Privacy Policy
Last updated: March 25, 2026
U2GE (hereinafter "we") is committed to protecting your personal data. This Privacy Policy describes the data we collect through the CRWND mobile application and the crwnd.app website (hereinafter "the Service"), how we use, share and protect it, in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable French data protection legislation.
1. Data controller
U2GE, SARL with a share capital of €72,200 Registered office: 201 avenue Francis de Pressensé, 69200 Vénissieux, France SIRET: 818 794 711 00023 - RCS Lyon Data Protection Officer (DPO): privacy@crwnd.app
2. Data collected
2.1 Data provided by users: • Email address - account creation and management • Password - authentication (stored in irreversibly encrypted form) • Username and display name - identification within the community • Profile photo and cover photo - profile personalization • Cap and post photos - core features of the Service • Private messages - communication between users • Collection details - brand, team, colors, size, condition, purchase price, purchase location • Country and biography - optional profile information 2.2 Automatically collected data: • Anonymous technical identifier - internal audience measurement • Pages and screens viewed - Service improvement • Actions performed (adding, rating, commenting) - aggregated statistics • Diagnostic data - detection and resolution of technical errors 2.3 Data processed by artificial intelligence: When you use the visual recognition feature (scanner), the cap photos you submit are sent to a third-party artificial intelligence service to automatically identify the brand, model, and characteristics of the cap. These images are processed in real time and are not retained by the AI provider beyond the time required to process the request. No personal data (profile, identifier) is transmitted to the AI provider along with the images. We do not collect precise geolocation data, contact lists, or biometric data.
3. Legal basis for processing
In accordance with Article 6 of the GDPR, your data is processed on the following bases: • Performance of a contract (Article 6.1.b) - provision of the Service, account management, messaging, collection features • Consent (Article 6.1.a) - anonymized audience measurement, optional push notifications • Legitimate interest (Article 6.1.f) - Service security, abuse prevention, continuous improvement • Legal obligation (Article 6.1.c) - compliance with judicial requests, legally required log retention
4. Use of data
Your data is used to: • Provide and maintain the Service - display your collection, posts, and profile • Enable interactions - comments, ratings, private messages, reports • Improve the Service - anonymized and aggregated statistics, bug detection • Ensure security - abuse prevention, moderation, detection of fraudulent accounts • Communicate with you - Service-related notifications, security alerts • Visual recognition - when you use the scanner, your cap photos are analyzed by an artificial intelligence service to automatically identify product characteristics (brand, model, colors). This processing is performed at your request and images are not retained by the provider We do not perform any profiling for commercial prospecting purposes and do not use your data for advertising.
5. Data sharing and recipients
Your personal data is never sold or rented to third parties. It may be shared with the following categories of recipients: • Database hosting provider - secure storage of Service data (EU/EEA) • Website hosting provider - delivery of the website and administration panel (France) • App distribution platforms - distribution of the application on mobile stores • Notification service provider - delivery of optional push notifications • Artificial intelligence provider - visual analysis of cap photos via the scanner (images only, no personal data transmitted) • Competent authorities - only upon judicial request or legal obligation Each processor is contractually bound to comply with the GDPR (Article 28).
6. International transfers
Your data is hosted within the European Union. Should a transfer outside the EU/EEA be necessary (for example, for app distribution), it is governed by appropriate safeguards in accordance with Articles 46 and 49 of the GDPR (European Commission standard contractual clauses or adequacy decision).
7. Data retention
• Active account data - retained as long as the account is active • Data after account deletion - deleted within 30 days, unless legally required to be retained • Audience measurement data - 26 months maximum (CNIL recommendation) • Technical and security logs - 12 months • Moderation and reporting data - 6 months after resolution After these periods, data is deleted or irreversibly anonymized.
8. Your rights
Under the GDPR (Articles 15 to 22) and applicable data protection laws, you have the following rights: • Right of access - obtain a copy of your personal data • Right to rectification - correct inaccurate or incomplete data • Right to erasure - request deletion of your account and data • Right to portability - receive your data in a structured, commonly used format • Right to object - object to processing based on legitimate interest • Right to restriction - request restriction of processing in certain cases • Right to withdraw consent - withdraw your consent at any time (audience measurement, notifications) • Right to define post-mortem directives - organize the management of your data after death To exercise these rights, contact us at privacy@crwnd.app. We will respond within one month. You can also delete your account directly from the app (Profile → Settings → Delete my account). If you disagree with how we handle your data, you may file a complaint with the CNIL (www.cnil.fr) or your local supervisory authority.
9. Security
We implement appropriate technical and organizational measures to protect your data: • Passwords encrypted irreversibly (hashing with salting) • End-to-end encrypted communications between your device and our servers (HTTPS/TLS) • Data access strictly limited to authorized personnel • Hosting certified compliant with international security standards • Continuous monitoring and security incident detection • Security policy including regular updates In the event of a data breach likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Article 34 of the GDPR.
10. Cookies and trackers
The mobile application does not use cookies. The crwnd.app website uses only strictly necessary cookies required for the technical operation of the site. These cookies do not require your consent under applicable law. We do not use any advertising, targeting, or social media cookies.
11. Protection of minors
The Service is prohibited for persons under 16 years of age in the European Union and under 13 years of age in other countries, in accordance with Article 8 of the GDPR. We do not knowingly collect personal data from minors below the required age. If we learn that a minor has registered without authorization, their account will be deleted promptly. If you are a parent or legal guardian and believe your child has provided us with personal data, please contact us at privacy@crwnd.app.
12. Changes to this policy
We may update this Privacy Policy to reflect changes to the Service or applicable regulations. In the event of a substantial change, you will be notified via an in-app notification or email at least 30 days before the changes take effect. Your continued use of the Service after that date constitutes acceptance of the updated policy.
13. Contact
For any questions regarding the protection of your personal data: Data Protection Officer: privacy@crwnd.app U2GE - 201 avenue Francis de Pressensé, 69200 Vénissieux, France Supervisory authority: Commission Nationale de l'Informatique et des Libertés (CNIL) 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07 www.cnil.fr