Privacy policy
At Spore Biotechnologies SAS ("Spore.Bio", "we", "our"), we are committed to protecting your personal data and to being transparent about how it is used. This Privacy Policy explains what data we collect, why, on what legal basis, who it is shared with, how long we keep it, and the rights you have under the General Data Protection Regulation (GDPR) and the French Loi Informatique et Libertés.
last dupdated : 06/22/26
Data Controller
The data controller is:
Spore Biotechnologies SAS
registered address : 121 rue d’Aguesseau, 92100 Boulogne-Billancourt, France
General contact : admin@spore.bio
Data Protection Officer (DPO): dpo@spore.bio
You can contact our DPO for any question about this policy or to exercise your rights.
Data We Collect
We collect personal data in three situations:
consent, for the following purposes:
- When you contact us through our online forms : your first name, last name, email address, company, and the content of your message.
- When you visit our website : aggregated, anonymous usage statistics only (see Website Analytics below). No individual visitor is identified or tracked.
- When you use our embedded software or client dashboard : account identification data and IP addresses, used to authenticate you and operate the service.
Where a client transmits personal data of its own into our software or dashboard, Spore.Bio acts as a processor on that client's behalf; that processing is governed by a separate data processing agreement (DPA) with the client rather than by this notice.
Purpose and Legal Basis of Processing
We process your personal data for the following purposes, each on the legal basis indicated:
- Responding to your enquiries and sending you content (newsletters, articles, updates) on the basis of your consent (Art. 6(1)(a) GDPR).
- Business prospection and commercial follow-up with professional contacts — on the basis of our legitimate interest (Art. 6(1)(f)) in developing our business activity. You may object to this processing at any time.
- Operating and securing our embedded software and client dashboard (authentication, IP logging) — on the basis of our legitimate interest (Art. 6(1)(f)) in providing and protecting a reliable service, and, where applicable, the performance of a contract (Art. 6(1)(b)).
Data Recipients
Access to your personal data is strictly limited to people and providers who need it. Our processors act under GDPR-compliant terms (Art. 28):
- The internal Spore.Bio team;
- Our CRM (Folk, hosted in the EU);
- Our emailing platform, Mailchimp (Intuit) and SendGrid (twilio);
- Our website analytics provider, Plausible Analytics (hosted in the EU).
We do not sell your personal data, and we do not share it with third parties for advertising or profiling.
Data Storage
Your personal data is stored on our internal systems and within the services of the processors listed above. We rely exclusively on established providers whose security and compliance posture we review before adoption.
Data Retention
We keep personal data only for as long as necessary for the purpose it was collected for:
- Contact-form data: 3 years from your last contact with us;
- Website analytics data (aggregated): 25 months;
- Prospect and client data: for the duration of our commercial relationship, plus 3 years.
After these periods the data is deleted or anonymised, unless you have asked us to delete it sooner.
International Data Transfers
Some of our processors may store or process personal data outside the European Economic Area (EEA). Where this happens, we ensure an adequate level of protection through appropriate safeguards under Chapter V GDPR, the EU-US Data Privacy Framework and/or the European Commission's Standard Contractual Clauses. Our website analytics (Plausible) and CRM (Folk) keep data within the EU and involve no such transfer.
Cookies
Our website does not use advertising, profiling, or third-party tracking cookies. Our analytics solution is cookieless. We use only strictly necessary cookies required for the site to function.
Website Analytics
Our website uses Plausible Analytics, a privacy-friendly analytics solution, to measure traffic and performance:
- It does not use cookies and does not track individual visitors;
- Only anonymous, aggregated statistics are collected (e.g. number of visits, most-viewed pages);
- Analytics data is hosted within the European Union (Germany) and is never transferred outside the EEA;
- No personal data is stored or shared with third parties for advertising or profiling.
Your Rights
In accordance with the GDPR, you have the right to:
- Access your personal data;
- Rectify inaccurate or incomplete data;
- Erase your data ("right to be forgotten");
- Restrict the processing of your data;
- Data portability;
- Object to processing carried out on the basis of our legitimate interest;
- Withdraw your consent at any time (for example, for newsletter subscriptions);
- Lodge a complaint with the supervisory authority, in France, the CNIL (www.cnil.fr). To exercise any of these rights, contact us at dpo@spore.bio. We will acknowledge your request within five (5) working days and respond within one (1) month of receipt. This period may be extended by a further two months for complex or numerous requests, in which case we will inform you.
Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure (Art. 32 GDPR), including role-based access controls, encryption of data in transit (TLS), and review of our processors' security posture.
Updates to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. The current version is always available on our website, and the "last updated" date above reflects the most recent revision.
