⟵ ONESHOTLY

Privacy Policy

Last updated: June 2026

1. Who We Are

OneShotly is operated by DIGITALYA (France), acting as data controller for the personal data processed through this website.

2. Data We Collect

• Email address — collected at checkout, used to deliver your module and provide order access.
• Order details — party size, level, tier, purchase amount, currency, and generated module title.
• Payment data — processed entirely by Stripe. We never see or store your card number.

3. Why We Process Your Data

• To generate and deliver your purchased module (contract performance).
• To provide access to your order history via secure email links (contract performance).
• To handle refunds and support requests (contract performance & legal obligation).
• To comply with accounting and tax obligations (legal obligation).

We do not send marketing emails unless you explicitly opt in. We do not sell your data.

4. Processors & Transfers

We rely on the following processors: Stripe (payments), Supabase (database & file storage), Brevo (transactional email), Hostinger (hosting), and Anthropic (AI content generation — only your party parameters are transmitted, never your personal details).

5. Retention

Order records are kept for the durations required by French commercial and tax law (up to 10 years for accounting records). Magic link tokens expire after 15 minutes and are single-use.

6. Your Rights

Under the GDPR, you have the right to access, rectify, erase, restrict, and port your personal data, and to object to certain processing. To exercise these rights, contact modules@oneshotly.app. You may also lodge a complaint with the CNIL (cnil.fr).

7. Cookies

OneShotly uses no advertising or analytics cookies. Only strictly necessary technical elements (such as Stripe's payment session) are used during checkout.