Privacy Policy — Citerne
This English version is provided for convenience only. In case of discrepancy, the French version published at https://citerne.waideline.com/privacy/ prevails.
Version: 1.0 Effective date: 7 May 2026 Last updated: 7 May 2026
1. Who we are
The Citerne application (the "App") is published by:
- Legal name: Christopher Denis (Sole Trader / Entrepreneur Individuel)
- Trade name: Waideline
- Legal form: Sole trader (EI under French law)
- Registered address: 200 rue de la Croix Nivert, 75015 Paris, France
- SIREN: 829 530 757
- GDPR contact:
legal@waideline.com - Data Protection Officer (DPO): not appointed.
For the purposes of Regulation (EU) 2016/679 ("GDPR"), we act as the data controller for all data described below.
2. Data we collect
We apply a principle of data minimisation: we collect only what the App needs in order to function.
2.1 Identification and authentication data
| Data | Source | Purpose | Legal basis |
|---|---|---|---|
| Phone number (E.164) | Entered by the user when this method is chosen | Authentication, contact matching | Performance of contract (Art. 6.1.b GDPR) |
| Email address | Provided by Google/Apple OAuth or entered manually | Authentication, service communications | Performance of contract |
OAuth provider identifier (provider_subject) |
Google or Apple | Authentication | Performance of contract |
| Date of birth | Entered at sign-up | Verification of the minimum age (16) | Performance of contract |
| Accepted Terms version + timestamp | Sign-up | Proof of acceptance of the applicable terms | Performance of contract + legitimate evidentiary interest |
2.2 Profile data
- Display name (
display_name) - 4-digit discriminator
- Avatar (URL, image hosted by us)
- Language, time zone
2.3 Relationship data
- Address book: automatic contact discovery via the address book is currently disabled. If enabled in the future, only phone number hashes will be transmitted to identify contacts that are already registered, and the transmitted batches will not be retained beyond the request.
- Bidirectional "contact" links between users.
- Channel membership (members, roles).
2.4 Shared content
- "Drops": shared URLs, captions, extracted metadata (title, thumbnail).
- Interactions: sips (opened), splashes (emoji reactions), echoes (comments).
2.5 Technical data
- Push notification token (APNs / FCM)
- OS version, app version
- Last sign-in timestamp
- Server logs (IP, user-agent, called endpoints) — retained 30 days
- Sentry crash reports, with no sensitive content
2.6 Data we do not collect
- Geolocation
- Microphone, camera (except deliberate avatar selection)
- Advertising identifiers (IDFA, GAID)
- Web browsing data outside the App
3. Why we process these data (purposes)
| Purpose | Data involved | Legal basis |
|---|---|---|
| Account creation and authentication | Phone OR email/OAuth, date of birth, Terms acceptance | Contract |
| Matching with your contacts | Contacts added manually; phone number hashes if automatic discovery is re-enabled | Explicit consent (Art. 6.1.a) for address-book discovery |
| Delivery of drops to recipients | Content, recipient identifiers | Contract |
| Push notifications | Push token, preferences | Contract + OS consent |
| Security, fraud prevention, moderation | Logs, user reports | Legitimate interest (Art. 6.1.f) |
| Compliance with legal obligations (DSA, lawful requests) | As required by the request | Legal obligation |
| Aggregated internal usage statistics | Aggregated and anonymised data | Legitimate interest |
We do not use any data for advertising purposes and we carry out no profiling within the meaning of Art. 22 GDPR.
4. Retention periods
| Data | Period |
|---|---|
| Active account | As long as the account exists |
| Deleted account | Immediate deletion or anonymisation of identity and authentication data; deletion of tokens, devices, contacts, channel memberships, reservoir items and personal moderation signals; minimal technical retention of a pseudonymised "Deleted account" profile and of content already delivered to recipients in order to preserve the integrity of past exchanges |
| Server logs | 30 days |
| Sentry crash reports | 90 days |
| DSA reports and moderation decisions | 5 years from the handling of the report, unless a shorter or longer legal obligation applies |
| Data retained for a legal obligation, fraud or dispute | Strictly the time necessary for the obligation or for defending the rights concerned |
5. Recipients and processors
Your data is accessible to:
- The Citerne team, strictly within the scope of their duties.
- The technical processors listed below, bound by a Data Processing Agreement (DPA).
Hosting: the App and database are self-hosted by the publisher. No application data is stored with a third-party cloud host.
| Processor | Role | Location |
|---|---|---|
| Cloudflare, Inc. | Network tunnel, DNS, CDN, DDoS protection, Cloudflare Pages (public website) | United States (global transit via PoPs) |
| Google LLC | Sign in with Google + Firebase Cloud Messaging (Android notifications) | United States (Data Privacy Framework) |
| Apple Inc. | Sign in with Apple + Apple Push Notification Service (iOS notifications) | United States / European Union |
| Sentry | Error monitoring | United States / European Union |
Transfers outside the EU: transfers to the United States (Cloudflare, Google, Apple, Sentry) rely on the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, on the EU-US Data Privacy Framework.
6. Your rights
Under Articles 15 to 22 of the GDPR, you have:
- a right of access to your data;
- a right to rectification;
- a right to erasure ("right to be forgotten");
- a right to restriction of processing;
- a right to data portability (JSON export available directly from the app);
- a right to object;
- the right to withdraw your consent at any time;
- the right to set post-mortem directives regarding your data.
How to exercise these rights?
- Directly in the app:
Profile → Privacy → My data. - By email:
legal@waideline.com. - Response time: 1 month maximum.
The in-app export is generated immediately in JSON format. It includes in particular the profile, contacts, channels, sent drops, interactions, reservoir items, active devices and moderation signals tied to the account. It does not include hashes, secrets, access tokens or refresh tokens. Account deletion is immediate on the API side: it anonymises the profile, deletes purely personal data and keeps only what is necessary for exchanges already delivered to recipients or for legal obligations.
Complaints: you may lodge a complaint with the competent supervisory authority of your EU Member State of residence or work — for example the CNIL in France (https://www.cnil.fr/fr/plaintes), the GBA/APD in Belgium, the AEPD in Spain, the Garante in Italy, etc. The full list is maintained by the European Data Protection Board (https://edpb.europa.eu/).
7. Security
- TLS 1.3 encrypted traffic.
- Short-lived access tokens + rotating refresh tokens.
- Logs without sensitive data (phone numbers, drop contents).
- Production access on a least-privilege basis, reviewed quarterly.
8. Minors
The minimum age of use is 16 years. Age is self-declared at sign-up via the date of birth. Any account identified as belonging to a user below that age will be deleted.
9. Cookies and trackers
The mobile App does not use cookies. The website citerne.waideline.com uses only strictly necessary cookies (no third-party audience measurement).
10. Changes
Any material change will be notified to you in the App. The version in force is always the latest one published at https://citerne.waideline.com/privacy.
11. Contact
legal@waideline.com