Shabon places the utmost importance on the protection of your personal data and the respect of your privacy. This Privacy Policy transparently informs you about the collection, use, and protection of your data.
Compliance: GDPR (EU 2016/679), French Data Protection Act (Loi Informatique et Libertés), Digital Services Act (DSA), ePrivacy Directive
1. Data Controller and Data Protection Officer
Data Controller
Simplified joint-stock company (Société par actions simplifiée)
Share capital: 19,191 euros
Paris Trade and Companies Register (RCS): 993 549 971
SIRET: 99354997100014
Registered office: 10 rue de la Paix, 75002 Paris, France
Email:
Data Protection Officer (DPO)
In accordance with Article 37 of the GDPR, Shabon has appointed a Data Protection Officer.
2. Personal Data Collected
2.1. Account levels
Bulle offers several account levels depending on the data you choose to provide and verify. Each level unlocks additional features and modifies usage restrictions. To view the features and restrictions of each level, see Section 4 of the Terms of Use.
Standard Account (mandatory)
Minimum data required upon registration:
- Identity: Username
- Contact details: Email address
- Authentication: Password (hashed and salted)
- Age: Date of birth (self-declared for protection of minors)
- Settings: Language, country
Important: Standard-level users are automatically subject to the strictest restrictions (content filtered for under-15s, usage limitations).
Verified Account (phone verification)
In addition to Standard Account data, you provide:
- Phone number: Verified via SMS code
This level unlocks access to 15+ content for users who have declared they are over 15, and additional features (reactions, content filtering).
Certified Account (full identity verification)
If you are over 16, you can certify your account through one of the two following methods, at your choice:
Option 1 — Stripe Identity (all countries): you present an official identity document (national identity card, passport, or driving licence) along with a selfie. These documents are processed exclusively by our certified provider Stripe Inc. and never transit through Bulle in clear form.
Option 2 — France Identité (French electronic national identity card): you authenticate via the official France Identité application, a public service operated by the ANTS, which securely reads your identity card. Bulle is connected to this service under a service agreement signed with the ANTS. We have chosen to request only the strict minimum: your date of birth (to verify the minimum age of 16) and an anonymous identifier specific to Bulle, which cannot be correlated with any other service.
We do not request or receive your name, given name, place or country of birth, address, email, photo, nationality, gender, or any information about your identity document.
Purposes: identity verification ensures your actual age, adjusts accessible content accordingly, and prevents the creation of multiple accounts with the same identity (protection against impersonation and ban circumvention).
Regardless of the method chosen, Bulle does not retain any civil identity data. No document, selfie, biometric data, name, given name, or place of birth is stored in our databases. Only a technical encrypted identifier, which reveals no personal information, is kept to confirm that the verification took place and to prevent the same person from opening multiple accounts.
Bulle Avenir Account (semi-professional creator)
Reserved for Certified users aged 16 or over who have been approved by the Editorial Committee as part of the Bulle Avenir Programme. Full conditions are set out in the Terms of Sale.
In addition to Certified Account data, we collect:
- Application data: Description of the editorial project, topic, motivations
- Billing data: Information related to the one-time registration fee payment (9.99 EUR), processed via distribution platforms (Apple, Google)
- Content statistics: Views, engagement, audience data
Professional Account
Reserved for invited creators and media selected by Shabon, or Bulle Avenir Creators who have progressed. Adults (verified 18 years minimum) holding a Certified Account. Remuneration requires 1,000 subscribers, of which 500 must be Certified.
In addition to Certified Account data, we collect:
- Remuneration data: Banking information (IBAN), tax data (only if eligible for remuneration)
- Content statistics: Views, engagement, audience data
Advertiser Profile (Ad Service)
Available to Certified and adult users (18 years minimum) wishing to broadcast a promotional video. Full conditions are set out in the Terms of Sale.
