Privacy Policy
Last updated: 2026-05-14
Last updated: May 14, 2026 / Dernière mise à jour : 14 mai 2026 Version: 1.8
Note: In case of discrepancy between the English and French versions, the French version shall prevail for French users.
Note : En cas de divergence entre les versions anglaise et française, la version française prévaut pour les utilisateurs français.
1. Introduction
At Lastribe, your privacy is not an afterthought -- it is a founding principle. This Privacy Policy explains how EnableUnion SASU ("Lastribe", "we", "us", "our") collects, uses, stores, and protects your personal data when you use our website, mobile application, and related services (the "Service").
We are committed to full compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the French Loi Informatique et Libertes (Law No. 78-17), and all applicable European data protection laws.
This policy applies to all users of the Lastribe website (www.lastribe.eu), our mobile application (iOS and Android), and any related services we operate.
In addition to this policy, we provide contextual privacy notices within the app at key data collection points -- for example, when requesting location permissions, enabling push notifications, or opting into analytics. These in-app notices supplement this policy as part of our layered approach to transparency, in line with CNIL recommendations for mobile applications.
2. Data Controller
EnableUnion SASU — publisher of the Lastribe brand
Registered address: 7A rue Neuve, 57270 Uckange, France, European Union
SIREN: 103 184 941 — SIRET: 103 184 941 00013 — RCS Thionville
Share capital: EUR 3,000 — EU VAT: FR93103184941
President & Publication Director: Alexis Delaforge
Data Protection Contact: privacy@lastribe.eu
General Contact: support@lastribe.eu
3. Data Protection Officer (DPO) Statement
Under GDPR Article 37, a Data Protection Officer (DPO) appointment is mandatory when an organization's core activities involve large-scale processing of special categories of data or large-scale regular and systematic monitoring of individuals. As a small company (fewer than 250 employees) that does not process special category data at scale, we are not required to appoint a DPO.
All data protection inquiries are handled by our data protection contact: privacy@lastribe.eu.
We maintain the same level of accountability, documentation, and responsiveness as if a DPO were formally appointed.
4. Data We Collect
4.1 Waitlist Data (Pre-Launch)
During the pre-launch phase, we collect only:
- Email address
- Preferred language
Nothing else. No tracking, no cookies, no analytics.
4.2 Account Data
- Email address
- Password (stored as a salted one-way hash -- never in plaintext)
- Display name
- Date of birth (for age verification -- 18+ only)
- Preferred language (English or French)
4.3 Profile Data (Optional)
- Profile photo
- Bio / personal description
- City or region (city-level only -- never precise GPS outside events)
- Household information
- Skills and interests
4.4 Preparedness Data
- Inventory items (name, quantity, category, expiry date)
- PrepScore data (composite preparedness score)
- Course progress and quiz results
- Event participation and evidence submissions (photos, videos, GPS coordinates, checklists)
- Badges earned and experience points (XP)
- Hazard reports (description, optional location, optional photos)
4.5 Community Data
- Messages within Tribes (private community groups)
- Posts and comments
- Membership status and role information
4.6 Payment Data
All payment processing is handled by the Apple App Store (iOS) and Google Play Store (Android) through their native in-app purchase systems. Subscription management is coordinated by RevenueCat. We do NOT store your card numbers, CVC codes, or banking details on our servers -- all payment information is handled entirely by Apple and Google.
We receive from the app stores (via RevenueCat):
- Subscription status and plan details
- Purchase dates and expiration dates
4.7 Technical & Usage Data
- Device type and operating system
- App version
- Browser type (web only)
- IP address (truncated and anonymized)
- Feature usage patterns
- Crash reports and error data
- Push notification interaction data
5. Mandatory and Optional Data
Under GDPR Article 13(2)(e), we inform you whether the provision of data is mandatory or optional:
Mandatory for account creation:
- Email address -- required for authentication and communication
- Password -- required for account security
- Date of birth -- required for age verification (18+ only)
Mandatory for Core Subscription:
- Payment information -- processed by Apple or Google via in-app purchase, required for billing
Optional:
- Display name, profile photo, bio -- enhance your experience but are not required
- City or region -- enables localized features (risk radar, events) but is not required
- Household information, skills, interests -- improve personalization but are not required
- Inventory items, course progress, event evidence -- core features you choose to use
Consequences of not providing mandatory data: Without email, password, and date of birth, you cannot create an account. Without payment information, you cannot subscribe to Core. All other data is optional -- the Service functions without it, though some features may be limited.
