← Back Français

Privacy Policy

Last updated: 2 June 2026

1. Data controller

The data controller is the publisher of myComptee (personal, non-commercial project). Contact: admin@mycomptee.com.

2. Data we collect

  • Account data: name, email address, sign-in provider (email/password, Google, Apple, Microsoft).
  • Financial data you enter: accounts (name, bank, IBAN, alias), transactions (amounts, dates, payees, categories, notes), transfers, recurrences, reconciliations, attachments.
  • Technical data: IP address, browser/device type, access logs and the security activity log.

3. Purposes

  • Provide and improve the account-management service.
  • Authenticate users and secure access.
  • Enable joint-account sharing and related notifications (invitations, due dates).
  • Ensure security, fraud prevention and technical diagnostics.

4. Legal basis

Processing is based on performance of the contract (providing the service) and on your consent at sign-up. myComptee sends no marketing email and does no advertising profiling.

5. Encryption & security

  • Encryption at rest: your sensitive data (name, email, account names, IBAN, payees, notes, attachments) is encrypted in the database (AES-256-CBC + HMAC-SHA256). Even on unauthorized database access, it stays unreadable.
  • Encryption in transit: all communication uses HTTPS (TLS).
  • Authentication: signed JWT tokens; passwords hashed (bcrypt); SSO via trusted providers.
  • Automatic backups and restricted server access (SSH key, no public database access).

6. Hosting

Data is hosted by OVH SAS (2 rue Kellermann, 59100 Roubaix, France), in data centers located in the European Union.

7. Retention

  • Account and financial data: until you delete your account.
  • Security activity log: 365 days.
  • Technical logs: 12 months maximum.

8. Data sharing

Your data is never sold. It is shared only with:

  • other members of your shared accounts (data of those accounts only);
  • SSO identity providers (Google, Apple, Microsoft) for authentication;
  • OVH for hosting and backups;
  • icon services (DuckDuckGo, site favicons) to display a payee's logo from its domain — no personal or financial data sent, only the merchant's public domain name.

9. Cookies

myComptee uses only essential technical means (local storage for session and language preference). No advertising or tracking cookies.

10. Your rights (GDPR)

  • Access, rectification (from your profile), erasure (delete account in the app), portability, objection.

To exercise these rights: admin@mycomptee.com. You may also lodge a complaint with the French DPA (CNIL): cnil.fr.