Privacy Policy
Last updated: 23 April 2026
This Privacy Policy explains how the ZEROPUNK Project ("we", "us") collects, uses, stores and protects your personal data when you visit zeropunk.net or interact with us. We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR — Regulation 2016/679) and the French "Loi Informatique et Libertés" of 6 January 1978 as amended.
1. Data Controller
The data controller is the ZEROPUNK Project. For any privacy-related question, you can contact us at: zeropunkproject@gmail.com.
2. What data we collect
We only collect personal data that is strictly necessary for the purposes described below. Specifically: • Contact data: when you use the contact form or write to us at zeropunkproject@gmail.com, we receive your name, email address, subject and message content. • Newsletter data: if you subscribe to community transmissions, we collect your email address (and optionally your language preference). • Technical data: when you visit the Site, our hosting provider may temporarily process your IP address, user-agent, referer and the pages you visit, in order to ensure the security and proper operation of the Site. • Preferences: your language and your cookie consent choice are stored locally in your browser (localStorage), not sent to our servers. We do not knowingly collect data from children under 16. We do not collect sensitive data (health, religion, political opinions, etc.).
3. Why we use your data (legal basis)
We process your data for the following purposes and legal bases (Article 6 GDPR): • To respond to your messages and requests — legal basis: performance of pre-contractual measures or our legitimate interest in answering you. • To send you the newsletter you subscribed to — legal basis: your consent, which you can withdraw at any time. • To ensure the security, stability and proper functioning of the Site — legal basis: our legitimate interest in operating a secure service. • To comply with our legal obligations — legal basis: legal obligation. We do not use your data for advertising profiling and we do not sell your data to third parties.
4. Recipients of your data
Your data may be shared with the following categories of recipients, only to the extent necessary: • Our hosting and infrastructure providers (Lovable Cloud / Supabase / Cloudflare), acting as data processors under Article 28 GDPR. • Email delivery providers used to send transactional emails or newsletters. • Competent authorities, where required by law (court order, criminal investigation, etc.). We never sell, rent or trade your personal data.
5. International transfers
Some of our service providers may be located outside the European Union. In such cases, we ensure that an appropriate level of protection is in place, in particular through the European Commission's Standard Contractual Clauses (SCCs) or an adequacy decision.
6. Data retention
We retain your personal data only for as long as necessary for the purposes for which it was collected: • Contact messages: up to 3 years after the last contact, unless legal obligations require a longer retention. • Newsletter subscriptions: until you unsubscribe, plus a maximum of 3 months for technical removal. • Technical logs: up to 12 months. • Local preferences (cookie consent, language): stored in your browser until you clear them.
7. Your rights
Under the GDPR, you have the following rights regarding your personal data: • Right of access: obtain confirmation that your data is being processed and a copy of it. • Right of rectification: ask us to correct inaccurate or incomplete data. • Right to erasure ("right to be forgotten"): ask us to delete your data, in the cases provided by law. • Right to restriction of processing. • Right to data portability: receive your data in a structured, commonly used, machine-readable format. • Right to object to processing based on our legitimate interest. • Right to withdraw your consent at any time, where processing is based on consent. • Right to define directives regarding the fate of your data after your death. • Right to lodge a complaint with the French data protection authority (CNIL — www.cnil.fr). To exercise any of these rights, please write to us at zeropunkproject@gmail.com. We will respond within one month.
8. Security
We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure or destruction, including HTTPS encryption in transit, restricted access to the database, and regular security updates. However, no system on the Internet can be guaranteed 100% secure.
9. Third-party AI keys (BYOK)
The interactive NPC chat (KAITO-77) offers an optional "Bring Your Own Key" mode where you can paste your own OpenAI API key to unlock free-form conversation. Important details: • The key is used **only** in your own browser and is sent **directly** from your browser to OpenAI's API. It never transits through, nor is logged by, our servers. • The key is kept only in volatile React memory for the duration of your session. It is not stored in localStorage, cookies, or any database. Closing or refreshing the tab erases it. • Because the request is made from your browser, the key is technically visible to your own browser's developer tools and to any browser extension you have installed with network access. You are solely responsible for the safety of the keys you choose to paste. • Any usage, billing, rate limit, content moderation or terms of service relating to OpenAI is governed by your own agreement with OpenAI. We are not a party to that relationship. If you do not provide a key, the chat falls back to a set of pre-recorded answers and no third-party AI service is contacted.
10. Cookies
The Site uses a very limited number of strictly necessary cookies / local storage entries (consent choice, language preference). For full details, please consult our Cookie Policy.
11. Changes to this Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by the "Last updated" date at the top of this page. We encourage you to review this page regularly.
12. Contact
For any question, complaint or to exercise your rights: zeropunkproject@gmail.com.