6. How We Collect Data
We collect data through three channels:
- Directly from you: When you register an account, fill in your profile, manage inventory, complete courses, participate in events, or interact with the community.
- Automatically: Through PostHog analytics (EU-hosted), Sentry error tracking, and server access logs.
- From third parties: Apple and Google provide subscription status information via RevenueCat. We do not purchase data from data brokers. We do not use social login providers.
7. Legal Bases for Processing (GDPR Art. 6)
| Purpose | Legal Basis |
|---|---|
| Account creation & authentication | Contract performance (Art. 6(1)(b)) |
| Service features (PrepScore, inventory, courses, events) | Contract performance (Art. 6(1)(b)) |
| Payment processing & subscriptions | Contract performance (Art. 6(1)(b)) |
| Waitlist registration | Consent (Art. 6(1)(a)) |
| Push notifications | Consent (Art. 6(1)(a)) |
| Product analytics & improvement | Legitimate interest (Art. 6(1)(f)) |
| Error monitoring & security | Legitimate interest (Art. 6(1)(f)) |
| AI model improvement (anonymized feedback) | Legitimate interest (Art. 6(1)(f)) |
| Civil protection alert matching and delivery | Legitimate interest (Art. 6(1)(f)) -- public safety |
| Legal obligations (fraud prevention, tax records) | Legal obligation (Art. 6(1)(c)) |
| Age verification (18+) | Legal obligation (Art. 6(1)(c)) |
8. Legitimate Interest Details (Art. 13(1)(d))
Where we rely on legitimate interest as the legal basis for processing, the specific interests are:
- Product analytics: Understand feature adoption patterns to improve the Service and prioritize development. We use PostHog (EU-hosted, Frankfurt) with anonymized data.
- Error monitoring: Detect and fix bugs, crashes, and performance issues to maintain service quality. We use Sentry with truncated IP addresses.
- Security: Prevent fraud, abuse, unauthorized access, and protect platform integrity.
- AI model improvement: Improve accuracy of news classification and risk scoring using anonymized, aggregated user feedback (votes, corrections). Individual users are never identifiable in training data.
We have conducted balancing tests for each legitimate interest to ensure our interests do not override your fundamental rights and freedoms. You may request documentation of these assessments by contacting privacy@lastribe.eu. You may object to any legitimate-interest processing at any time (see Section 15).
Summary of balancing assessments:
- Product analytics: Processing uses anonymized, aggregated data with no individual identification possible, minimizing impact on your rights. The interest in improving the Service benefits all users.
- Error monitoring: Limited to technical error data with truncated IP addresses. Essential for service quality and security.
- Security: Necessary to prevent fraud, abuse, and unauthorized access. Direct benefit to all users' data protection.
- AI model improvement: Uses anonymized, aggregated feedback only. Individual users cannot be re-identified. Opt-out is available.
