Privacy policy

This privacy policy describes how the ClassLab service, published by BeBranded SAS, collects and processes personal data, in accordance with Regulation (EU) 2016/679 (GDPR) and the French Data Protection Act.

1. Data controller

The controller of the data relating to the operation of the ClassLab platform is BeBranded SAS, 34 avenue Chanzy, 93250 Villemomble, France — SIREN 984 530 212. Contact: [email protected].

For data relating to their students, each user organisation acts as data controller; ClassLab then acts as a processor within the meaning of Article 28 GDPR.

2. Data collected

  • Account data: last name, first name, email address, password (encrypted), role.
  • Data entered into the service: students, parents, lessons, educational documents, billing.
  • Technical data: connection logs, IP address, strictly necessary browsing data.

3. Purposes and legal bases

  • Provision of the service and performance of the contract (Article 6.1.b);
  • Compliance with legal and accounting obligations (Article 6.1.c);
  • Security, fraud prevention and service improvement (legitimate interest, Article 6.1.f);
  • Non-essential communications, where applicable, on the basis of consent (Article 6.1.a).

4. Recipients and processors

Data is accessible to the authorised staff of the publisher and of the relevant organisation. Technical processors are involved in hosting and operation: Vercel (application hosting), Supabase (database, European Union), Resend (email delivery), and payment providers where applicable. No data is sold to third parties.

5. Transfers outside the European Union

Application data is hosted within the European Union. Where a processor may process data outside the EU, appropriate safeguards (the European Commission's standard contractual clauses) are implemented.

6. Retention period

Data is kept for as long as necessary for the purposes pursued, then archived or deleted in accordance with legal obligations. Account data is deleted when the account is closed, subject to statutory retention periods (in particular accounting).

7. Protection of minors

The service processes data relating to minor students on behalf of the organisations. This data is entered under the responsibility of the organisation and the student's legal representative, who exercises the rights set out in this document.

8. Your rights

In accordance with the GDPR, you have the rights of access, rectification, erasure, restriction, objection and portability. You may exercise them with the publisher ([email protected]) or, for data managed by an organisation, directly with that organisation. You also have the right to lodge a complaint with the CNIL (www.cnil.fr).

9. Security

The publisher implements appropriate technical and organisational measures (password encryption, access control, per-organisation data isolation, logging) to protect data against unauthorised access, loss or alteration.

10. Cookies

The service uses cookies strictly necessary for its operation (authentication, language preferences). Non-essential cookies, where applicable, are only set with your consent.

11. Contact

For any question regarding this policy or the exercise of your rights, write to [email protected].