Privacy Policy

Last updated: February 27, 2026

This Privacy Policy describes how EARNLY collects, uses and protects your personal data when you use our Service, and informs you of your rights under the General Data Protection Regulation (GDPR).

1. Data Controller

EARNLY, SAS (Simplified Joint-Stock Company)
Share capital: €10,000
SIREN: 101 724 375 — SIRET: 101 724 375 00015
VAT: FR79101724375
RCS: 101 724 375 R.C.S. Rennes
Registered office: 4 F Rue du Lieutenant-Colonel Dubois, 35000 Rennes, France
Email: contact@earnly.fr

2. Data Protection Officer

Our data protection officer is:

Maël Torset
Email: contact@earnly.fr

You may contact them for any questions regarding the collection and processing of your personal data, or to exercise your rights as described below.

3. Data Collected

We only collect data necessary for the provision of our Service:

  • First name, last name
  • Email address
  • Phone number
  • Platform activity (scans, points, rewards, visited establishments)
  • Payment data (processed by Stripe — we do not store your card numbers)
  • Technical data (IP address, device type, operating system, logs)
  • Location data (with your permission)

4. Purposes and Legal Bases for Processing

In accordance with Article 6 of the GDPR, each processing activity relies on a legal basis:

PurposeLegal basis (Art. 6 GDPR)
Managing user accounts and establishmentsPerformance of a contract (Art. 6.1.b)
Loyalty programme (points, rewards)Performance of a contract (Art. 6.1.b)
Managing subscriptions and paymentsPerformance of a contract (Art. 6.1.b) and legal obligation (Art. 6.1.c)
Platform security and maintenanceLegitimate interest (Art. 6.1.f)
Audience measurement and analyticsConsent (Art. 6.1.a) via the cookie banner
Commercial communications and notificationsConsent (Art. 6.1.a)

5. Data Recipients

Your data may be accessed by:

  • The Earnly team — platform administration and support
  • Stripe Inc. — payment processing
  • Google LLC (Google Analytics) — audience measurement (subject to your consent)
  • Functional Software Inc. (Sentry) — error tracking and performance monitoring (subject to your consent)
  • Partner establishments — limited access to data of their own customers only

We do not sell personal data to third parties.

6. Data Transfers Outside the EU

Some of our service providers are based in the United States. Data transfers to these countries are governed by appropriate safeguards in accordance with the GDPR:

  • Stripe Inc. (United States) — EU Standard Contractual Clauses (SCCs)
  • Google LLC (United States) — EU Standard Contractual Clauses (SCCs)
  • Functional Software Inc. (Sentry) (United States) — EU Standard Contractual Clauses (SCCs)

You may obtain a copy of the safeguards in place by contacting us at the address indicated above.

7. Statistical Use of Data

Collected data may be used for internal statistical purposes or shared in aggregated and anonymised form with commercial partners, in order to improve the user experience or better understand consumption trends. No personally identifiable data (name, phone, email) is shared without explicit consent.

8. Data Retention

  • Usage data: 3 years after the last activity
  • Accounting and billing data: 10 years (legal obligation — Art. L.123-22 of the French Commercial Code)
  • Contact data: deleted upon request
  • Cookies: 13 months maximum (CNIL recommendation)

9. Cookies

Our website uses essential and optional cookies. For details about the cookies used, their purposes and retention periods, please refer to our Cookie Policy.

You may change your cookie preferences at any time via the consent banner accessible at the bottom of the page.

10. Your Rights

Under the GDPR (Articles 15 to 22), you have the following rights:

  • Right of access — obtain a copy of your personal data
  • Right to rectification — correct inaccurate or incomplete data
  • Right to erasure — request the deletion of your data
  • Right to restriction — restrict the processing of your data
  • Right to object — object to the processing of your data
  • Right to data portability — receive your data in a structured format
  • Right to withdraw consent — at any time, where processing is based on your consent (Art. 7.3 GDPR), without affecting the lawfulness of processing carried out before the withdrawal

To exercise your rights, contact our data protection officer:

contact@earnly.fr

We will respond to your request within one month of receipt.

11. Right to Lodge a Complaint with CNIL

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the French Data Protection Authority (Commission Nationale de l'Informatique et des Libertés — CNIL):

CNIL

3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France

Phone: +33 1 53 73 22 22

Website: www.cnil.fr

Online complaint form: www.cnil.fr/en/plaintes

12. Changes to This Privacy Policy

We may update this Privacy Policy at any time. In case of substantial changes, we will inform you by email or via the application at least 30 days before the changes take effect. The "Last updated" date at the top of this page will be updated accordingly.

13. Contact Us

For any questions about this policy or your personal data:

Email: contact@earnly.fr

Company: EARNLY, SAS — Share capital: €10,000

Address: 4 F Rue du Lieutenant-Colonel Dubois, 35000 Rennes, France

Privacy Policy - Earnly | Earnly