9. How We Use Your Data
We use the data we collect to:
- Create and manage your account
- Provide, operate, and improve the Service features
- Compute your PrepScore and award badges/XP
- Process payments and manage subscriptions
- Send transactional emails (account verification, password reset, subscription updates)
- Deliver push notifications (with your consent)
- Monitor, diagnose, and fix technical issues
- Analyze usage patterns to improve the product
- Detect and prevent fraud or misuse
- Match civil protection alerts (cell broadcast, FR-Alert, EU-Alert) to your profile location and deliver relevant notifications
- Comply with legal obligations
Note: We do NOT:
- Sell your data to anyone, ever
- Use your data for targeted advertising or ad profiling
- Share your data with data brokers
- Use your preparedness data for automated decisions with legal or similarly significant effects
10. Data Sharing & Third Parties
We share data only with the following service providers, all bound by Data Processing Agreements (DPAs):
| Provider | Purpose | Data Shared | Location | DPA |
|---|---|---|---|---|
| Apple (App Store) | In-app purchases | Subscription status, purchase dates | Ireland (EU) | Yes |
| Google (Play Store) | In-app purchases | Subscription status, purchase dates | Ireland (EU) | Yes |
| RevenueCat | Subscription management | Anonymous app user ID, purchase receipts | US (SCCs) | Yes |
| Resend | Transactional emails | Email, name | US (EU-US DPF + SCCs) | Yes |
| PostHog | Product analytics | Anonymized usage, device info | EU (Frankfurt) | Yes |
| Sentry | Error monitoring | Error reports, device info, IP (truncated) | EU (Frankfurt) -- verify account configuration | Yes |
| Expo (EAS) | Push notifications | Push token, device ID | US (SCCs) | Yes |
For US-based providers (Expo, Resend), we rely on Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework (DPF) approved by the European Commission to ensure adequate data protection.
We may also disclose your data if required by law, court order, or to protect the rights, safety, or property of Lastribe, our users, or the public.
11. Sub-Processor List
| Sub-Processor | Purpose | Location | Transfer Mechanism | DPA Link |
|---|---|---|---|---|
| Apple Inc. (App Store) | In-app purchase processing | Ireland (EU) | N/A (EU) | apple.com/legal/privacy |
| Google LLC (Play Store) | In-app purchase processing | Ireland (EU) | N/A (EU) | policies.google.com/privacy |
| RevenueCat, Inc. | Subscription management | US | SCCs | revenuecat.com/dpa |
| Resend, Inc. | Email delivery | US | EU-US Data Privacy Framework (DPF) + SCCs | resend.com/legal/dpa |
| PostHog, Inc. | Product analytics | Frankfurt, DE (EU) | N/A (EU) | posthog.com/docs/privacy |
| Functional Software (Sentry) | Error monitoring | EU (Frankfurt) | N/A (EU) | sentry.io/legal/dpa |
| Expo (EAS) | Push notifications | US | SCCs | expo.dev/privacy |
| OVH SAS (OVHcloud) | VPS infrastructure hosting | Roubaix, France (EU) | N/A (EU) | ovhcloud.com/fr/personal-data-protection/data-protection |
We will update this list if sub-processors change and notify you of any material changes.
12. International Data Transfers
- Primary storage: France, European Union
- EU-based providers (Apple Ireland, Google Ireland, PostHog Frankfurt, Sentry Frankfurt): No additional transfer mechanism needed
- US-based providers (Expo, Resend, RevenueCat): Protected by Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework (DPF), supplemented by technical measures including encryption in transit and at rest
- No data is transferred to countries without adequate data protection unless proper safeguards are in place as required by GDPR Chapter V
For all US-based sub-processors, we have conducted Transfer Impact Assessments (TIAs) in accordance with CJEU Schrems II requirements and CNIL guidance, evaluating the destination country's legal framework and supplementary measures. TIA documentation is available to the CNIL upon request.
13. Data Retention
| Data Category | Retention Period |
|---|---|
| Waitlist email | Until launch notification sent or removal requested |
| Account & profile data | Duration of account + 30 days after deletion |
| Preparedness data | Duration of account + 30 days after deletion |
| Community messages & posts | Anonymized on account deletion, retained for community continuity |
| Payment records | 10 years (French tax law requirement) |
| Analytics data | 26 months, anonymized after |
| Error logs & crash reports | 90 days |
| Server access logs | 12 months (French legal requirement) |
| AI training data | Anonymized and aggregated, not linked to individual accounts |
When you delete your account, all personal data is removed within 30 days, except where a longer retention period is required by law (e.g., payment records for tax compliance).
14. Automated Decision-Making & Profiling (Art. 22)
We use automated processing in the following features:
- PrepScore computation: Calculated from your inventory, event participation, course completion, and community activity. This is an informational metric only -- it does not affect your access to features or any legal rights.