In addition to Certified Account data, we collect:
- Ad data: Submitted video, description, desired targeting criteria (age range, approximate geographic area, interests)
- Billing data: Information related to payment (9.99 EUR / 1,000 credits)
- Distribution statistics: Number of impressions consumed, aggregated breakdown by age range and geographic area (anonymised data)
2.2. Profile data (optional for all)
Regardless of your account level, you may enrich your profile with:
- Public profile: Profile picture, biography, interests
- Preferences: Privacy settings, notifications, theme, language
Note: This data is entirely optional and may be modified or deleted at any time from your settings.
2.3. Automatically collected data
- Technical: IP address, device type, operating system, app version, unique identifier
- Connection: Date, time, session duration, pages viewed
- Location: Approximate only, based on IP address (30 to 100 km precision depending on the geographic area). No GPS location or exact address is collected
2.4. Data generated by your use
- Content: Posts, photos, videos, comments, messages
- Interactions: Subscriptions, followers, likes, shares
- Private messages: Encrypted (see section 9.1)
- Reports: Reported content or users
3. Purposes and Legal Bases for Processing
| Purpose | Legal basis | Data concerned |
|---|---|---|
| Account creation and management | Performance of contract | Identity, contact details, authentication |
| Provision of the Service | Performance of contract | All profile data, content, interactions |
| Management of paid services (Premium subscription, Bulle Avenir registration) | Performance of contract | Identity, billing data |
| Management of the Ad Service | Performance of contract | Advertiser identity, ad content, billing data, aggregated statistics |
| Content recommendations (general-purpose algorithms) | Legitimate interest | Declared preferences (interests, language, region). No individual behavioural profiling. |
| Filtering of content and ads by interests | Consent | Declared interests, approximate location (30-100 km), age |
| Service improvement | Legitimate interest | Aggregated and anonymised statistics |
| Moderation and abuse prevention | Legal obligation + Legitimate interest | Content, reports, technical data |
| Assessment of Bulle Avenir applications | Performance of contract | Application data, identity, editorial project |
| Security and fraud prevention | Legitimate interest | Connection, technical, behaviour, approximate location (30-100 km) |
| Customer service | Performance of contract | Identity, contact details, history |
| Compliance with legal obligations | Legal obligation | All necessary data |
4. Ads, Advertising, and Personalised Recommendations
4.1. General principle
Bulle may display ads and advertising to fund the free Service. Ads appear in your video feed, filtered according to the same criteria as organic videos. Users who have subscribed to the Premium Subscription do not see any advertising or ads.
4.2. The Ad Service
The Ad Service allows Certified and adult Users to broadcast promotional videos to the Bulle community, using an impression credits system. The full conditions of the Ad Service are set out in the Terms of Sale.
4.3. How content and ad filtering works
Bulle uses a system of filtering by interests and declared criteria:
- You select your interests (cooking, sport, technology, etc.)
- You may declare an area of interest independent of your actual location (for example, you may be based in Lyon but interested in news from Toulouse)
- These preferences create a unique filter that applies to all content in your feed
- Organic videos and ads are filtered in the same way
- Advertisers may set targeting criteria (age range, approximate location, certification level, interests)
The Ad Service has been designed to fully protect Users' personal data. Here is how it works:
- Filtering entirely in-house: the matching between the Advertiser's targeting criteria and User data is performed exclusively by Shabon's servers. No third party is involved in this process.
- On-device filtering: the final filtering of ads takes place directly on the User's device (phone, tablet), based on the configured criteria. No personal data is extracted, transmitted, or exposed during this process.
- No data transmission: Advertisers never receive personally identifiable data about Users. They only have access to aggregated and anonymised statistics (total number of impressions consumed, breakdown by age range and geographic area, without any individual identification).
- No third-party cookies or trackers: no advertising cookies, tracking pixels, third-party advertising identifiers, or external tracking technology is used in connection with the Ad Service.
- Approximate location only: the location used for filtering is based on the IP address (30 to 100 km precision depending on the geographic area). The User's exact location (GPS, address) is never used, stored, or communicated to anyone.
- Data not sold: Shabon does not sell, rent, or share any of its Users' personal data with Advertisers or any other third party.
