L'Adresse

Privacy Policy

Last updated: 2026-04-25

1. Who we are

L'Adresse is a restaurant concierge service distributed by Paris hotel partners. The data controller is L'Adresse SAS, contactable at privacy@l-adresse.fr.

2. What we collect

Guest sessions — anonymous: a session UUID, the hotel slug, the chosen language, the questionnaire answers, a device fingerprint hash, and the user-agent string. No name, no email, no IP is stored alongside guest sessions.
Operator accounts — login email and a bcrypt-hashed password for each hotel back-office user.
Audit log — the email, role, IP, and request ID of operators performing back-office actions, plus before/after diffs of the resources changed.

3. Why we collect it

Guest data powers the recommendation engine and analytics shown to the hotel. Operator data secures the back office and provides an auditable record of changes for compliance.

4. Retention

Guest sessions and analytics events: 90 days (TTL-enforced in MongoDB).
Audit log: 2 years in active storage, then archived.
Operator accounts: kept while the operator is active. Cleared on GDPR erasure request or when the hotel offboards.

5. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict, or port your data, and to object to processing. To exercise any of these rights, email privacy@l-adresse.fr. We respond within 30 days. You also have the right to lodge a complaint with the CNIL (France) or your local supervisory authority.

6. Sharing & subprocessors

We do not sell personal data. Subprocessors are limited to infrastructure providers (MongoDB Atlas, Render, Vercel) operating under DPAs. The list is available on request.

7. Security

Passwords are hashed with bcrypt (cost 12). Admin sessions use signed JWTs stored in httpOnly, Secure cookies. All traffic is HTTPS. Authentication is rate-limited, and every back-office action is audited.

8. Changes

We will update this policy as our data scope evolves and revise the date at the top of this page. Material changes will be communicated to active operators by email.