Privacy Policy

Account data: your email address, name (if provided), authentication method (email/password, Google OAuth, magic link), preferred locale, and timestamps of account creation and last login.

Audit log events: the events you send us via the SDK or API on behalf of your own users. These may contain your end-users' identifiers, email addresses, IP addresses, user agents, and custom metadata you choose to include.

Billing data: your Stripe customer ID, subscription status, plan, billing period. We never see or store your payment card details, those are handled directly by Stripe.

Technical data: IP address and user agent when you access the dashboard, used for security and debugging purposes and retained for 30 days.

To provide you with the Service you subscribed to: storing, searching, and exporting your audit log events.

To authenticate you and secure your account against unauthorized access.

To bill you and manage your subscription via Stripe.

To send you transactional emails (verification, magic links, quota warnings, subscription confirmations). We do not send marketing emails unless you explicitly opt in.

To comply with our legal obligations (accounting, tax, responding to lawful requests from authorities).

To improve the Service in an aggregated and anonymized way.

Contract performance: providing the Service you subscribed to, including account management and billing.

Legitimate interest: protecting our infrastructure from abuse, improving the Service, and preventing fraud. We balance these interests against your rights and freedoms.

Legal obligation: accounting records, tax reporting, and responses to lawful requests from authorities.

Consent: for any processing not covered by the above, we ask for your explicit consent and you can withdraw it at any time.

Your data is accessed only by Recalled staff strictly when needed for support, billing, or security.

We use the following sub-processors to operate the Service: Stripe (billing), our infrastructure (storage), our SMTP provider for transactional emails, Umami analytics.

All sub-processors are bound by data processing agreements compliant with GDPR Article 28. A complete and up-to-date list of sub-processors is available on request at contact@recalled.dev.

Account data: kept for the duration of your subscription plus 30 days after termination for data export, then permanently deleted or anonymized.

Audit log events: kept according to your plan's retention setting (7 days on Free, 90 days on Starter, 1 year on Pro, unlimited and configurable on Scale). After this period, events are permanently deleted.

Beyond your plan's retention window, events are removed from Recalled with no recovery option. CSV and JSON exports remain available from the dashboard and the API at any time, before or after retention expires for events still on disk, so you can archive them yourself if you need to keep an audit trail beyond your plan's window. The Scale plan offers unlimited retention for compliance frameworks (SOC 2, ISO 27001, PCI-DSS) that require long-term log preservation.

Billing data: kept for 10 years to comply with French accounting law.

Technical logs (dashboard access): kept for 30 days, then purged.

All data is hosted exclusively within the European Union, in a data center operated by our VPS provider.

We do not transfer audit log data outside the EU. If we ever need to (for example, to use a non-EU sub-processor for a specific non-critical feature), we will update this Privacy Policy and the DPA, and rely on Standard Contractual Clauses approved by the European Commission.

Right of access (Article 15): you can request a copy of all personal data we hold about you.

Right to rectification (Article 16): you can correct any inaccurate data directly from your dashboard settings, or by contacting us.

Right to erasure (Article 17): you can delete your account and all associated data from the dashboard. For audit log data related to your end users, a single API call to DELETE /v1/actors/:id anonymizes all events of that actor.

Right to restriction (Article 18): you can ask us to stop processing your data under specific conditions.

Right to portability (Article 20): you can export all your audit log events as CSV or JSON from the dashboard or via the API.

Right to object (Article 21): you can object to processing based on legitimate interest.

Right to lodge a complaint: you can complain to the CNIL (the French data protection authority) at cnil.fr.

To exercise any of these rights, write to contact@recalled.dev. We respond within 30 days.

Recalled uses strictly necessary cookies only: a session cookie for authentication (scoped to recalled.dev), a locale cookie (NEXT_LOCALE) to remember your language preference, and a sidebar_state cookie to remember your dashboard layout preference.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies on the dashboard. No cookie banner is required.

All data is encrypted at rest with AES-256 and in transit with TLS 1.3.

Passwords are hashed with argon2. API keys are stored as SHA-256 hashes only, never in clear.

Each audit log event is cryptographically signed with a hash chain, making tampering detectable.

Access to production infrastructure is restricted to Recalled staff using strong authentication.

We run regular security reviews and promptly patch vulnerabilities in our dependencies.

When you use Recalled to log events about your own users, you act as the data controller and Recalled acts as the data processor.

A standard DPA compliant with GDPR Article 28 is automatically in effect upon subscription. You can request a countersigned copy at contact@recalled.dev.

We may update this Privacy Policy from time to time to reflect changes in our practices or the law. Material changes will be notified by email to active users at least 30 days before they take effect.

For any question about this Privacy Policy or to exercise your rights, write to contact@recalled.dev. We aim to reply within 5 business days for general questions and within 30 days for formal GDPR requests.