Our offersOur commitementsAbout usContact us
fr
en

Privacy policy

LUNGTA LE CHEVAL DU SOUFFLE, a French limited liability company (SARL) with share capital of €26,800, registered with the Paris Trade and Companies Register under number 440 746 899, whose registered office is located at 24 rue des Dames, 75017 Paris, France, is the data controller for the processing of your personal data.

This Privacy Policy explains in a clear and simple way how we collect, use and protect your data when you use:

– the Client App (used in guest mode, without creating an online account),

– the Courier App (internal use only, restricted to staff).

For any question about your personal data:

GDPR contact: serviceclient@lungta.fr

1. CLIENT APP (GUEST MODE)

1.1 Data you provide

When you place an order via the Client App, we only collect the information necessary to perform the delivery:

 – Main contact for the order:

 1. First name, last name

 2. Phone number

 3. Email address

 – Pickup and delivery contacts:

 1. First name, last name

 2. Phone number

 3. Email address (optional)

 – Addresses and instructions:

 1. Pickup address

 2. Delivery address

 3. Pickup / delivery instructions (if any)

 – Parcel information:

 1. Parcel type

 2. Dimensions

 3. Weight

These data are used exclusively to organise, perform and track the delivery service and manage the related invoicing.

1.2 Internal « customer account » identifier

To group your orders and manage your invoicing, an internal customer account identifier is automatically created in our system.

This identifier is only used to:

 – associate multiple orders with the same person,

 – manage invoicing,

 – ensure operational follow-up and service quality.

This identifier is NOT an online account:

 – you do not create a user account,

 – no password is associated with it,

 – you cannot log in to the app with this identifier,

 – it is only used internally by LUNGTA.

The experience remains 100% “guest” for you as a user.

1.3 Technical data

To ensure proper functioning, security and performance of the Client App, we may automatically collect:

 – IP address

 – Device identifier (IDFA / IDFV / Android ID)

 – Operating system version (iOS / Android)

 – App version

 – Device language and time zone

 – Network information (WiFi / 4G)

 – Crash and error logs (via Firebase Crashlytics or similar tools)

These technical data are used only to:

 1. diagnose issues,

 2. improve app stability and performance,

 3. ensure platform security.

1.4 Location data

The Client App may use your location if you allow it in your device settings.

 – Type of permission: “While using the app”

 – Purpose: to suggest your current position as a possible pickup/delivery address

 – We do not store or keep any location history.

If you prefer not to share your location, you can always enter your addresses manually.

1.5 Notifications

We use push notifications to:

 – inform you when your order is accepted or picked up,

 – keep you updated about delivery progress,

 – notify you in case of important changes or issues.

You can manage your notification preferences in your device settings.

2. COURIER APP (INTERNAL USE ONLY)

The Courier App is reserved to couriers and internal staff working with LUNGTA. It is not intended for public use.

2.1 Personal data

Through the Courier App, we only collect:

 – the courier’s phone number, used as a login identifier.

Other personal information about couriers (identity, HR data, etc.) is handled within the employment relationship, independently from the app.

2.2 Operational data

For delivery tracking purposes, the Courier App collects:

 1. Photos of parcels (as proof of pickup/delivery)

 – Stored in AWS S3 buckets

 2. Timestamps for actions:

 – Ride acceptance

 – On the way to pickup

 – Pickup completed

 – On the way to delivery

 – Delivery completed

 3. Workflow logs:

 – Successive statuses of the delivery (accepted, in progress, delivered, etc.)

 4. Technical logs:

 – Crashes, errors and technical events used for diagnostics

A real-time location tracking feature for couriers is planned for the future, in order to improve dispatch and route optimisation.

 – When enabled, location will only be used for live tracking during the ride.

 – We will not keep long-term detailed route history.

2.3 Permissions

The Courier App may request access to:

 – Camera, to take photos of parcels,

 – Storage / files, to upload photos,

 – Notifications, to inform couriers about new or updated rides,

 – Location (including background location) when the real-time tracking feature is active, to allow live ride tracking.

3. HOSTING, PROCESSORS AND THIRD-PARTY SERVICES

3.1 Hosting and databases

Our services are mainly hosted on Amazon Web Services (AWS), in the EU (Frankfurt) region.

We use SQL and NoSQL databases, as well as S3 buckets for file storage (for example, parcel photos).

3.2 Third-party services

We rely on trusted third-party providers to deliver the service, such as:

 – AWS (hosting and storage)

 – Stripe – payment processing (email, phone number, billing address, amount)

 – Pennylane – invoicing and accounting (name, billing address, email, phone number)

 – Google Places API – address search and autocomplete, distance calculation

 – Firebase – crash and performance logging

 – Twilio / SMSMode – SMS sending and number anonymisation when needed

 – SendGrid – sending transactional emails (confirmations, tracking information)

These providers act as data processors under GDPR. We do not sell your data.

4. DATA RETENTION

We keep your data only for as long as necessary for the purposes described above, and then delete or anonymise them:

 1. Customer data (contact details, internal identifier):

 – kept for up to 5 years after the last interaction.

 2. Invoicing and accounting data:

 – kept for 10 years (legal requirement under French law).

 3. Operational data (ride details, workflow, addresses, timestamps):

 – kept for up to 5 years, to ensure traceability, follow-up and dispute management.

 4. Parcel photos:

 – kept for up to 5 years.

 5. Technical logs (crashes, errors):

 – kept for up to 90 days, for diagnostics and technical improvements.

5. INTERNATIONAL DATA TRANSFERS

Some of our providers (such as Stripe, Twilio, SendGrid, and some Firebase services) may process data from the United States or other non-EU countries.

In such cases, data transfers are protected by:

 – the Standard Contractual Clauses (SCCs) adopted by the European Commission,

 – and additional safeguards where required.

6. DATA SECURITY

We implement technical and organisational measures to protect your data, including:

 – encrypted communication (TLS 1.2 or higher),

 – encrypted storage (using AWS / KMS mechanisms),

 – restricted access to authorised personnel only,

 – access control and logging.

7. YOUR RIGHTS

Under GDPR, you have the following rights over your personal data:

 – Right of access – to know which data we hold about you,

 – Right to rectification – to correct inaccurate or incomplete data,

 – Right to erasure – to request deletion of your data, subject to legal obligations,

 – Right to restriction of processing,

 – Right to object to certain processing,

 – Right to data portability for some data.

You can exercise your rights by contacting us at:

serviceclient@lungta.fr

You also have the right to lodge a complaint with the relevant supervisory authority (for example, the CNIL in France – www.cnil.fr).

8. DATA CONTROLLER

LUNGTA LE CHEVAL DU SOUFFLE

SARL — 440 746 899 RCS Paris

24 rue des Dames, 75017 Paris, France

No Data Protection Officer (DPO) has been appointed, as this is not mandatory for our activity.