// 08 · the fine print

legal & privacy.

Everything we're obliged to tell you — written in plain language. We're three devs, not a law firm. If anything is unclear, email us.

// 02 · conditions générales d'utilisation

terms & cgu.

scope.

These terms govern your use of corploc.net and any tool published by the CorpLoc collective. They do not govern the source code, which is licensed separately.

open-source licenses.

Applications: AGPLv3 — share-alike, copyleft, no proprietary forks.
Libraries and utilities: MIT — permissive, attribution required.
License files are in each repository. If in doubt, check the repo.

no warranty.

These tools are provided as-is, without warranty of any kind.
We are not a registered company — there is no commercial SLA, no uptime guarantee, no dedicated support.
We fix things when we can, because we care about the work — not because of a contract.

no accounts, no payment.

No accounts on this site. No registration. No login.
No payment processing of any kind. Everything we publish is free.
If a tool we build eventually requires an account, it will have its own dedicated terms.

// 03 · privacy policy

privacy policy.

// tldr

we log nothing by default. what we do store is listed below, item by item. no analytics. no tracking. no profiling.

The long version is below because we are legally required to write it.

data controller.

CorpLoc collective, identified in section 01, acts as the data controller for all personal data described in this policy. Contact: contact@corploc.net.

legal basis · article 6 RGPD.

legitimate interest (art. 6.1.f) — server logs for abuse prevention, IP anonymized, 7-day retention.
no consent-based tracking — we do not rely on consent for analytics, A/B testing, or any profiling.
No contractual basis, no billing, no accounts — so art. 6.1.b and 6.1.c do not apply here.

// 04 · what we store, what we don't

what we collect.

Complete inventory. If it's not on this list, we are not collecting it.

we do store (minimal).

✓ HTTP server logs — anonymized IP anonymized · 7-day retention · no individual tracking

✓ lang preference cookie first-party · session-scoped · see § 06

✓ theme preference localStorage only · never transmitted · cleared with browser data

we do not store.

✗ analytics of any kind no plausible · no fathom · no GA · nothing

✗ tracking pixels or beacons none embedded anywhere

✗ device fingerprinting canvas, webgl, fonts, audio — none read

✗ personal data no name, no email, no account — nothing to store

✗ referrer headers stripped at edge or never logged

✗ payment data no payment processing on this site, ever

// 05 · your rights under rgpd · articles 15–22

your rights.

Under the RGPD / GDPR you have the following rights at any time. We reply to all requests within 7 days. Contact: contact@corploc.net — no account required.

// art. 15

right of access

request everything we hold on you — we'll respond in 7 days

// art. 16

right to rectification

correct any inaccurate data we may hold

// art. 17

right to erasure

request deletion of any data we hold about you

// art. 18

right to restriction

freeze processing while a dispute is resolved

// art. 20

right to portability

export your data in open formats — json or csv

// art. 21

right to object

opt out of any legitimate-interest processing

// art. 77

complaint to cnil

file a complaint with the French data authority — cnil.fr

Since we collect almost nothing, most of these rights are vacuous in practice. But they apply and we will honor them. If we fail to reply within 30 days, file directly with the CNIL.

// 06 · cookies & tracking

cookies & tracking.

// tldr

one cookie. it stores your language. that's it. nothing to accept or refuse.

the only cookie we set.

# the only cookie on this site name lang
purpose language preference
contents locale string (e.g. "fr", "en")
expiry session · cleared when browser closes
flags samesite=lax; path=/
legal basis strictly necessary (ePrivacy art. 5.3 exemption)
consent not required

what we don't set.

No third-party cookies. Ever.
No analytics cookies — no _ga, no _fbp, nothing.
No A/B testing or preference cookies beyond the lang one above.
Theme preference lives in localStorage only — never transmitted, never read server-side.

No cookie banner is displayed because there is nothing that requires consent under RGPD or the ePrivacy directive.

// 07 · security · responsible disclosure

security.

We build and maintain our own infrastructure. If you find a vulnerability, we want to know.

responsible disclosure.

No bug bounty — we can't afford to pay competitively. But we run a responsible-disclosure program and take reports seriously.

Email: contact@corploc.net with subject [security]
We acknowledge receipt within 24h.
We triage within 7 days.
We fix reported issues within 72h for critical issues, 30 days for others.
Public credit in changelog, unless you prefer to remain anonymous.

Please give us reasonable time to patch before disclosing publicly. We'll do the same — no gagging, no legal threats.