- Badge awarding & XP: Automatically awarded based on your activities within the platform. This is a gamification element only.
- AI news classification: Automated categorization, relevance scoring, and summary generation for the Risk Radar feature. Outputs are approximations subject to human review by our admin team.
- Content moderation assistance: AI may flag content for human review. No content is automatically removed by AI alone.
None of these automated processes produce legal effects or similarly significant effects on you. You have the right to:
- Request human review of any automated decision
- Express your point of view
- Contest the outcome
Contact privacy@lastribe.eu for any concerns.
15. Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights:
15.1 Right of Access (Art. 15)
You can request a copy of all personal data we hold about you, along with information about how we process it. You can export your data directly from account settings in the app or by emailing us.
15.2 Right to Rectification (Art. 16)
You can request correction of inaccurate or incomplete personal data. Most profile information is editable directly in your account settings. Profile visibility (who in the Lastribe community can find and see you) is controlled by a dedicated toggle under Profile → Profile visibility; the default is private and you can opt in or out at any time without contacting us (see Section 27).
15.3 Right to Erasure (Art. 17)
You can delete your account from the app settings, which triggers automatic deletion of your personal data. Some data may be retained where legally required (see Section 13). The full step-by-step procedure, including the email fallback for users who can no longer access the app, is published at /legal/delete-account.
15.4 Right to Restriction of Processing (Art. 18)
You can request that we restrict processing of your data while we verify its accuracy or assess an objection you have raised. You may request restriction when: (a) you contest the accuracy of your data (restriction during verification), (b) the processing is unlawful but you prefer restriction over erasure, (c) we no longer need the data but you need it for legal claims, or (d) you have objected to processing and we are verifying whether our legitimate grounds override yours.
15.5 Right to Data Portability (Art. 20)
You can receive your personal data in a structured, commonly used, and machine-readable format (JSON). Data export is available directly from your account settings or upon request.
15.6 Right to Object (Art. 21)
You can object to processing based on legitimate interest (analytics, AI model improvement). We will cease processing unless we demonstrate compelling legitimate grounds that override your rights.
15.7 Right to Withdraw Consent (Art. 7(3))
Where processing is based on consent (waitlist registration, push notifications), you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
15.8 Right Regarding Automated Decision-Making (Art. 22)
We do not make automated decisions that produce legal or similarly significant effects on you (see Section 14). You have the right to request human review of any automated processing.
15.9 Right to Object to Direct Marketing (Art. 21(2))
You have an unconditional right to object to any processing of your personal data for direct marketing purposes. Upon receiving such an objection, we will immediately cease all direct marketing processing. This right is absolute and requires no balancing test. To exercise it, contact privacy@lastribe.eu or use the notification preferences in your account settings.
15.10 Right to Lodge a Complaint (Art. 77)
You have the right to lodge a complaint with a supervisory authority. You may file a complaint with the authority in your country of residence, place of work, or place of the alleged infringement. See Section 33 for details.
16. How to Exercise Your Rights
- Via the app: Account Settings -> Privacy -> export your data (JSON format) or delete your account
- Via email: privacy@lastribe.eu -- include your account email and clearly describe your request
- Identity verification: We may ask you to verify your identity before processing requests to prevent unauthorized access to your data
- Response timeline: We respond within one month. For complex or numerous requests, we may extend this period by a further two months (three months total), with written notice explaining the reason for the delay (Art. 12(3))
- Cost: All requests are free of charge, unless manifestly unfounded or excessive
- Format: Data exports are provided in JSON (structured, machine-readable format)
17. Data Security
We implement comprehensive technical and organizational measures to protect your data:
- Encryption in transit: TLS 1.2+ (HTTPS) for all communications
- Encryption at rest: Database-level encryption; passwords hashed using bcrypt/argon2
- Application-layer encryption for the most sensitive fields (in addition to database-level encryption):
- Home coordinates (
house_lat,house_lng) — AES-256-GCM before INSERT, decrypted only on the application tier when a feature needs them (evacuation routing, hazard proximity alerts, weather-at-home). A DB dump or backup compromise cannot reveal exact addresses. - Admin credential vault and social-OAuth refresh tokens — same AES-256-GCM pattern, separate key path documented in
docs/features/43-admin-credential-vault.md. - Message content (tribe chat) — AES-256-GCM with a dedicated
MESSAGE_ENCRYPTION_KEY; optional E2E layer on top for mobile clients.
