our servers fill every non-sensitive field but leave the NIR/AVS slots empty — your device fills them before you see the download. These values are never transmitted to our servers, never stored in our databases, never recorded in our logs.

For French CERFA health insurance forms specifically, the NIR and CAF number fields arrive on the PDF as empty, editable form fields. You type them directly into the PDF using Adobe Acrobat, Preview, or any PDF reader after download. Our servers never see the values.

Administrative letters (Courrier) — not collected.

For the bank-related letter templates (account closure, fee contest, transaction dispute, certificate request), bank account numbers and IBAN values for transfer are not collected by our server. If you type them into the form, the value is stripped before the letter is sent for rendering. The downloaded letter shows a blank where your number would go — you fill it in by hand on the printed copy.

Rental deposit-return letter — interim state.

One document type retains a server-side transit path as of April 2026: the rental deposit-return request letter, which embeds your refund IBAN and BIC. In this flow, the values reach our Cloud Function in memory during PDF generation, are embedded into the rendered letter, and are discarded when the function returns. They are NOT written to Firestore, NOT written to Storage under your account metadata, and NOT logged. The PDF itself is stored with a 24-hour automatic deletion TTL. We are migrating this flow to the same client-side pattern as the other documents in a future release.

What we never persist, regardless of flow.

Your NIR, AVS/AHV, CAF number, tax identification number, passport number, and residence permit number are not stored in your user profile, not included in your account export, and not written to any AdminLanding database. Our user profile form does not contain input fields for these identifiers, and the data export feature (Article 20 RGPD right to portability) defensively strips them from any legacy data.

What Data We Collect

Account Information (Required)

  • Email address (for authentication and communication)
  • Display name (for personalization)
  • Password (encrypted, never stored in plain text)
  • Account creation and last login timestamps

Profile Data (Optional)

  • Personal information for form autofill (name, address, phone, etc.)
  • Additional user profiles (legacy subscription plans)
  • Document preferences and saved templates

Usage & Technical Data

  • Device information (browser, OS, screen resolution)
  • IP address and geolocation (country level only)
  • A salted hash of your sign-up IP, kept only to prevent sign-up abuse (e.g. fraudulent free-offer farming) under our legitimate interest, and automatically purged after 90 days
  • Usage analytics (pages visited, features used, session duration)
  • Error logs and performance metrics

Rental & Tenant Data (Landlord features)

  • Property details: address, type, surface, and energy/heating/diagnostic attributes (DPE)
  • For each tenant: name, postal address, phone number, email address, and lease start/end dates
  • Lease financials: rent, charges, and deposit amounts; optional guarantor name and contact
  • This data is entered by you (the landlord) and used SOLELY to generate the rental documents you request. We never use tenant data for marketing or profiling. See « Information for Tenants » below.

Browser Extension & In-App Government-Site Assistance

  • Our browser extension and mobile guide assist you on French government websites (Ameli, CAF, impots.gouv, France Travail, ANTS, OFII and others).
  • To provide contextual guidance, the page address, title, visible text, and form field labels/values of the page you are on may be sent to our servers and to our EU AI provider. Passwords are never read or transmitted, and values are truncated and redacted before AI processing.
  • This assistance is optional and can be turned off in the extension's privacy settings. We do not capture your government-site login credentials.

How We Use Your Data

Service Operations

  • User authentication and account management
  • Form autofill and document generation
  • Documents are generated server-side using a headless browser technology. No personal data is transmitted to third parties during document generation.
  • Electronic signatures: when you use the e-signature feature, signer names and email addresses are transmitted to our EU e-signature provider (Openapi Srl, Italy, an eIDAS trust-service provider) to facilitate compliant signing, and PDF documents are transmitted for cryptographic sealing. We also store the signer names, email addresses and signing status on our EU servers for the duration of the signature request (deleted within 72 hours, or 24 hours after the document is saved to your vault).
  • AI assistant responses and guidance
  • Customer support and troubleshooting

Service Improvement

  • Analytics and usage patterns (anonymized)
  • Feature development and optimization
  • Security monitoring and fraud prevention
  • Performance monitoring and error tracking

Our Applications & Cross-Platform Storage

AdminLanding is available as a web application, as mobile applications (Guide by AdminLanding and Rent by AL), and as a browser extension. They share a single account and a single database, all hosted in the European Union.

Your account, profile and rental records are stored once in our EU database and are accessible from every AdminLanding application you sign in to. A property or tenant record you enter on one platform is therefore available and consistent on the others. This synchronization keeps your data within the same EU-hosted database; it is not sold or shared with third parties beyond the processors listed below.

Our mobile applications use Google Firebase Analytics and Crashlytics to understand usage and diagnose crashes. These may associate an app-usage identifier (and, on Android, the advertising identifier) with your account identifier. They are used for analytics and stability only, never for advertising. No advertising is shown in our applications.

In-app purchases of AI credits are processed by the Apple App Store and Google Play; the corresponding store receipt is sent to our servers to validate the purchase.

Rental Documents & Information for Tenants

If you are a landlord, our rental features let you store your property and tenant details and generate rental documents (leases, rent receipts, inventories and related letters). We process this information to perform the service you have requested (Art. 6(1)(b) GDPR — performance of contract) and not on the basis of consent. We use it solely to produce your documents and to keep your property records consistent across your devices.

