HC HerCall
Data protection Privacy / GDPR Cookies

Privacy Policy

Last update: 2026-01-19 · Contact: christophebengler@gmail.com

This policy explains what data we collect when you use HerCall, why we use it, how long we keep it, who we may share it with and what rights you have over your data.

1. Data controller & contact

The data controller for personal data processed through the service is BENGLER.

27avenuelaplace94110Arcueil

For privacy questions or to exercise your rights (see section 10), contact: christophebengler@gmail.com.

2. Data we process

2.1 Account data

  • email (login), email verification status;
  • password (stored in hashed form);
  • language, role and technical account settings;
  • preferences (e.g., notifications, marketing consent where applicable).

2.2 Profile & content

  • display name/nickname, bio, age (if provided), city/area (if provided), profile photos;
  • events you publish (title, description, place/area, times, capacity);
  • messages exchanged with other members.

2.3 Verification selfie (if used)

  • a selfie photo used to prevent fraud and improve safety (manual review / moderation);
  • we do not use automated facial recognition to identify a person.

2.4 Technical & security data

  • security logs (login, rate limiting, abuse prevention);
  • technical information (browser, device);
  • IP address (or an equivalent technical form) in some security logs.

3. What other members can see

HerCall is a community service: some information is visible to other members to enable matches and events.

  • profile: display name, bio, profile photos, city/area, and any information you choose to show;
  • events: information included in your invitation (title, description, place/area, schedule, rules);
  • messages: visible only to recipients.

Please avoid sharing sensitive personal data (exact address, health information, etc.) in your profile or messages.

4. Purposes & legal bases

  • Create and manage your account — performance of the contract (Terms).
  • Provide features (profiles, events, messaging) — performance of the contract.
  • Safety & abuse prevention (moderation, reports, blocking, fraud prevention) — legitimate interests and/or legal obligations.
  • Support (handling requests) — legitimate interests / performance of the contract.
  • Optional communications (news/marketing) — consent where required.

5. Processors & recipients

Data may be accessed by:

  • members (within the limits described in section 3);
  • the HerCall team (support, technical staff, moderation), on a need-to-know basis;
  • our necessary technical providers, including OVHcloud (hosting and SMTP email infrastructure);
  • competent authorities when required by law.

We do not sell your personal data to third parties for their own marketing.

6. Data location & transfers

Service data is hosted with OVHcloud within the European Union.

If a transfer outside the EU/EEA becomes necessary in the future, we will implement appropriate safeguards and update this policy.

7. Data retention

We keep data for a limited period proportionate to the purposes:

  • active account: for as long as your account remains active;
  • account deletion: account data is anonymised and profile content (photos/extras) is removed when you delete your account;
  • deleted-account media: best-effort deletion, and no later than 30 days if orphan media remains;
  • security: audit logs up to 180 days, rate limiting data up to 30 days, password reset requests up to 30 days;
  • disputes / legal obligations: some information may be kept longer where required by law or to defend our rights.

8. Cookies

We only use cookies that are strictly necessary for the service to work:

  • hercall_session: session cookie (authentication / security);
  • hc_lang: remembers language choice (indicative duration: 12 months).

We do not use third-party analytics tools on HerCall at this time.

9. Security

We implement reasonable technical and organisational measures (access controls, password hashing, anti-abuse protections, etc.) to protect data.

No platform is perfectly secure. In case of a breach likely to result in a high risk, we may notify affected users as required by law.

10. Your rights

You have the following rights (subject to GDPR conditions): access, rectification, erasure, restriction, objection, portability. You may withdraw consent where processing relies on it.

To exercise your rights: christophebengler@gmail.com. We may ask for proof of identity when necessary to protect your account.

You also have the right to lodge a complaint with your local data protection authority.

11. Changes to this policy

We may update this policy to reflect legal, technical or organisational changes. The version available online is the applicable version.