- Home coordinates (
- Access control: Role-based access with least-privilege principle; separate admin authentication system
- Infrastructure: Servers located in France with firewalls, automated security updates, and intrusion monitoring
- Input validation: All user input is validated and sanitized against injection attacks
- Regular backups: Automated encrypted backups with tested restore procedures
- Breach response: We notify the CNIL within 72 hours and affected users without undue delay in the event of a data breach (Art. 33-34)
18. Data Breach Notification (Art. 33-34)
In the event of a personal data breach:
- Assessment: We assess the breach within 24 hours of discovery
- Authority notification: If the breach is likely to result in a risk to your rights and freedoms, we notify the CNIL within 72 hours (Art. 33)
- User notification: If the breach is likely to result in a high risk to your rights and freedoms, we notify you without undue delay via email (Art. 34), describing: the nature of the breach, likely consequences, measures taken or proposed, and our contact point
- If email communication is compromised by the breach, we will use alternative notification methods including in-app notifications and a prominent notice on our website.
- Documentation: All breaches are documented in our internal breach register, regardless of severity
- Remediation: We take immediate measures to contain and remedy the breach and prevent recurrence
Breach notifications will include information about your right to lodge a complaint with a supervisory authority (see Section 33).
19. Privacy by Design & Data Minimization (Art. 25)
Data protection is embedded in Lastribe's architecture from the ground up:
- EU-first infrastructure: All primary data stored in France
- City-level location: We never store precise GPS coordinates as part of your profile
- Self-hosted AI: Models run on our own EU servers -- no data is sent to external AI providers
- Minimal data collection: We only collect data necessary for each feature to function
- Privacy defaults: The most privacy-protective settings are applied by default
- Anonymization: Analytics and AI training data are anonymized before processing
20. Record of Processing Activities (Art. 30)
We maintain a Record of Processing Activities (ROPA) as required by GDPR Article 30. This internal document describes all processing activities, their purposes, legal bases, categories of data subjects, and data flows. It is available to the CNIL upon request.
21. Data Protection Impact Assessment (DPIA)
Given that the Service processes location data and uses AI-based features, we are required to conduct Data Protection Impact Assessments under GDPR Article 35 and CNIL guidelines. We have identified the following processing activities that require a DPIA:
- Location data processing -- city-level storage, event GPS evidence, tribe proximity calculations
- AI-based classification and scoring -- news classification, risk index computation, content moderation assistance
- Gamification and behavioral profiling -- PrepScore computation, badge awarding, XP tracking, course progress
DPIAs for all identified activities will be completed and documented before the public launch of the Service. Each DPIA will assess risks to data subjects' rights and freedoms, evaluate the necessity and proportionality of processing, and define mitigation measures. Results will inform our data protection measures and will be available to the CNIL upon request.
22. Cookies & Tracking
22.1 Landing Page (Pre-Launch)
Our landing page uses NO cookies, tracking pixels, or analytics. Zero data is collected from your visit unless you voluntarily submit the waitlist form.
22.2 Web Application (Post-Launch)
- Essential cookies: Session authentication via Better Auth. Cookie name:
better-auth.session_token. Duration: session-based, auto-extending on activity. Strictly necessary -- no consent required under ePrivacy Directive Article 5(3). - Analytics (PostHog): EU-hosted (Frankfurt), IP anonymization enabled. In accordance with ePrivacy Directive Article 5(3) and CNIL guidelines, analytics cookies are not loaded until you provide explicit consent via our cookie consent banner on first visit. You can change your preference at any time from your account settings or by clicking the cookie settings link in the footer.
- We do NOT use: advertising cookies, social media trackers, Google Analytics, Facebook Pixel, or any ad network scripts.
