Privacy Policy

Version dated May 1, 2026 — applicable to all Showtime users.

1. Data controller

The data controller is Showtime SAS, a French simplified joint-stock company (SAS) domiciled in Paris, France. You can contact us at privacy@showtimeplanning.com.

2. Data we collect

We collect only the data necessary to provide the service:

• Account data: name, email address, hashed password, role and organisation membership.
• Usage data: media plans, campaigns and waves you create, activity logs (login timestamps, plan edits).
• Technical data: IP address, browser user-agent, device trust tokens (stored as irreversible hashes).
• Communication preferences: newsletter opt-in / opt-out choice.
• Billing data: handled exclusively by Stripe — we store only a Stripe customer ID reference. We never see or store your payment card details.

3. Legal basis for processing

• Contract performance: account management, plan storage, authentication.
• Legitimate interest: security logging, fraud prevention, product analytics.
• Consent: newsletter and marketing communications (you can withdraw at any time from your profile settings).

4. How we use your data

• Authenticating you and securing your account (including MFA and trusted device management).
• Storing and syncing your media plans, campaigns and settings.
• Sending transactional emails (invitations, password reset, MFA codes).
• Sending product updates and newsletters if you have opted in.
• Billing and subscription management via Stripe.
• Detecting and investigating security incidents.

5. Data retention

We retain your data for as long as your account is active. If you delete your account, your personal data is erased within 30 days, except where longer retention is required by applicable law (e.g. billing records: 10 years under French accounting rules). Activity logs are retained for 12 months.

6. Third-party processors

We share data only with the following processors, each bound by GDPR-compliant data processing agreements:

• Supabase — database hosting (EU region).
• Stripe — payment processing.
• Resend — transactional email delivery.
• Google — optional Google Drive / Sheets integration (when you connect your Google account).

We do not sell your data to any third party.

7. International transfers

All primary data is stored within the European Union. Where processors operate outside the EU, transfers are governed by Standard Contractual Clauses (SCCs) as approved by the European Commission.

8. Cookies and local storage

Showtime does not use tracking or advertising cookies. We use the browser's localStorage solely to:

• Maintain your login session.
• Store a trusted-device token (hashed SHA-256 on the server side) so you are not prompted for MFA on recognised devices.

No cross-site tracking or fingerprinting takes place.

9. Your rights (GDPR)

As a data subject under the GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate data (you can update most information directly in your profile).
• Erasure — request deletion of your account and personal data.
• Restriction — ask us to stop processing your data in certain circumstances.
• Portability — receive your data in a machine-readable format.
• Objection — object to processing based on legitimate interest.
• Withdrawal of consent — opt out of newsletters at any time from your profile.

To exercise any of these rights, contact us at privacy@showtimeplanning.com. We will respond within 30 days.

You also have the right to lodge a complaint with the French data protection authority: CNIL — www.cnil.fr.

10. Security

We apply industry-standard security measures: passwords are hashed with bcrypt, MFA codes are short-lived and hashed, trusted-device tokens are stored as SHA-256 hashes, and all data is transmitted over TLS. Access to production data is restricted to authorised personnel only.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or via an in-app notification. Continued use of Showtime after the effective date constitutes acceptance of the updated policy.

12. Contact

For any questions or requests regarding your personal data: privacy@showtimeplanning.com