Information for tenants. When a landlord uses AdminLanding, they enter personal data about their tenant(s) — name, contact details, address and lease dates — solely so the requested documents can be produced. If you are a tenant whose data has been entered by your landlord: your data is processed only to generate the documents relating to your tenancy, is stored in the EU, and is never used for marketing or profiling, nor sold. You have the rights of access, rectification, erasure, restriction, objection and portability described below. To exercise them, contact privacy@adminlanding.com or your landlord, who remains responsible for your tenancy relationship.

Landlords using AdminLanding are responsible for informing their tenants that their data is processed in this way; this section is provided to support that obligation.

Your Document Vault

Most generated documents are ephemeral and deleted automatically after 24 hours. Separately, the Vault is an optional, permanent store where you can keep selected documents. Vault documents are encrypted on your device with a key derived from your PIN before they reach our servers (zero-knowledge encryption): we cannot read their contents.

The Vault is protected by your PIN and, optionally, two-factor authentication and recovery codes. Vault documents are retained until you delete them. If you delete your account, all of your data — including your vault documents — is permanently deleted within 24 hours. The same encrypted vault is shared across the web and mobile applications.

AI Data Processing & Privacy

Privacy-First AI Processing

  • All personal data is redacted before AI processing
  • AI provider (Mistral AI, EU-based) processes only anonymized context
  • No personal information is stored by AI provider
  • AI responses are generated without accessing your profile data
  • EU-based data processing - no data transfer outside Europe

Certain features use artificial intelligence services to generate responses, explanations, and guidance for administrative procedures. No automated decisions are made without user intervention.

Data Retention & Storage

EU Data Storage

All data is stored exclusively within the European Union using Firebase (Google Cloud) EU regions. Built according to GDPR principles.

Retention Periods

  • Active accounts: Until account deletion
  • Inactive accounts: 3 years, then automatic deletion
  • Usage logs: 12 months maximum
  • Support tickets: 2 years after resolution
  • Billing and invoice records: 10 years (Art. L.123-22 French Commercial Code)
  • Rental property and tenant records: kept while your account is active and you keep the property; deleted when you delete the property/tenant or close your account
  • Generated documents (rental, tax, cross-border, patrimoine, letters): ephemeral copies are automatically deleted after 24 hours
  • E-signature signer data (names, emails, status): deleted within 72 hours of the request, or 24 hours after the document is vaulted
  • Vault documents: retained (encrypted) until you delete them
  • Account deletion: when you delete your account, all of your personal data — including rental, tenant and vault data — is permanently deleted within 24 hours

Data Portability

  • Export all your data in JSON format
  • Download generated documents and forms
  • Request data transfer to another service

Third-Party Processors & Data Sharing

Service ProviderPurposeData LocationPrivacy Status
Firebase (Google)Database, Authentication, HostingEU OnlyEU-based
CloudflareCDN, Security, DNSGlobal (EU edge nodes)DPA signed
StripePayment ProcessingEU OnlyEU-based
BrevoTransactional EmailEU OnlyEU-based
Mistral AIAI Assistant (anonymized data only)EU OnlyEU-based
Openapi SrlElectronic Signatures (eIDAS EU-SES trust service)EU (Italy)EU-based, eIDAS TSP
SentryError tracking & session replay (text masked)EU regionDPA signed
Firebase Analytics & Crashlytics (Google)Mobile app analytics & crash reportingEU / Global (Google)DPA signed
Apple App Store / Google PlayIn-app purchases (AI credits)GlobalStore DPA

All processors are bound by Data Processing Agreements (DPAs) ensuring privacy principles and data protection. Government websites that you access through our browser extension or mobile guide are independent third parties you interact with directly — they are not our processors, and your login credentials for those sites are never collected by us.

Your Privacy Rights

Right of Access (Art. 15)

Request a copy of all personal data we hold about you

Right to Rectification (Art. 16)

Correct inaccurate or incomplete personal data

Right to Erasure (Art. 17)

Request deletion of your personal data ('right to be forgotten')

Right to Portability (Art. 20)

Export your data in a machine-readable format

Right to Restriction (Art. 18)

Limit how we process your personal data

Right to Object (Art. 21)

Object to processing based on legitimate interests

How to Exercise Your Rights

  • Self-service: Use account settings for data export/deletion
  • Email request: Contact privacy@adminlanding.com with your request
  • Response time: Within 30 days (may be extended to 60 days for complex requests)
  • Complaint: Contact your national data protection authority if unsatisfied

Minimum Age

AdminLanding is intended for users aged 16 and older (15 with parental consent in France, in accordance with Article 7-1 of the French Data Protection Act). We do not knowingly collect personal data from children under 15.

If you believe a minor has provided us with data without parental consent, please contact privacy@adminlanding.com and we will delete the data.

Contact Information

Data Protection Officer

Email: privacy@adminlanding.com

Response time: 48 hours for urgent matters

General Privacy Inquiries

Email: privacy@adminlanding.com

Postal Address: AdminLanding SASU, 431 Route des Chateaux, 74250 La Tour, France

Supervisory Authority

If you're not satisfied with our response, you can lodge a complaint with the CNIL or your local data protection authority (Art. 77 GDPR):

CNIL — Commission Nationale de l'Informatique et des Libertés

3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07

Website: www.cnil.fr

Updates to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We will notify you of material changes by email and update the effective date above. Continued use of our service after changes constitutes acceptance of the updated policy.