22.3 Mobile Application
The mobile app does not use browser cookies. Authentication is managed via Bearer token stored in your device's secure storage (SecureStore), which is strictly necessary for service provision under ePrivacy Directive Article 5(3).
The following SDKs are integrated in the mobile app:
| SDK | Purpose | Processing Location | On-Device / Server | Legal Basis |
|---|---|---|---|---|
| PostHog | Product analytics | EU (Frankfurt) | On-device collection, server processing | Consent (opt-in at first launch) |
| Sentry | Error monitoring | EU (Frankfurt) | On-device collection, server processing | Legitimate interest |
| Expo Notifications | Push notifications | US (SCCs) | On-device token, server delivery | Consent |
| MMKV | Local encrypted storage | Device only | On-device only | Contract performance |
| SecureStore | Auth token storage | Device only | On-device only | Contract performance (strictly necessary) |
OS-level permissions (camera, location, contacts) are separate from GDPR consent. Granting an OS permission allows technical access to the device feature, but does not constitute GDPR consent for processing the resulting data. Where both are required (e.g., camera for evidence photos), we obtain GDPR consent separately through in-app notices.
23. Photo & Video Evidence
When you submit evidence for preparedness events:
- Who can see: Only Lastribe administrators and event organizers, for verification purposes
- Storage: EU infrastructure (France)
- Retention: Stored for the duration of your account + 30 days. Deleted upon account deletion.
- AI processing: Evidence may be checked for format validity. No facial recognition or biometric analysis is performed.
- GPS metadata: If you submit GPS evidence, coordinates are stored only for that specific event verification and are not added to your profile.
24. Special Categories of Data (Art. 9)
Lastribe does not collect or process:
- Biometric data (no facial recognition, fingerprint analysis, or voice patterns)
- Health or medical data
- Racial or ethnic origin data
- Political opinions, religious beliefs, or philosophical beliefs
- Trade union membership
- Genetic data
- Sexual orientation data
The Service is focused on practical preparedness (inventory, skills, community coordination) and does not require or process any special category data as defined in GDPR Article 9.
25. Offline Mode & Cached Data
The Service includes an offline crisis mode that caches data locally on your device:
- What is cached: Your inventory items, household info, emergency contacts, and relevant preparedness data
- Security: Cached data is protected by your device's OS-level encryption
- Freshness: Cached data may become outdated; the app displays the last sync timestamp
- Deletion: Cached data is removed when you log out, delete your account, or uninstall the app
- No server access: In offline mode, no data is transmitted to or from our servers
26. Mesh and Peer-to-Peer Communications
The Service includes optional mesh communication features using Bluetooth Low Energy (BLE) and LoRa radio protocols (via Meshtastic-compatible devices). When you use these features:
- Messages: Transmitted via radio mesh network. Messages may be relayed through other mesh nodes to reach their destination. Message content is stored locally on your device.
- Device identifiers: Your mesh node ID and radio metadata (signal strength, hop count) are visible to other mesh nodes in range.
- SOS broadcasts: If you activate the SOS feature, your node ID and optional GPS coordinates are broadcast to all mesh nodes in range.
- Storage: Mesh messages and contact data are stored locally on your device using encrypted local storage. They are not transmitted to our servers unless you explicitly sync them.
- Legal basis: Contract performance (Art. 6(1)(b)) for the messaging functionality; consent (Art. 6(1)(a)) for optional GPS sharing in SOS mode.
- Retention: Mesh data is stored on your device until you delete it or uninstall the app. No server-side retention of mesh communications.
27. Community Content Visibility
Default: private. In line with GDPR Article 25 (data protection by design and by default), every new profile is created private — not discoverable by other users. Profile visibility is opt-in: you must toggle "Profile visibility" to "Visible" in your Profile tab before other users can find you in tribe search, leaderboards, or event attendance lists. You can switch back to private at any time; community contributions you already posted may remain visible within their original Tribe but can be anonymized on request.
