Privacy Policy
This privacy policy explains how ODF OPEN-DATA FINANCE SAS (hereinafter "ODF", "we") collects, uses, retains and protects the personal data of users of the OpenData Finance platform, accessible at https://opendatafinance.com and app.opendatafinance.com (the "Service"). It is drawn up in accordance with Regulation (EU) 2016/679 (GDPR) and French Act No. 78-17 of 6 January 1978 (the Data Protection Act).
The Service is intended strictly for professional and institutional use. By accessing the Service or creating an account, you acknowledge that you have read this policy. For any question regarding the processing of your data, you may contact us at contact@opendatafinance.com.
1. Data controller
The controller of personal data is ODF OPEN-DATA FINANCE SAS, a simplified joint-stock company (société par actions simplifiée) incorporated under French law, registered with the Paris Trade and Companies Register under SIREN No. 929 740 926 (RCS Paris No. 929 740 926), with its registered office at 5 rue Séguier, 75006 Paris, France.
For any request relating to your personal data or to the exercise of your rights, a dedicated point of contact is available by email at contact@opendatafinance.com and by post at the registered office address above, for the attention of the data protection contact.
2. Data we collect
We collect only the data necessary to provide and secure the Service. The categories of data processed are as follows.
Account and identification data
When you create and manage your account, we collect your identity (first and last name), your professional email address, your telephone number where applicable, the name of your company or entity, and your login credentials (your password is stored in encrypted form and never in clear text).
Usage and technical data
When you use the Service, we collect technical and usage data: connection logs, IP address, browser and device type, pages viewed, queries performed, watchlists, settings and preferences. This data is used to operate, secure and improve the Service.
Billing and payment data
Professional subscriptions are processed through our payment provider Stripe. We retain billing data (company name, address, amounts, subscription status, transaction history). Full payment-card details are collected and processed directly by Stripe and are never stored on our servers.
Prospecting and newsletter data
Where you have consented, or within the framework of a business relationship, we process your email address and professional contact information in order to send you our newsletter and commercial communications about similar products and services. The newsletter and promotional-email opt-in boxes are unchecked by default at sign-up.
Contact and support data
When you use our contact form, request support or book a meeting, we collect the information you provide (identity, email address, subject of the request, content of the exchanges) in order to handle your request and follow up on the relationship.
We do not knowingly collect special-category data within the meaning of Article 9 GDPR (racial or ethnic origin, political opinions, religious beliefs, health data, etc.). Please do not provide us with such data through the Service.
3. Purposes and legal bases
Each processing operation relies on a defined legal basis within the meaning of Article 6 GDPR. The table below sets out, for each purpose, the applicable legal basis.
4. Recipients and processors
Your data is neither sold nor transferred to third parties for commercial purposes. It may be disclosed to our technical processors, acting on our behalf and on our instructions, under agreements compliant with Article 28 GDPR. The main processors are as follows.
Your data may also be disclosed to administrative or judicial authorities where required by law. The list of processors may change; an up-to-date version can be obtained on request at contact@opendatafinance.com.
5. Transfers outside the European Union
We give priority to hosting and processing data within the European Union. However, some processors (notably Stripe, Google, HubSpot and Mailchimp / Mandrill) may involve a transfer of data to countries outside the European Union, in particular the United States.
Such transfers are carried out only where they are surrounded by appropriate safeguards within the meaning of Articles 44 to 49 GDPR: standard contractual clauses adopted by the European Commission and, where the processor is certified, the EU-US Data Privacy Framework. A copy of the applicable safeguards can be obtained on request at contact@opendatafinance.com.
6. Retention periods
Your data is retained for the period strictly necessary for the purposes for which it is processed, then archived or deleted in accordance with the periods set out below and applicable legal obligations.
7. Your rights
In accordance with Articles 15 to 22 GDPR and the French Data Protection Act, you have the following rights over your personal data:
- Right of access: obtain confirmation that your data is being processed and receive a copy of it (Article 15).
- Right to rectification: have inaccurate or incomplete data corrected (Article 16).
- Right to erasure: request the deletion of your data in the cases provided for by law (Article 17).
- Right to restriction of processing under the conditions provided for (Article 18).
- Right to portability: receive the data you have provided to us in a structured, machine-readable format (Article 20).
- Right to object to processing, in particular to commercial prospecting, at any time (Article 21).
- Right to withdraw your consent at any time, without affecting the lawfulness of processing carried out beforehand (Article 7.3).
- Right to set out directives regarding the fate of your data after your death (Article 85 of the French Data Protection Act).
You may exercise these rights at any time by writing to contact@opendatafinance.com or by post to the registered office, for the attention of the data protection contact. Where there is reasonable doubt about your identity, proof of identity may be requested.
We undertake to respond to your request within one month of receipt, a period that may be extended by two months for complex or numerous requests, in which case you will be informed.
8. Complaint to the CNIL
If, after contacting us, you consider that your rights are not respected, you have the right to lodge a complaint with the Commission nationale de l'informatique et des libertés (CNIL), the French supervisory authority.
CNIL, 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France. Website: www.cnil.fr.
9. Data security
We implement appropriate technical and organisational measures to protect your data against unauthorised destruction, loss, alteration, disclosure or access: encryption of data in transit and of secrets, access control and limitation based on the principle of least privilege, logging, minimisation of the data collected, and hosting with providers offering a high level of security within the European Union. Security is a best-efforts obligation.
10. Minors
The Service is intended exclusively for professional and institutional users of legal age. It is not intended for minors and we do not knowingly collect data concerning minors. If you believe that a minor has provided us with data, please notify us at contact@opendatafinance.com so that we can delete it.
11. Changes to this policy
We may amend this privacy policy to reflect changes in our processing activities or the legal framework. The applicable version is the one published on this page. In the event of a material change, we will inform you by an appropriate means. The date of the last update appears below.
Last updated: June 2026.