Privacy Policy

Identity Verification

When you choose to verify your identity, you complete the verification process directly with our verification provider. The provider checks your identity documents and performs liveness and fraud-prevention checks. We do not receive or store copies of your identity documents or biometric templates. From the verification outcome, we receive and store only a limited set of attributes linked to your account, such as: whether your verification was successful and which method was used; your verified legal name; a derived identifier that we use solely to prevent one person from holding multiple accounts; whether your verification relied on certain trusted sources (for example, notified electronic identities) and an audit reference; confirmation that you are at least 18 years old; and your country of residence. If you use a recovery email or have an institutional account, we also store an optional recovery email address that you provide, and for organisations, basic information about the organisation (such as its registration number) and the authorised representative. We use these attributes to confirm that each account is held by a real person, to enforce our "one person, one account" rule, to determine eligibility for certain features, and to comply with our legal, safety and platform-integrity obligations. They are stored separately from your public content at the application level and are accessible only to authorised personnel and services that need them for account integrity, safety, support or compliance purposes. We protect them using technical and organisational measures appropriate to their sensitivity, including encryption in transit, encryption at rest provided by our hosting provider, restricted access rights, key management for our de-duplication mechanism, and logging of administrative access. We keep your identity-verification attributes for as long as your account is active. If you delete your account, we delete or irreversibly anonymise these attributes, including the de-duplication identifier, as part of the account-deletion process. We do not retain identity-verification attributes after account deletion.

Press Verification

If you apply for a "verified journalist" badge, we ask you to provide your work email address, the name of your media organisation, and an optional link to a portfolio or recent work. At this stage, we do not collect or store images of press cards or other professional credentials as part of this process. We use this information only to assess your eligibility for a "verified journalist" badge and to prevent misuse of that status. Your work email address is stored in encrypted form and is accessible only to authorised personnel and services involved in verification and audit. These data are stored separately from your public content at the application level. In the future, we may offer you the option to upload a press card or similar professional credential as part of the verification process. If we introduce this feature, we will update this notice before we begin processing these images to explain what we collect, how long we keep it, and how we protect it, including the security measures that apply to any images you choose to upload.

Security and Technical Logs

For security, abuse-prevention and operational purposes, we create and retain logs about how our services are used. These logs can include information such as your IP address, your browser or device type and settings, the date and time of your requests, and how you interact with certain features (for example, account recovery and administrative tools). We use these logs to detect and prevent malicious or abusive activity, to investigate incidents, and to maintain the stability and security of the service. We keep this information for as long as necessary for these purposes and then delete it or irreversibly anonymise it.

Infrastructure and Hosting

perso's own application and database infrastructure is hosted on servers located in the European Union. In particular: application servers are located in France and operated by an EU infrastructure provider (OVHcloud); the primary database is a managed PostgreSQL database from Scaleway (an EU provider) in the Paris region (fr-par), where all connections between the application and the database use Transport Layer Security (TLS) with certificate verification and the database is encrypted at rest by the cloud provider at the storage-volume level (this provider-level encryption is distinct from application-level field encryption, which perso does not apply to identity attributes); the search index is Meilisearch, self-hosted by perso on its EU-based application infrastructure; email delivery uses an EU-based email service provider (IONOS); and key management uses a managed key service provided by Scaleway, used to generate and protect the key for the humanity-deduplication mechanism. perso does not currently use a separate caching layer (such as Redis) or a content delivery network. If perso later introduces such services, this section will be updated before they are used to process users' personal data. Object storage for user-uploaded media is not yet in use. Before perso enables media uploads, user media will be stored in object-storage services located in the European Union and operated by EU-based providers, with provider-level encryption at rest enabled, and this section will be updated to describe that processing and its safeguards before that processing begins. Third-party processors, including any processing outside the EU or EEA (such as identity verification and any future media-scanning or analytics services), are addressed in the sub-processors section below and in perso's subprocessors and international-transfers documentation.

Data Retention

perso keeps personal data only for as long as necessary. Account data is retained while your account is active and deleted within 30 days of account deletion via a cascading purge. Identity-verification attributes are retained while your account is active and are deleted or irreversibly anonymised, including the de-duplication identifier, as part of the account-deletion process; perso does not retain identity-verification attributes after account deletion. Content data is retained while posted and deleted within 30 days of removal or of account deletion. Direct messages are deleted within 30 days of account deletion for both sender and recipient. Moderation audit logs are retained for as long as necessary to comply with our obligations under the Digital Services Act and to manage content-moderation disputes, and are then deleted or irreversibly anonymised. Security and technical logs are retained for as long as necessary for security, abuse-prevention and operational purposes, then deleted or irreversibly anonymised. CSAM evidence: where we detect or are notified of suspected child sexual abuse material (CSAM), we immediately remove or disable access to that content on our service but may retain associated hashes, metadata and a minimal evidentiary copy in a segregated evidence store for as long as necessary to comply with our legal obligations, cooperate with competent authorities and protect victims, and then delete it securely. Analytics data is pseudonymised and aggregated and retained no longer than necessary for the purposes described in this policy.

Lawful Basis for Processing

• Consent (GDPR Art. 6(1)(a)) for biometric verification and analytical cookies.
• Contract performance (GDPR Art. 6(1)(b)) for account operation and feature delivery.
• Legal obligation (GDPR Art. 6(1)(c)) for fraud prevention and law-enforcement requests.
• Legitimate interest (GDPR Art. 6(1)(f)) for service security and abuse prevention.

Your Rights

Under GDPR you have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data. Erasure ("Right to be Forgotten", Art. 17) and portability (Art. 20) are exposed in-app under Settings → Legal → Data Export and Account Deletion.

Sub-Processors

• Didit: identity verification. Acts as our data processor for verification orders, and separately as an independent controller for its own fraud-prevention and service-improvement purposes under its own privacy policy.
• OVHcloud (France): application server hosting.
• Scaleway (France, Paris region): managed PostgreSQL database, key management, and future object storage.
• IONOS (EU): email delivery.

Data Protection Contact

For data-protection enquiries: dpo@perso.social.

Supervisory Authority

Users in the European Economic Area have the right to lodge a complaint with their local supervisory authority.

United Kingdom, Crown Dependencies & Gibraltar: No Article 27 Representative

perso is not directed to residents of the United Kingdom, the Channel Islands, the Isle of Man, or Gibraltar, and does not offer services to, or monitor the behaviour of, individuals located in those jurisdictions; account creation from a declared residence in any of them is refused. perso has therefore not designated a representative under Article 27 of the UK GDPR.

Contact

• Privacy questions: dpo@perso.social.
• Data Controller: perso.social is operated by ACGG Rent, S.L., a Spanish sociedad limitada, with registered office (domicilio social) at Calle Francisco Ayala 27, 28522 Rivas-Vaciamadrid, Madrid, Spain; CIF B-56240385; registered with the Registro Mercantil de Madrid, Tomo 45565, Folio 30, Hoja M-801410. Represented by Etienne Gillard. ACGG Rent, S.L. is the sole data controller, established in Spain.