Legal

Privacy policy

Last updated: June 2026

This privacy policy describes how Isheeft (hereafter "Serenema", "we", "our") collects, uses, and protects the personal data of users of serenema.com, in accordance with the General Data Protection Regulation (GDPR — EU 2016/679) and the amended French Data Protection Act.

1. Data controller

The data controller for personal data collected on serenema.com is:

• Isheeft, sole proprietorship (micro-entreprise)
• Represented by: Christelle Odongo
• Address: 231 rue Saint-Honoré, 75001 Paris, France
• Email: hello@serenema.com

2. Data collected

As part of pre-registration for the Serenema service, we collect the following data:

• Email address (mandatory)
• First name (optional)
• Stage of your parenting journey (mandatory — single choice from 7 proposed options)

When you visit the site, technical data may also be collected automatically:

• IP address
• Browser and operating system type
• Pages visited and visit duration
• Traffic source (Facebook ad, organic search, direct link…)

3. Purposes of processing

Your data is collected and processed for the following purposes:

• Keep you informed about the Serenema project (informational newsletter)
• Notify you in advance of the product launch and offer you an exclusive pre-registration offer
• Better understand the needs of our community through the qualifying question ("Where are you in your journey?")
• Measure the performance of our communication campaigns
• Contact you for discovery interviews or surveys you would agree to participate in

4. Legal basis for processing

The processing of your data is based on your free, specific, informed, and unambiguous consent, expressed when you register via the form (Article 6.1.a of the GDPR).

You can withdraw your consent at any time, without affecting the lawfulness of processing carried out previously.

5. Data recipients

Your data is accessible only to:

• Isheeft, as data controller
• Cloudflare, Inc., our web host for serving serenema.com
• Zapier, Inc., our automation provider for transmitting form data
• HighLevel Inc. (GoHighLevel), our CRM for contact management and email delivery
• Meta Platforms (Facebook/Instagram), only for users who have consented to advertising cookies, for measuring advertising campaign performance

These providers act as data processors within the meaning of Article 28 of the GDPR. Your data is never sold, rented, or transferred to third parties for commercial purposes.

6. Data transfers outside the European Union

Cloudflare, Zapier, HighLevel, and Meta Platforms are US-based companies. The transfer of your data to the United States is governed by Standard Contractual Clauses (SCC) adopted by the European Commission and by the EU–US Data Privacy Framework (applicable since July 2023), guaranteeing a level of protection equivalent to that required in the European Union.

7. Data retention

Your data is retained:

• Until you unsubscribe from the newsletter (click on the unsubscribe link at the bottom of each email)
• And at most 3 years after your last interaction with us (email open, click, purchase)

Beyond that, your data is irreversibly deleted or anonymized.

8. Your rights

In accordance with the GDPR and the French Data Protection Act, you have the following rights regarding your personal data:

• Right of access: obtain a copy of the data concerning you
• Right of rectification: correct inaccurate data
• Right to erasure ("right to be forgotten"): request the deletion of your data
• Right to restrict processing: temporarily suspend processing
• Right to portability: retrieve your data in a structured format
• Right to object: refuse the processing of your data for a legitimate reason
• Right to withdraw your consent at any time
• Right to define post-mortem directives regarding the fate of your data

To exercise these rights, write to us at hello@serenema.com specifying the purpose of your request and attaching a copy of an identity document if necessary. We undertake to respond within a maximum of one month.

9. Data security

We implement appropriate technical and organizational measures to protect your data against any loss, unauthorized access, disclosure, alteration, or destruction. Transfers between your browser and our servers are encrypted via HTTPS (SSL/TLS).

10. Complaint to the CNIL

If, after contacting us, you believe your rights are not respected, you can file a complaint with the French Data Protection Authority (CNIL):

• 3 Place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07, France
• www.cnil.fr

11. Changes

This privacy policy may be modified at any time to reflect changes in our practices or regulations. Any substantial modification will be notified to the persons concerned by email.