Privacy Policy.

Last updated: 17 May 2026 · Data controller: Atelier Maisone · DPO contact: [email protected]

We collect what we need to deliver your project, nothing more. We do not sell your data. We use the minimum tracking required to know whether our ads work. This policy explains exactly what we hold, why, and for how long.

1. Who is the data controller.

Atelier Maisone, the operator of maisone.ai, is the data controller. Address: 229 rue Saint-Honoré, 75001 Paris, France.. Contact for privacy: [email protected] with "Privacy" in the subject.

Relevant supervisory authority: CNIL (Commission Nationale de l'Informatique et des Libertés), 3 Place de Fontenoy, 75007 Paris.

2. What data we collect.

Category	Examples	Source
Contact & identity	Name, email, brand name, phone, country, city	You, via our forms or email
Project brief	Designs, sketches, references, target retail price, audience size, timeline, budget	You
Payment	Billing address, VAT number, last four digits of card, SWIFT confirmation. Full card numbers never touch our servers, they are processed by the payment gateway.	You + payment processor
Shipping	Delivery address, contact phone for the courier, customs identifier where required	You
Site usage	Page views, referrer, device type, IP address (truncated), session length	Cloudflare analytics, Google Ads tag
Email correspondence	All emails to and from [email protected], including attachments	You + us

3. Why we use it (legal basis).

Purpose	Legal basis (GDPR Art. 6)
Quoting and producing your project	Contract performance (b)
Sending project emails (samples, sign-offs, invoices)	Contract performance (b)
Tax invoicing and accounting records	Legal obligation (c)
Site analytics and ad attribution	Legitimate interest (f) and your cookie consent where required
Marketing emails about new services	Consent (a). Opt-out at any time.
Fraud prevention and dispute defence	Legitimate interest (f)

4. Who we share it with.

Couriers (DHL Express, EMS, Aramex) for shipment.
Payment processors (Stripe, our bank for SWIFT) for billing.
Email infrastructure (Resend.com, used to send transactional email; Apple iCloud, used to receive inbound mail).
Hosting (Cloudflare Pages for the website, Cloudflare KV for stored data).
Analytics & ads (Google Ads tag only on relevant landing pages; Cloudflare analytics on all pages).
Tax authorities where French law requires disclosure.

We do not sell personal data, ever. We do not share it with social platforms for retargeting except where you have explicitly consented.

5. Where data is stored.

Primary storage is within the EU (Cloudflare's EU data plane, French hosting where available). Some processors (Resend, Stripe) operate from the US, in which case transfer is covered by the EU-US Data Privacy Framework or Standard Contractual Clauses.

6. How long we keep it.

Project files (tech packs, patterns, sample images): 10 years after project closure, for warranty and reorder purposes. Removed on request after that.
Email correspondence: 5 years.
Tax and accounting records: 10 years, per French commercial code.
Marketing contacts: until you unsubscribe; we then keep only your email address on a suppression list so we do not contact you again.
Analytics: 14 months for Google Ads, rolling 30 days for Cloudflare analytics.

7. Your rights under GDPR.

You can ask us to:

Access the personal data we hold about you
Correct data that is wrong
Delete data, subject to legal retention requirements above
Restrict processing while a complaint is investigated
Receive a copy of your data in machine-readable form (portability)
Object to processing based on legitimate interest
Withdraw consent at any time where consent is the legal basis

Send the request to [email protected] with "Privacy request" in the subject. We respond within 30 days, free of charge.

8. Cookies and tracking.

We use the minimum cookies needed: a session cookie for forms, Cloudflare's bot-protection cookie, and (on relevant landing pages) the Google Ads conversion cookie. Where required by EU law, we ask for consent before setting non-essential cookies.

You can clear all cookies in your browser settings at any time. We do not use third-party advertising tags beyond Google Ads conversion tracking.

9. Children's data.

Our services are aimed at adults working in fashion businesses. We do not knowingly collect data from anyone under 16. If you believe we have, email [email protected] and we will delete it.

10. Complaints.

If you are not satisfied with our response, you have the right to complain to the CNIL (cnil.fr) or your local data-protection authority.

11. Changes to this policy.

We will post the new version here with a new "last updated" date. Material changes are emailed to active clients at least 30 days before taking effect.