4.4. Managing your preferences
You may at any time:
- Modify your interests: Settings > Privacy > Interests
- Add or remove categories
- Refine the type of content you wish to see
- Subscribe to the Premium Subscription (3.99 EUR/month) to remove all advertising and ads
4.5. Data used and not used for filtering
- Interests declared by you (cooking, sport, technology, etc.)
- Age (declared or verified, to comply with regulations and filter inappropriate content)
- Country (to comply with local regulations)
- Approximate location (30-100 km) or declared area of interest to promote local producers and services
- Certification level (Standard, Verified, Certified)
- Name, surname, email, phone number
- Content of your private messages
- Sensitive data (health, sexual orientation, religion, etc.)
- Browsing history outside of Bulle
- Detailed behavioural data or psychological profiles
- Precise location (GPS, exact address)
4.6. GDPR compliance
- Transparency: You know exactly which interests you have selected and can modify them at any time
- User control: You choose your interests and decide what content you wish to see
- Internal processing only: Your data is NEVER sold, rented, or shared with third-party Advertisers. All processing is carried out by our servers in Europe
- Data minimisation: We only use your declared interests, your age, your country, and your approximate location, nothing more
- No tracking: We do not track your browsing behaviour or create detailed profiles
- Equal treatment: Ads and organic videos are filtered in exactly the same way
- Internal data: Advertisers never see your personal data or even that you individually viewed their ad
4.7. How it works in practice
Example: You select "cooking" and "sport" as interests.
- Your feed: You will see videos and ads related to cooking and sport
- What we do NOT do: Analyse your behaviour to guess your hidden interests, sell your profile to advertisers, track your activities outside of Bulle, or create a detailed psychological profile.
Example for an Advertiser: A local artisan submits an ad via the Ad Service and targets "cooking" + "Paris area" + "18-35 years old".
- What the Advertiser sees: "Your ad generated 847 impressions out of 1,000 credits purchased. Breakdown: 62% 18-25 years, 38% 25-35 years."
- What the Advertiser does NOT see: No names, no profiles, no addresses, no individual data of any User.
4.8. For minors and unverified users
ENHANCED PROTECTION:- Filtering by declared interests only
- Age-appropriate content (strict filtering of inappropriate ads and videos)
- No behavioural profiling or tracking, ads are random
- Prohibition of regulated products (alcohol, gambling, etc.) in ads shown to minors
5. Specific Protection of Minors
5.1. Age collection and verification
- Standard Account: Self-declared date of birth (unverified). The strictest restrictions are automatically applied.
- Verified Account: Declared date of birth, phone verification only (age remains unverified)
- Certified Account: Age verified via official identity document (Stripe Identity or France Identité). The exact age is extracted and retained to filter appropriate content. Bulle does not retain any identity document, only a unique verification identifier is stored to prevent the creation of multiple accounts.
5.2. Purposes of age processing
We use your age (declared or verified) to:
- Apply appropriate daily usage restrictions (1h30 or 3h depending on age)
- Activate appropriate curfews (11pm-7am for under-15s, midnight-6am for 15-17 year-olds, none for over-18s)
- Filter accessible content (under-15 content, 15+ content, 18+ content)
- Filter accessible ads (prohibition of regulated products for minors)
- Restrict features according to age and account level
- Verify eligibility for the Bulle Avenir Programme (minimum age 16)
- Comply with our legal obligations for the protection of minors
Legal basis: Legal obligation (protection of minors) and legitimate interest (user safety).
For full details of restrictions by age and account level, see Section 4 of the Terms of Use.
5.3. Parental consent (ages 13-14)
Minors aged 13 to 14 must obtain the consent of their parents or legal guardians. We collect:
- Parent/guardian email
- Confirmation of consent (timestamped)
- Ability for the parent to revoke consent at any time via
Retention: Parental consent is retained while the minor is aged 13 to 14, then automatically deactivated.
