EdenPersona.com Privacy Policy

At EdenPersona.com, we respect your privacy and are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR). This policy explains how we collect, use and protect your data.

1. Data Controller

The controller of your personal data is:

Digital Nomad Family LP
5 South Charlotte Street
Edinburgh, EH2 4AN
Scotland, United Kingdom
Registration number: SL034590
Email: legal@edenpersona.com

2. Data Collected and Legal Bases

2.1 Account Data

• Data collected: Email, username, password (hashed), language preferences
• Legal basis: Contract performance (Article 6.1.b GDPR)
• Purpose: Account creation and management, authentication
• Retention: Contract duration + 3 years (limitation)

2.2 Persona Data

• Data collected: Product/service information, generated personas, customizations
• Legal basis: Contract performance (Article 6.1.b GDPR)
• Purpose: Provision of persona generation service
• Retention: Contract duration + 1 year

2.3 Integration Data

• Data collected: Access tokens, synchronized data (HubSpot, WooCommerce)
• Legal basis: Explicit consent (Article 6.1.a GDPR)
• Purpose: Enriching personas with your data
• Retention: Until consent withdrawal

2.4 Google Data Usage

When you connect your Google account to EdenPersona, we access the following data:

• Google Sheets Data: We read data from Google Sheets that you explicitly select through our Google Picker interface. This includes spreadsheet content, cell values, and sheet names.
• Drive File Access: We access only Google Sheets files that you have explicitly selected or opened with our application. We do not access other files in your Google Drive.
• Access Tokens: We securely store encrypted access and refresh tokens to maintain your connection to Google services.

Two ways we use your Google Sheets data:

• Classic Personas: Manual creation where you select specific sheets via our picker interface for one-time persona generation
• Dynamic Personas: Automatic creation where our system processes multiple connected sheets in the background to create and update personas automatically

How we use your Google data:

• To read and process data from your selected Google Sheets for persona creation
• To synchronize your business data with our persona generation algorithms
• To provide you with enriched, data-driven personas based on your actual business information
• To automatically create and update Dynamic Personas through background processing
• To enable multi-source analysis combining Google Sheets with other data sources (HubSpot, WooCommerce)

Data protection:

• We only access Google Sheets that you explicitly select through our secure picker interface
• We do not store the actual content of your Google Sheets on our servers
• We process your Google data only for the purpose of creating personas and do not share it with third parties
• You can revoke our access to your Google data at any time through your Google account settings or by disconnecting the integration in your EdenPersona account

Compliance with Google policies: EdenPersona uses Google user data in accordance with the Google API Services User Data Policy, including the Limited Use requirements. We only access spreadsheets to generate personas that you request, never use your Google data for advertising, and do not share it with any third party.

Revocation and deletion: When you disconnect Google Sheets from EdenPersona, we immediately revoke our token and delete encrypted access and refresh tokens within 24 hours. Derived persona insights remain in your account but contain only aggregated information without any raw Google Sheets content.

Legal basis: Explicit consent (Article 6.1.a GDPR) - you explicitly authorize us to access your selected Google Sheets

Retention: Access tokens are retained until you disconnect the integration. We do not retain copies of your Google Sheets data.

2.5 Usage Data

• Data collected: Connection logs, feature usage, performance
• Legal basis: Legitimate interest (Article 6.1.f GDPR)
• Purpose: Service improvement, security, technical support
• Retention: 12 months maximum

3. Sharing and Transfers

3.1 Processors

We share your data with the following processors:

• OpenAI - AI content generation (United States, standard contractual clauses)
• Stripe - Payment processing (Ireland, adequacy decision)
• Google Analytics - Audience analysis (United States, with your consent)
• PythonAnywhere - Hosting (EU, servers in Germany)

3.2 International Transfers

Transfers to the United States are governed by standard contractual clauses approved by the European Commission. You can obtain a copy by contacting us.

4. Your GDPR Rights

In accordance with GDPR, you have the following rights:

4.1 How to Exercise Your Rights

5. Data Security

We implement appropriate technical and organizational measures:

• Data encryption in transit (HTTPS/TLS)
• Encryption of sensitive data in database
• Secure authentication (hashed passwords)
• Restricted data access (principle of least privilege)
• Encrypted automatic backups
• Complete audit trail of data access

6. Cookies and Trackers

We use the following cookies:

Type	Purpose	Duration	Legal basis
Strictly necessary cookies	Authentication, session	Session	Legitimate interest
Analytical cookies	Google Analytics	24 months	Consent
Functional cookies	Language preferences	12 months	Legitimate interest

Manage my cookies

7. Data Breaches

In case of a personal data breach likely to pose a risk to your rights and freedoms, we will notify you within 72 hours in accordance with Article 34 of GDPR.

8. Complaint Rights

You have the right to lodge a complaint with the competent supervisory authority:

• United Kingdom: Information Commissioner's Office (ICO)
• France: Commission Nationale de l'Informatique et des Libertés (CNIL)
• Or your national authority

9. Changes

This policy may be modified. Important changes will be notified by email and on the site. Last modification date indicated at the top of this page.

10. Contact