Privacy Policy

1. Who We Are

Bellechasse is a brand of Belle Labs SAS, a French simplified joint-stock company registered in France.

• Registered address: 30 Lieu dit Queric, 56470 La Trinité-sur-Mer, France
• SIRET: 93360353200013
• Contact: hello@bellechasse.com

Belle Labs is the data controller for the personal data described in this policy. This means we determine the purposes and means of processing your personal data.

If you have questions about how we handle your data, please contact us at hello@bellechasse.com.

2. What Data We Collect

We collect different types of data depending on how you interact with us:

Data you give us directly

• Email address — when you sign up for our interest list or join as a founding member (Fondatrice)
• Name and shipping address — when you place an order
• Payment card details — collected by Shopify Payments during checkout (we never see or store your full card number on our servers)

Data collected automatically

• Browsing data — pages visited, time on site, referral source, device type, browser, and operating system (via Google Analytics GA4)
• Session recordings and heatmaps — mouse movements, clicks, and scroll behavior (via Microsoft Clarity). Clarity automatically masks sensitive input fields.
• Cookies and similar technologies — see our Cookie Policy for full details

3. Why We Collect Your Data

Under the GDPR and UK GDPR, we must have a lawful basis for each processing activity. Here is how we use your data and the legal basis for each:

4. Who We Share Your Data With

We do not sell your personal data. We share it only with trusted service providers who process data on our behalf, under strict contractual obligations:

• Shopify Payments (Shopify Inc., Canada/US) — payment processing, order management, and checkout
• Klaviyo (Klaviyo Inc., US) — email marketing and the interest list
• Google Analytics GA4 (Google LLC, US) — website analytics
• Microsoft Clarity (Microsoft Corp., US) — session recording and heatmaps
• Vercel / Cloudflare — website hosting and content delivery

Where data is transferred outside the European Economic Area (EEA) or the UK, we ensure appropriate safeguards are in place, such as the European Commission's Standard Contractual Clauses (SCCs) or the service provider's participation in a recognized adequacy framework.

5. How Long We Keep Your Data

• Account and order data: for the duration of your relationship with us, plus 5 years for tax and legal compliance (as required under French commercial law)
• Marketing email addresses: until you unsubscribe, after which we delete your email within 30 days
• Analytics and session data: retained according to each provider's standard retention period (Google Analytics: 14 months; Microsoft Clarity: 30 days)
• Cookie data: see our Cookie Policy for individual cookie durations

6. Your Rights

If you are in the EU (GDPR)

Under the General Data Protection Regulation, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — ask us to correct inaccurate or incomplete data
• Erasure — ask us to delete your data (the “right to be forgotten”)
• Restriction — ask us to temporarily limit how we process your data
• Data portability — receive your data in a structured, machine-readable format
• Object — object to processing based on legitimate interest
• Withdraw consent — where processing is based on consent, withdraw it at any time (this does not affect the lawfulness of processing before withdrawal)

To exercise any of these rights, email us at hello@bellechasse.com. We will respond within 30 days.

If you are in the UK (UK GDPR)

You have the same rights listed above under the UK General Data Protection Regulation. If you are unsatisfied with our response, you may lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk

If you are in California (CCPA)

Under the California Consumer Privacy Act, California residents have the right to:

• Know what personal information we collect and how it is used
• Delete your personal information
• Opt out of the sale of personal information — we do not sell your personal information
• Non-discrimination — we will not treat you differently for exercising your rights

To make a CCPA request, email hello@bellechasse.com with the subject line “CCPA Request.”

7. Supervisory Authorities

As a French company, our lead supervisory authority is the:

Commission Nationale de l'Informatique et des Libertés (CNIL)
3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
www.cnil.fr

For UK residents, the relevant authority is the Information Commissioner's Office (ICO): ico.org.uk

8. Cookies

We use cookies and similar technologies on our website. For full details about which cookies we use, their purpose, and how to manage them, please see our Cookie Policy.

9. Security

We take reasonable technical and organizational measures to protect your personal data, including encryption in transit (TLS/HTTPS), access controls, and choosing data processors with strong security practices. Payment card data is handled entirely by Shopify Payments, which is PCI DSS Level 1 certified — your card details never touch our servers.

10. Children's Privacy

Our products and services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this privacy policy from time to time. When we make material changes, we will notify you by email (if we have your address) or by posting a notice on our website. The “Last updated” date at the top of this page reflects the most recent revision.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please reach out:

• Email: hello@bellechasse.com
• Post: Belle Labs, 30 Lieu dit Queric, 56470 La Trinité-sur-Mer, France