5.4. Usage time monitoring and curfews
To enforce the daily usage limitations and curfews described in the Terms of Use, we automatically collect:
- Timestamps of logins and logouts
- Cumulative usage duration per rolling 24-hour period
Legal basis: Legal obligation and legitimate interest (protection of minors, addiction prevention)
Retention: This data is retained for 30 days then aggregated anonymously for global statistics.
5.5. Identity verification for Certified accounts
When a user wishes to upgrade to Certified level, we use Stripe Identity and/or France Identité (French government service) for identity verification. These providers:
- Analyse the identity document (national ID card, passport, driving licence)
- Verify the document's authenticity (forgery detection)
- Compare the selfie to the identity document photo (biometric verification) or use the document's NFC chip (France Identité)
- Transmit only the verification result and date of birth to us
5.6. Enhanced protections for minors
In addition to usage restrictions, we apply:
- Priority moderation: Processing within 24 hours for reports involving minors
- Strict content filtering: Automatic blocking of sensitive, violent, or sexual content
- Limited interactions: Social features limited according to age and account level
- No behavioural profiling: Recommendation algorithms are general-purpose and identical for all users. No individual usage data is used to personalise content.
- Random advertising: Minors are not subject to any advertising profiling. Ads shown to them are random, filtered only by their declared interests, and exclude all regulated products or services (alcohol, gambling, etc.)
5.7. Specific rights of minors and their parents
- Minors aged 13-14: Parents/guardians may exercise all GDPR rights on behalf of the minor (access, rectification, erasure, objection, etc.)
- Minors aged 15-17: Parents/guardians may exercise all GDPR rights on behalf of the minor, but minors may also exercise their rights directly.
5.8. Reporting inappropriate content or suspicious behaviour
Minors, their parents, or any user may report:
- Content inappropriate for minors
- Suspicious or predatory behaviour
- Attempts to circumvent age restrictions
- Harassment or cyberbullying
Priority email:
Processing
within 24 hours maximum.
6. Data Recipients
6.1. Internal (Shabon)
Access limited to authorised personnel:
- Technical teams (maintenance, development)
- Customer service and support
- Moderation team and Editorial Committee
- Legal and compliance department
- Management
6.2. Other users
According to your privacy settings:
- Public: Username, photo, biography, public posts
- Your followers: Content shared with them
- Private interactions: Messages, comments
6.3. Service providers (GDPR sub-processors)
Partners subject to strict contractual obligations:
- Hosting: OVH (servers in France, ISO 27001 certified, GDPR compliant)
- Cloud services: Supabase on AWS Europe infrastructure (GDPR compliant)
- Identity: Stripe Identity (ISO 27001 certified, PCI-DSS, GDPR compliant) and France Identité (French government service). No identity documents are retained by Bulle.
- Payment: RevenueCat (PCI-DSS compliant)
- Phone verification: Twilio (ISO 27001 certified, GDPR compliant)
6.4. Public authorities
Only upon lawful request:
- Judicial or administrative requisition
- Protection of rights and safety
- Combating illegal content
6.5. Advertisers
- Advertisers NEVER receive your personally identifiable data
- They only see aggregated and anonymised statistics (e.g.: "847 impressions consumed, 62% 18-25 years")
- The filtering and distribution of ads is carried out entirely in-house by our servers and on the User's device
- No third-party trackers, advertising cookies, or tracking pixels on our Application
- The Advertiser does not even know individually who viewed their ad
7. Data Transfers Outside the European Union
We prioritise storage and processing within Europe. Certain service providers may be located outside the EU with appropriate safeguards.
7.1. Safeguards implemented
- Adequacy decision of the European Commission
- Certifications (Privacy Shield successor, ISO 27001, etc.)
