FimAGogo | privacy

FimAGogo SAS, as data controller, only collects information that is strictly necessary to operate the service. No unnecessary data is gathered.

Information You Provide Directly

Identity : first name, last name, email address, password (hashed and salted, never stored in plain text)

Payment : billing information

Preferences : language, playback quality, profile settings

Communications : messages sent to our support team, reviews, reports

Automatically Collected Data

Browsing Data : IP address, browser type, operating system, pages visited, session duration

Viewing Data : titles viewed, watch duration, progress, selected quality, viewing history

Technical Data : unique device identifier, authentication token, error logs

Cookies : see our Cookie Policy

Your data is used solely for the following purposes:

Purpose	Data Used	Legal Basis
Account Management	Identity, email	Contract
Payment Processing	Billing	Contract
Streaming Service Delivery	Viewing, preferences	Contract
Personalized Recommendations	Watch history	Legitimate Interest
Service Improvement	Browsing, errors	Legitimate Interest
Security & Fraud Prevention	IP, sessions, activity	Legitimate Interest
Newsletter Delivery	Email	Consent
Legal Obligations	As required	Legal Obligation

In accordance with the General Data Protection Regulation, each data processing activity is based on an explicit legal ground:

Contractual Performance (Art. 6.1.b) : processing required to deliver the subscription service

Legitimate Interest (Art. 6.1.f) : service improvement, security, fraud prevention, recommendations

Consent (Art. 6.1.a) : newsletters, non-essential cookies, marketing communications

Legal Obligation (Art. 6.1.c) : retention of accounting data, compliance with judicial orders

You may withdraw your consent at any time for consent-based processing, without affecting the lawfulness of any processing carried out prior to that withdrawal.

Recipient	Data Shared	Role	Location
MONCASH	Payment Data	Payment Processor	Port-au-Prince, Haiti
AWS CloudFront	Technical Logs	CDN & Hosting	EU Multi-region
Judicial Authorities	Upon legal request	Legal Obligation	As applicable

In the event of a merger, acquisition, or asset sale, your data may be transferred to the new entity, with the protections outlined in this policy maintained. You will be notified in advance.

Your data is retained only for as long as strictly necessary for the purposes for which it was collected, in compliance with applicable legal obligations.

Data Type	Retention Period
Active Account Data	Duration of subscription + 1 year
Watch History	3 years after last viewing
Payment & Billing Data	10 years (accounting requirement)
Technical Logs	Rolling 12 months
Customer Support Data	3 years after resolution
Deleted Account Data	30 days (then permanently deleted)
Security & Fraud Data	5 years

Once these periods expire, your data is securely and irreversibly deleted, or anonymized for statistical purposes.

Under the GDPR, you have the following rights over your personal data, which you may exercise at any time:

Right of Access (Art. 15) : request a copy of all the data we hold about you

Right to Rectification (Art. 16) : correct any inaccurate or incomplete data

Right to Erasure (Art. 17) : request deletion of your data ("right to be forgotten")

Right to Restriction (Art. 18) : temporarily limit the processing of your data

Right to Portability (Art. 20) : receive your data in a structured, machine-readable format

Right to Withdraw Consent : withdraw your consent at any time, without needing to provide a reason

You are solely responsible for keeping your login credentials confidential.

TLS 1.3 encryption for all communications between your devices and our servers

Passwords hashed with bcrypt (cost factor 12), never stored in plain text

Internal data access restricted to those who strictly need it (principle of least privilege)

Quarterly security audits conducted by certified independent third parties

Privacy
Policy

Data We Collect

How We Use Your Data

Legal Basis for Processing

Data Sharing

Data Retention

Your GDPR Rights

Data Security

PrivacyPolicy