Privacy Policy

mdsyncLast updated: 2026-02-17

1. Introduction

This Privacy Policy explains how GROSSE Entreprises (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you use the mdsync web application and related services (the “Service”).

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and applicable French data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

GROSSE Entreprises
57 Avenue du Maréchal Juin
64200 Biarritz
France
Email: [email protected]

3. Personal Data We Collect

We collect only data necessary to operate, secure, and improve the Service.

3.1 Data You Provide

  • Email address (when creating an account or accepting an invite).
  • Account and organization details (for example, name and role).
  • Optional feedback or messages you send us.

3.2 Repository & Document Data

When you connect a GitHub repository, the Service processes data from that repository to provide the Service. This may include:

  • Repository metadata (for example, repository name, default branch, and file tree paths you select).
  • Markdown document contents and related file metadata (for example, file names, directories, and timestamps).
  • Git-related data required to sync changes (for example, commit identifiers and diffs).

You control what content exists in your repository. If your documents include personal data or sensitive information, you are responsible for ensuring you have a lawful basis to store and share it with collaborators.

3.3 Usage & Session Data

  • Interaction data (for example, feature usage and clicks).
  • Editor activity and session timestamps (for reliability and security).
  • Search queries and AI feature usage (where enabled).

3.4 Technical Data

  • IP address.
  • Device and browser information.
  • Log data and timestamps (for example, for debugging and abuse prevention).

4. Sensitive Data Notice

The Service is a documentation collaboration tool and is not intended to process special categories of personal data (for example, health data) as defined by GDPR.

However, documents in your repository may contain sensitive information depending on what you store there. Please avoid uploading or storing sensitive personal data in the Service unless you have a lawful basis and appropriate safeguards in place.

5. Purposes of Processing

We process personal data to:

  • Provide and operate the Service.
  • Authenticate users and manage accounts, organizations, and roles.
  • Connect to GitHub repositories and sync document changes.
  • Enable AI-assisted writing, editing, and Q&A features (where enabled).
  • Improve functionality, reliability, and user experience.
  • Communicate with users (service-related messages).
  • Ensure security, prevent abuse, and troubleshoot issues.
  • Comply with legal obligations.

6. Legal Bases for Processing (GDPR)

We rely on the following legal bases:

  • Contractual necessity — to provide the Service you request.
  • Legitimate interests — to improve, secure, and operate the Service.
  • Consent — where required (for example, for certain non-essential cookies, if used).
  • Legal obligation — where required by law.

7. Cookies & Tracking

We may use cookies or similar technologies to ensure core functionality (for example, session management), remember preferences, and improve performance.

If non-essential cookies are used, a cookie consent mechanism will be provided as required.

8. Data Sharing & Third Parties

We do not sell your personal data.

We may share data with trusted third-party service providers solely to operate the Service, such as:

  • Hosting and infrastructure providers.
  • Analytics services (if enabled).
  • Email delivery providers (for example, invites and login links).
  • AI or automation providers used to provide AI features (where enabled).
  • Payment processors (when subscriptions are enabled).
  • GitHub, to support repository connectivity and sync.

All providers are required to comply with applicable data protection laws and process data only on our instructions where applicable.

9. Data Retention

We retain personal data only as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law.

You may request deletion of your data at any time by contacting [email protected].

10. User Rights (GDPR)

You have the right to:

  • Access your personal data.
  • Correct inaccurate data.
  • Request deletion (“right to be forgotten”).
  • Restrict or object to processing.
  • Request data portability.
  • Withdraw consent at any time (where processing is based on consent).

To exercise your rights, contact [email protected].

You also have the right to lodge a complaint with your local data protection authority (CNIL in France).

11. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or disclosure.

No system is 100% secure, but we take reasonable steps to protect your information.

12. International Data Transfers

If personal data is processed outside the European Union, we ensure appropriate safeguards are in place in accordance with GDPR requirements.

13. Children’s Privacy

The Service is intended for users 16 years and older. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by other appropriate means. Continued use of the Service constitutes acceptance of the updated policy.

15. Contact

For privacy-related questions or requests, email [email protected].