Back to home

Privacy Policy

Last updated: July 3, 2026

Built to respect your privacy

MiraTalento follows Privacy by Design: no advertising cookies or third-party trackers, anonymous cookieless audience measurement, and only the strict minimum of data needed to run the service.

1. Data controller

miratalento.com is operated by MiraTalento, a SASU with share capital of €5,000 registered with the Lille Métropole Trade and Companies Register under number 107 337 685, headquartered at 266 rue Nationale, 59800 Lille (France). For any question about your data or to exercise your rights: privacy@miratalento.com. MiraTalento acts as data controller under the GDPR.

2. Cookies — essential only

We place no advertising cookies and no third-party tracking cookies (no Google Analytics, no advertising pixels). The only cookies we use are strictly necessary for the service: a session cookie to keep you logged in after authentication, and a technical admin cookie reserved for our team. These essential cookies are exempt from consent. Our audience measurement runs without any cookie (see next section), which is why no consent banner is required.

3. Audience measurement — anonymous and cookieless

To improve the service, we measure site audience (page views, navigation paths, share events) with a self-hosted, cookieless, third-party-free solution. To distinguish visits without identifying you, we compute a technical identifier derived from non-identifying browser characteristics (screen resolution, time zone, language) combined with a salt that is rotated every day: this identifier therefore changes daily and cannot track you from one day to the next or across other sites. No IP address is retained in these statistics. This falls under the cookieless "audience measurement" exemption and does not require your consent. Audience data is used solely to produce aggregate statistics.

4. Authentication — secure and passwordless

We store no passwords. Sign-in works via a magic link (OTP) sent to your email, or via an identity provider (LinkedIn, Google) if you choose. You receive a unique, temporary link that logs you in with one click — nothing to remember, nothing to steal.

5. Data we collect

Depending on your use, we may process: your email address (login, sending your access link and results); the occupation you analyze and your results; information you send via the contact form (name, email, message, optional company); in a B2B context, employees’ first and last names to personalize reports (optional). The legal bases are performance of the service, responding to your request, and our legitimate interest in improving the service. Job data is analyzed at the position level, never at the individual performance level. We never sell, rent, or monetize personal data.

6. Hosting and subprocessors

Data is hosted on servers in the European Union: Vercel (application hosting) and Supabase (database). We rely on subprocessors for specific functions: Brevo (transactional emails) and an AI model provider for job analysis. Technical error monitoring and audience measurement are performed in-house, on our own EU-based infrastructure, with no third-party tool. The AI model provider may process data outside the EU; such transfers are governed by appropriate safeguards (standard contractual clauses). All communications are encrypted via HTTPS. Enterprise (B2B) clients only access statistics aggregated by department.

7. Server access log — security and robots

Separately from the audience measurement above, our server keeps a technical log of the requests it receives, as any web server does. For each request it records the timestamp, the requested page, the response code, the device type, the region, as well as the IP address and, when available, its reverse DNS host name. This log is used solely for technical and security purposes: to tell robots (search engines, AI indexing crawlers) apart from human traffic, measure load, and prevent abuse. The processing relies on our legitimate interest in keeping the site secure and running properly (Article 6(1)(f) GDPR). Importantly, this log is technically separate from your account — the IP address is never linked there to your identity, your email, or your results, and is not used to build a profile. These technical logs are kept for at most 180 days, then deleted.

8. Retention periods

We keep your data only as long as necessary: account and results while your account is active, then deleted after a prolonged period of inactivity; contact messages for the time needed to handle your request; audience statistics in aggregate form, with raw non-identifying events purged regularly (within 13 months at most, per CNIL guidance). You can request deletion of your data at any time.

9. Your rights

Under the GDPR you have the right to access, rectify, erase, port, restrict, and object to the processing of your data. To exercise these rights, email privacy@miratalento.com. You also have the right to lodge a complaint with your supervisory authority (in France, the CNIL — www.cnil.fr).