When you participate in Tribes (community groups):
- Tribe members can see: your display name, city, PrepScore summary, skills, and messages you post in that Tribe
- Tribe leaders additionally see: join date, activity level, and role within the Tribe
- Administrators (Lastribe team) can access: all community content for moderation and safety purposes
- The public cannot see: your Tribe membership, messages, or community activity. All community features require authentication.
- After leaving a Tribe: your personal data is removed from the Tribe. Messages may be anonymized and retained for community continuity.
28. Push Notifications
- Types: Event reminders, badge awards, community updates, inventory expiry alerts, system announcements
- Consent: Push notifications require your explicit opt-in via your device's permission system
- Granularity: You can enable or disable notification categories individually from the app settings
- Withdrawal: Disable notifications at any time via device settings (iOS: Settings -> Notifications -> Lastribe; Android: Settings -> Apps -> Lastribe -> Notifications) or within the app settings
- Data: Only your push token (device identifier) is stored. No notification content is logged on our servers.
29. Location Data
- Profile city: Stored as a plain city name (no coordinates) — used for leaderboard display, risk radar localization, and tribe member proximity ranking.
- Profile home coordinates (optional, user-entered via Home → Edit location): exact latitude/longitude are stored encrypted at rest with AES-256-GCM (application-layer encryption, on top of database-level encryption). Used exclusively for (a) hazard / civil-alert proximity notifications, (b) weather-at-home, (c) evacuation route planning. They are decrypted in memory only for the duration of each operation; never logged, never exported in plaintext. You can clear them at any time from the same screen. See Section 17 for the encryption architecture.
- Event evidence GPS (optional, when you submit GPS proof of attending an event): same AES-256-GCM application-layer encryption as your profile home coordinates. Visible only to you and to administrators reviewing the evidence; never broadcast.
- Monitored locations (optional, when you opt in to receive civil-alert push notifications for places other than your home — e.g., a parents' address, a vacation home, a child's school): same AES-256-GCM application-layer encryption. Used exclusively to match incoming civil alerts (MeteoAlarm, FR-Alert) against your watched coordinates and dispatch a push if a match falls within range.
- Event evidence: Voluntary GPS submission with your explicit consent at the time of submission
- Tribe proximity: City-level calculation for geographic matching -- not real-time GPS tracking
- Extraction routes: If you create evacuation/extraction routes, the precise route geometry (GPS path) is stored with the route. This data is user-created, stored only for route navigation purposes, and is not used for tracking or profiling.
- Monitored locations: If you add monitored locations for alert matching, the geographic coordinates of those locations are stored to deliver relevant civil protection alerts. You can remove monitored locations at any time from your settings.
- No continuous tracking: Your location is never continuously tracked
- No sharing without consent: Location data is never shared with third parties without your explicit consent
- Never sold: Location data is never sold, ever
30. Children & Age Restrictions
Lastribe is intended exclusively for users aged 18 years and older. We do not knowingly collect personal data from anyone under 18.
If we discover that a user is under 18, we will promptly delete their account and all associated data. If you believe we may have collected data from a minor, please contact us at privacy@lastribe.eu.
31. AI & Automated Processing
- Self-hosted within the EU: All AI models run on our own servers using Ollama -- no data is sent to external AI providers (OpenAI, Google, etc.)
- Content processing, not personal data: AI processes content data (news articles, risk assessments), not your personal user data
- No legal effects: AI outputs are informational and do not produce legal or similarly significant effects on users
- Admin oversight: All AI behavior is fully controlled and auditable by our admin team
- Training data: Uses anonymized, aggregated user feedback (votes, corrections). Anonymization is verified through k-anonymity checks ensuring no individual user is identifiable in training datasets. When you opt out (via privacy@lastribe.eu), your feedback is excluded from all future training data exports. Feedback already incorporated into deployed models cannot be individually extracted, but no new data from your account will be used. Re-identification risk is assessed as very low due to the aggregated and categorical nature of the feedback (vote direction, category selection).
