SKAP logo

SKAP Privacy Policy

Last updated: 15/01/2026

Service name: SKAP

Data controller: TexturingXYZ SARL (the “Company”, “we”, “us”, “our”)

Contact: [email protected]

Company information:

TexturingXYZ SARL

Registered in Toulouse, France

SIRET: 81944755800027

VAT: FR03819447558

Registered office: 71 rue ampère, 31670 Labège, FRANCE

This Privacy Policy explains how we collect, use, store, and protect personal data when you use SKAP. It is provided in accordance with the European General Data Protection Regulation (GDPR) and the French Data Protection Act, under the supervision of the CNIL. (CNIL)

By using the Service, you acknowledge having read and understood this Privacy Policy.

1. Roles under GDPR

Depending on the context, TexturingXYZ SARL may act as:

  1. Data controller for personal data related to SKAP accounts, billing, customer support, and service operations.
  2. Data processor for files and content you upload for processing, when we process such data strictly on your instructions to provide the Service. (European Data Protection Board)

2. Personal Data We Collect

2.1 Account and Service Data

When you register or use SKAP, we collect and store:

  • first name and last name
  • email address
  • account login data through one time password authentication
  • credits balance and usage
  • job history and processing metadata
  • payment history (excluding card details)

This data is stored in Supabase.

2.2 Payment Data

Payments are handled by Stripe through embedded Stripe Checkout. We do not store your card number or banking data. Stripe acts as an independent controller for payment data under its own privacy policy.

2.3 Uploaded Files and Results

You may upload files for processing and receive Resulted Maps. These files may contain personal data if you include any. We do not seek to identify individuals inside your uploaded content and you remain responsible for its legality and compliance.

3. Purposes of Processing and Legal Bases

We process personal data only for legitimate purposes and under valid GDPR legal bases. (CNIL)

Purpose Data involved Legal basis
Provide and operate SKAP, authenticate users, run job processing Account data, jobs metadata Performance of a contract (GDPR Art. 6.1(b))
Credit purchase, invoicing, payment tracking Identity and billing data, payment history Performance of a contract, legal obligation
Customer support and communication Email, account data, job identifiers Performance of a contract, legitimate interest
Security, fraud prevention, integrity of systems Logs, access data, abuse signals Legitimate interest (Art. 6.1(f))
Service improvement and reliability Usage analytics, error logs Legitimate interest, with minimization

You may object to processing based on legitimate interest as described in Section 9.

4. Storage Locations and Infrastructure

SKAP operates entirely on Amazon Web Services (AWS). Processing and storage may involve services including Amazon S3 and EC2. (Amazon Web Services, Inc.)

Supabase hosts our account database. Stripe hosts payment flow.

We do not sell personal data and we do not use SKAP inputs or outputs to train AI models.

5. Data Retention

We retain data only as long as necessary for the purposes described.

5.1 Uploaded Files and Resulted Maps

  • Uploaded customer files are stored on S3 for 7 days after upload.
  • Resulted Maps are stored on S3 for 30 days after generation.

After these periods, content may be permanently deleted.

5.2 Account Data

Account data is retained while your account is active. After account closure, we may retain limited data as required:

  • invoices and payment history for legal and accounting obligations
  • records needed for dispute handling or security, within statutory limitation periods

Retention decisions follow GDPR minimization and purpose limitation principles.

6. Recipients and Subprocessors

We share personal data only with trusted providers necessary to operate SKAP:

  • AWS for hosting, storage, compute and delivery
  • Supabase for user database and OTP authentication
  • Stripe for payment processing
  • Email delivery systems through AWS SES for service emails

Each provider processes data under contractual safeguards consistent with GDPR, including AWS’s GDPR Data Processing Addendum.

We may disclose data if required by law, court order, or a valid request from a competent authority.

7. International Transfers

Some subprocessors, especially AWS and Stripe, may process data outside the European Economic Area. In such cases, transfers are governed by appropriate safeguards, including Standard Contractual Clauses or equivalent mechanisms recognized by the European Commission, as reflected in provider DPAs.

8. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

  • encryption in transit and at rest where supported by our providers
  • strict access control and least privilege principles
  • job isolation in cloud processing environments
  • logging, monitoring, and abuse prevention
  • limited retention windows for uploaded content

No system is perfectly secure, but we continuously improve protections in line with GDPR expectations.

9. Your Rights

Under GDPR, you have the right to:

  • access your personal data
  • correct inaccurate data
  • request erasure where legally applicable
  • restrict processing
  • object to processing based on legitimate interest
  • request portability of your data
  • withdraw consent where processing is based on consent

To exercise your rights, contact us at [email protected]. We may request proof of identity to protect your account.

If you believe your rights are not respected, you can lodge a complaint with the CNIL. (CNIL)

10. Customer Responsibility for Uploaded Content

You control the content you upload. You agree not to upload personal data unless:

  • you have a lawful basis to do so, and
  • such data is necessary for your intended processing

You are responsible for ensuring compliance with privacy, confidentiality, and security obligations related to your own content. We act solely as processor for uploaded files when processing them to provide the Service.

11. Cookies and Tracking

SKAP may use strictly necessary cookies or similar technologies for:

  • login sessions
  • security
  • service functionality

If we implement analytics or marketing cookies in the future, we will provide a consent mechanism in compliance with CNIL guidance.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be published on our website.

Material changes will be communicated by email or inside the Service. Continued use of SKAP after publication means you accept the revised policy.

13. Contact

For any privacy questions or to exercise your GDPR rights, contact:

TexturingXYZ SARL

Email: [email protected]

Address: 71 rue ampère, 31670 Labège, FRANCE