7.2. Current transfers
- AWS (Supabase infrastructure): Europe region
- Stripe (payments): PCI-DSS certified
- Twilio (phone): ISO 27001 certified
8. Data Retention Period
| Data type | Retention period | Basis |
|---|---|---|
| Active account data | Account lifetime + 30 days | Contract |
| Published content | Until deletion + 30 days backup | Contract |
| Private messages | Until deletion + 30 days backup | Contract |
| Bulle Avenir application data | Duration of the programme + 12 months after termination | Contract + Legitimate interest |
| Ad Service data | Duration of distribution + 12 months | Contract + Legal obligation |
| Ad impression credits | 12 months after purchase (expiry) | Contract |
| Connection logs | 12 months maximum | Legal obligation (LCEN) |
| Billing data | 10 years | French Commercial Code |
| Reports/moderation | 3 years after closure | Legitimate interest |
| Litigation data | Duration of the statutory limitation period | Legal obligation |
Upon expiry, your data is permanently deleted or irreversibly anonymised.
9. Data Security
9.1. Technical measures
- Encryption: SSL/TLS for communications
- Private messages: Encrypted using an asymmetric encryption system (RSA-OAEP + AES-256-GCM). Messages are encrypted directly on the user's device before transmission and storage. They are stored in encrypted form in our databases and cannot be read in plaintext by Shabon's teams, nor processed by any algorithm. In accordance with applicable law, decryption may only occur pursuant to a judicial or administrative order issued by a competent authority, under the conditions provided by law.
- Passwords: Hashing and salting
- Testing: Regular audits, penetration tests
- Monitoring: 24/7
9.2. Organisational measures
- Regular staff training
- Principle of least privilege
- Incident management procedures
- Confidentiality clauses
- Data Protection Impact Assessments (DPIAs)
9.3. Breach notification
In accordance with Article 33 of the GDPR, in the event of a data breach likely to pose a risk to your rights:
- Notification to the CNIL within 72 hours
- Information to affected users if high risk
- Protection recommendations
10. Your Rights Regarding Your Personal Data
In accordance with the GDPR, you have the following rights:
10.1. Right of access (Art. 15 GDPR)
Obtain confirmation of processing, a copy of your data, and information about the processing operations.
10.2. Right to rectification (Art. 16 GDPR)
Correct your inaccurate or incomplete data. Directly accessible in My profile > Settings.
10.3. Right to erasure / "Right to be forgotten" (Art. 17 GDPR)
Request the deletion of your data if it is no longer necessary, you withdraw your consent, you object to the processing, the processing is unlawful, or to comply with a legal obligation.
Permanent deletion within 30 days (except for legal obligations). Cooling-off period of 7 days.
10.4. Right to restriction (Art. 18 GDPR)
Request a temporary freeze of processing in certain cases.
10.5. Right to data portability (Art. 20 GDPR)
Receive your data in a structured, readable, and interoperable format (JSON).
Available via: Settings > Privacy with us > Export my data
Timeframe: Your request will be processed within 30 days maximum. A confirmation email is sent immediately. A 24-hour security delay is applied before processing, to protect you in case of a fraudulent request (if it wasn't you, contact us within 24 hours).
10.6. Right to object and withdrawal of consent (Art. 21 & Art. 7.3 GDPR)
You may at any time object to processing or withdraw your consent, directly from the application:
- Switch to chronological mode (disables algorithmic recommendations)
- Disable geolocation (Settings > Privacy with us)
- Modify your interests and area of interest
- Manage your notification preferences
10.7. Exercising your rights
- Email:
- Post: Shabon - DPO, 10 rue de la Paix, 75002 Paris (with a copy of your identity document)
- App: Settings > About > Contact us
Response time: 1 month maximum (extendable by 2 months if complex, with notification)
10.8. Right to lodge a complaint
If you believe that your rights are not being respected, you may lodge a complaint with the CNIL:
3 Place de Fontenoy - TSA 80715
75334 PARIS CEDEX 07
Phone: +33 1 53 73 22 22
Website: www.cnil.fr
Online complaint: www.cnil.fr/fr/plaintes
11. Amendments to the Privacy Policy
We may amend this Policy at any time, in particular to comply with any regulatory, case law, or technical developments.
Notification of amendments
In the event of a substantial amendment, you will be notified by:
- Notification within the Application
- Email to the registered address
Amendments take effect 7 days after notification. Continued use constitutes acceptance. If you disagree, you may delete your account before the amendments take effect.
Version history: Available upon request to the DPO.