- Opt-out: Email privacy@lastribe.eu to exclude your feedback from AI training data
32. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes:
- The "Last updated" date at the top of this page will be revised
- For material changes, we will notify you by email at least 15 days before the changes take effect
- Where required by law, we will seek new consent before applying changes that affect the legal basis of processing
- For material changes that expand the scope of processing or affect the legal basis, we will obtain your explicit renewed consent before implementing the changes. If you do not consent to the updated policy, you may continue using the Service under the previous policy terms or close your account at any time.
33. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. Under GDPR Article 77, you may file a complaint with:
- The supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement -- whichever you prefer.
- A list of all EU data protection authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
As a French company, our lead supervisory authority is:
CNIL (Commission Nationale de l'Informatique et des Libertes)
3 Place de Fontenoy, TSA 80715
75334 Paris Cedex 07, France
Website: www.cnil.fr
We encourage you to contact us first at privacy@lastribe.eu so we can attempt to resolve your concern directly.
33b. Version History
| Version | Date | Summary of Changes |
|---|---|---|
| 1.0 | March 26, 2026 | Initial publication |
| 1.1 | April 6, 2026 | Added mesh communications disclosure, SDK transparency, mandatory/optional data distinction, extraction routes and monitored locations, AI training details, Transfer Impact Assessment reference, civil alert processing, enhanced data subject rights detail, updated sub-processor locations, compliance with CNIL 2024 mobile app recommendations |
| 1.2 | April 24, 2026 | Filled EnableUnion SASU identifiers (SIREN/SIRET 103 184 941, RCS Thionville, share capital EUR 3,000, registered address, VAT, president); replaced VPS provider placeholder with OVH SAS (Roubaix, FR) in sub-processor list; explicit brand attribution (Lastribe published by EnableUnion SASU). No change to data processing scope. |
| 1.3 | April 24, 2026 | Profile visibility is now private by default (§27) — implements GDPR Article 25 recommendation from DPIA 3 §12.1. A new user-facing toggle under Profile → Profile visibility lets users opt in to community discovery; §15.2 updated to reference the toggle. No new data processing, no new sub-processor — only a change in defaults + UI control. |
| 1.4 | April 24, 2026 | App-layer encryption of home coordinates (§17, §29) — implements DPIA 1 §14.1 recommendation. profiles.house_lat / house_lng are now AES-256-GCM encrypted before INSERT; §29 corrected to reflect that home coordinates can be stored (opt-in) and protected by that encryption layer rather than the misleading "never precise GPS coordinates" wording. Hazard-notification dispatch logic moved from SQL-level Haversine to JavaScript post-decrypt. See plan 071. |
| 1.5 | April 25, 2026 | Encryption extended to event_evidence.gps_lat/gps_lng and user_monitored_locations.latitude/longitude (L.7c-follow). §29 documents the two new encrypted classes alongside profile home coordinates. Same AES-256-GCM pattern, same threat model (defense in depth against backup/dump compromise). |
| 1.6 | May 14, 2026 | Editorial alignment across the Lastribe legal corpus (Mentions legales + Terms): consumer-mediation provider designated (Société Médiation Professionnelle, CECMC-validated 16/10/2018, convention signed 13/05/2026) and ODR/RLL platform references removed (platform permanently closed 20/07/2025 by EU Regulation 2024/3228) -- these changes affect Mentions legales and Terms; this Privacy Policy is unchanged in text and data processing scope, version bumped to keep all user-facing legal docs in sync (same "Last updated" date 14/05/2026). |
| 1.7 | May 14, 2026 | Full French translation added (bilingual document, FR-first prevailing in case of discrepancy for French users). Top-of-file structure now matches accessibility_statement.md pattern (# ENGLISH VERSION then # VERSION FRANCAISE). No change to data processing scope, sub-processors or legal bases. |
| 1.8 | May 14, 2026 | French diacritics reinstated in the FR part (deprecation of the historic "no accents" convention). The Lastribe legal corpus now uses proper UTF-8 French accents everywhere (Médiation, Données, Confidentialité, etc.). EN content unchanged. |
34. Contact
EnableUnion SASU
France, European Union
Privacy inquiries: privacy@lastribe.eu
General support: support@lastribe.eu
Website: www.lastribe.eu