Legal

Privacy Policy

Last updated: 14 March 2026

Data Controller

Who is responsible for your data

The data controller is Sofiane Hamlaoui, operating as Hamlaoui & Co., 254 Rue Vendôme, 69003 Lyon, France (SIRET 102 404 456 00018). Contact: [email protected].

Data Collected

What we collect and why

We collect only the minimum data necessary to operate the API service securely.

Data	Purpose	Lawful basis (GDPR)
Email address	Account management, API key delivery	Art. 6.1.b — Contractual necessity
IP address	Fraud prevention, security, abuse detection	Art. 6.1.f — Legitimate interest
Agreement timestamp	Proof of ToS acceptance	Art. 6.1.b — Contractual necessity
User agent string	Technical security logging	Art. 6.1.f — Legitimate interest
ToS version accepted	Audit trail for contract disputes	Art. 6.1.b — Contractual necessity
API usage metrics	Rate-limit enforcement, billing	Art. 6.1.b — Contractual necessity

We do not collect browser history, location data beyond IP geolocation for fraud detection, or any data not listed above.

GDPR Art. 6

Lawful basis for processing

Contractual Necessity (Art. 6.1.b): We must process your email address, agreement timestamp, and ToS version to create and manage your API account and to deliver the service you requested.

Legitimate Interest (Art. 6.1.f): We process your IP address and user agent string to protect the Law4Devs database — a substantial proprietary investment — against unauthorised bulk extraction, abuse, and scraping. This interest does not override your rights: we do not use this data for advertising or profiling.

Retention

How long we keep your data

Agreement logs (email, IP, timestamp, ToS version, user agent) are retained for 5 years from the date of agreement, matching the French commercial statute of limitations (Article L110-4 Code de Commerce) for potential contractual disputes.

Account data is deleted within 30 days of account closure or API key deactivation, unless a legal obligation or pending dispute requires longer retention.

API usage metrics (request counts, timestamps) are retained for 13 months for billing and anomaly detection, then purged.

Your Rights

GDPR rights

Under the GDPR, you have the following rights regarding your personal data:

·Right of access (Art. 15): Request a copy of the personal data we hold about you.
·Right to rectification (Art. 16): Request correction of inaccurate data.
·Right to erasure (Art. 17): Request deletion of your data, subject to legal retention obligations.
·Right to portability (Art. 20): Receive your data in a structured, machine-readable format.
·Right to object (Art. 21): Object to processing based on legitimate interest.

To exercise any right, email [email protected]. We will respond within 30 days. If you believe your rights have not been upheld, you may lodge a complaint with the French supervisory authority: CNIL (Commission Nationale de l'Informatique et des Libertés) at www.cnil.fr.

Security

How we protect your data

Agreement logs and account data are stored in encrypted form. Access is restricted to authorised personnel only. As a Data Controller, we maintain the internal processing register required under GDPR Art. 30.

In the event of a personal data breach affecting your rights, we will notify you and the CNIL within 72 hours where required by GDPR Art. 33–34.

Transfers

International transfers

Law4Devs is hosted by Scaleway SAS (8 rue de la Ville l'Evêque, 75008 Paris, France) within the European Union. No personal data is routinely transferred outside the EEA.

Contact

Questions & complaints

For any privacy-related questions, requests, or complaints: [email protected]

Postal: Hamlaoui & Co., 254 Rue Vendôme, 69003 Lyon, France.