Privacy policy
This page explains what data Nevor processes, why, how long it is kept, and how to exercise your rights.
Last updated: 7 May 2026
Who is responsible for processing?
Nevor is published by MetaStrat SASU. Questions related to personal data can be sent to seb@metastrat.com.
What data do we process?
- Account data: email address, password hash, public profile information, preferred language, notification preferences.
- Project data: titles, descriptions, statuses, steps, advice requests, comments, reactions, visibility settings and related media.
- Optional location data: city, approximate localisation data used to improve discovery or local suggestions.
- Technical and security data: authentication logs, API requests, session data, anti-abuse signals and moderation records.
- Invitation and relationship data: follows, saved projects, company invitations, local group memberships and notification deliveries.
Why do we process this data?
- Provide the service: create an account, track a project, publish progress, ask for advice, manage visibility and show public content.
- Secure the platform: prevent abuse, protect accounts, investigate reports and moderate content.
- Run the product properly: send essential transactional emails or notifications linked to account and project activity.
- Improve discovery features: surface relevant projects, groups or profiles based on explicit user data and product settings.
Legal bases
- Contractual necessity for account creation, authentication, project tracking, publication and member features.
- Legitimate interest for platform security, fraud prevention, moderation and basic service improvement.
- Consent where legally required, especially for optional cookies or future analytics tools.
Retention periods
- Account and project data are kept while the account is active, then archived or deleted according to legal, security and support needs.
- Moderation and security logs are kept only for the time needed to investigate incidents, abuse or legal obligations.
- Media and published content remain available until the user deletes them, the account is deleted, or moderation requires removal.
- Retention rules are still being tightened and will be refined before production-scale analytics is enabled.
Who receives the data?
Access is limited to authorised people and technical providers acting on our behalf, mainly hosting, email and infrastructure providers. Public content is visible according to the visibility chosen by the user. Hosting information is available on the legal notice page.
Your rights
You can request access, rectification, deletion, restriction, objection or portability of your data by writing to seb@metastrat.com. As the product matures, export and deletion actions will progressively move into the account area; until then, requests can be handled by email.
Cookies and trackers
Nevor does not yet use analytics cookies. Essential technical cookies may still be used for authentication, security, CSRF protection or language/session continuity. Details are available in the cookie policy.
Security
We apply proportionate technical and organisational measures to protect accounts, sessions, uploads and moderation workflows. No system can guarantee absolute security, but access control, infrastructure hardening and abuse monitoring are part of the product baseline.
Complaint
If you believe your rights have not been respected, you may also lodge a complaint with the competent supervisory authority, including the CNIL in France.