Privacy Policy

This policy explains what personal data Le Mien (“we”, “us”) collects, why, and your rights under the EU General Data Protection Regulation (GDPR). It is written plainly for our public beta and may be refined before paid plans launch.

Who we are (data controller)

The data controller for Le Mien is Le Mien (operating entity being registered before public launch), Brussels, Belgium (enterprise no. to be published at launch; VAT to be published at launch), an independent service operated from Brussels, Belgium. For any data-protection question the controller can be reached at privacy@lemien.me.

What we collect

Your email address; the answers to your personalisation questions (which can include topic interests, tone, reading preferences, city/country and language); your subscription and billing status; and basic technical logs needed to run and secure the service. It is encrypted in transit (HTTPS) and, where applicable, at rest. We never sell or rent your data, and never use it for third-party advertising.

Why we use it (legal basis)

To compose and deliver your daily edition, to manage your subscription, and to contact you about the service. The legal bases are performance of our contract with you and your consent, which you may withdraw at any time.

Who processes it

We rely on a small set of providers acting as processors on our behalf: hosting (Vercel), database (Supabase), payments (Stripe), email delivery (Resend), privacy-friendly analytics (Plausible, when enabled — no cookies, no personal profiles), web fonts (Google Fonts, served from Google’s CDN), and edition generation (Anthropic). Each processes data only as needed to provide its function. Your data is not used to train any AI model. Our emails include a single invisible pixel that tells us only whether an edition was opened (never what you read, just open/not) so we can gauge whether the writing is worth your time; you can stop all emails at any time from your account to disable it, or read every edition on the web instead.

International transfers

Some processors (e.g. our AI and payment providers) may process data outside the EU/EEA, including in the United States. Where they do, transfers rely on appropriate safeguards such as the EU Standard Contractual Clauses or an adequacy decision.

How we protect your password

We never store your password in a readable form. The moment you create it, it is converted by a one-way cryptographic hash (bcrypt), which is designed not to be reversible back into your password — so it is never kept in plain text and our team cannot read it. We follow modern security practices, and because passwords are hashed this way, even a database leak would not expose usable passwords; choosing a strong, unique password strengthens this further. If you forget it, you don't recover it; you set a new one via a reset link. We will never ask for your password by email or message.

How long we keep it

We keep your account data while your account is active. We practise data minimisation: your editions are kept only for today and yesterday and deleted automatically every hour; engagement signals for up to 90 days; technical logs for up to 30 days. After you delete your account, your data is removed within 30 days, except records we must keep for legal or accounting reasons (e.g. billing). You can ask us to delete your account and data at any time.

Your rights

You have the right to access, correct, export, or delete your data, and to object to or restrict its processing. To exercise any of these, email privacy@lemien.me. You may also lodge a complaint with the Belgian Data Protection Authority.

Contact

Questions about this policy: privacy@lemien.me.