Updated version: March 5, 2026
By using the services offered by Clemz (Clemz.app website, Chrome extension, sales synchronisation modules, customer support and the vint-aide.com forum), you may transmit certain personal data to Clemz.
This privacy policy aims to clearly, transparently and comprehensibly inform Users about how your data is collected, processed, stored and protected.
Some data may also be processed by means of features based on automated processing or artificial intelligence technologies, strictly in the context of Service performance.
Clemz acts as data controller within the meaning of Regulation (EU) 2016/679 (GDPR) and the French Data Protection Act (Loi Informatique et Libertés), as amended.
Clemz acts as data controller for data relating to Service Users, and as data processor for personal data processed on behalf of the User in the context of synchronisation with third-party platforms. Some of these features may involve the use of specialised processors, including artificial intelligence service providers, acting in compliance with the GDPR.
This privacy policy applies to the site: Clemz.app.
This privacy policy aims to inform users of the site about:
This privacy policy supplements the legal notices and the General Terms of Use available at:
/en/terms-conditions
In accordance with Article 5 of the GDPR, data collection and processing comply with the following principles:
To be lawful, and in accordance with the requirements of Article 6 of Regulation (EU) 2016/679, the collection and processing of personal data may only take place if at least one of the following conditions is met:
Clemz does not access the browser's general browsing history. However, technical data relating to the use of Clemz services (e.g. pages viewed within Clemz services, dates and durations) may be collected in accordance with Article 2.3.
2.1 Identification data
2.2 Data relating to Vinted
In the context of voluntary synchronisation with the User's Vinted account:
This data may, where applicable, be analysed by automated processing or artificial intelligence features, exclusively to provide the services requested by the User.
2.3 Technical data
Technical data relating to the use of artificial intelligence features (e.g. volume of generations, request timestamps, technical parameters) may be collected for security, abuse prevention and Service improvement purposes.
2.4 Prohibited data
Clemz is not intended to process sensitive data within the meaning of Article 9 of the GDPR. The User undertakes not to transmit, via the Service (including via artificial intelligence features), sensitive data or data relating to third parties without an appropriate legal basis. If such data were transmitted by the User, it may be deleted or rendered non-identifying where possible and in accordance with applicable legal obligations.
2.5 Transfers outside the EU
Some of Clemz's technical service providers may be located outside the European Union and may therefore involve the transfer of personal data. In such cases, Clemz frames these transfers in accordance with Articles 44 et seq. of the GDPR (in particular via standard contractual clauses approved by the European Commission and, where applicable, supplementary security measures). The list of main providers concerned may be communicated on request.
2.6 Payment data
Payments are processed by an external payment provider (Stripe). Clemz does not store your bank details; only technical information relating to payment (e.g. transaction ID, status, payment method, last four digits where applicable) may be retained for subscription management, invoicing and fraud prevention.
The personal data collected on the Clemz site are as follows:
Data collected / Purposes:
These data are collected when the user performs one of the following operations on the site:
A. COLLECTED DATA AND COLLECTION METHOD
Furthermore, when making a payment on the site, a proof of the transaction including the order form and invoice will be kept in the site's computer systems.
The data controller will keep all collected data in the site's computer systems and under reasonable security conditions for a period of:
Data collection and processing serve the following purposes:
Data processing is based on the following legal grounds:
B. DATA TRANSMISSION TO THIRD PARTIES
Personal data collected by the site are not transmitted to any third party and are only processed by the site publisher.
C. DATA HOSTING
The Clemz site is hosted by: OVH, whose headquarters are at the following address:
The host can be contacted at the following phone number: 1007.
Data collected and processed by the site are exclusively hosted and processed in France.
The data controller is: the administrator of Clemz.app. They can be contacted as follows:
The data controller undertakes to protect collected personal data, not to transmit them to third parties without informing the user, and to respect the purposes for which these data were collected.
The site has an SSL certificate to ensure that information and data transfers passing through the site are secure.
An SSL ("Secure Socket Layer" Certificate) is intended to secure data exchanged between the user and the site.
Furthermore, the data controller undertakes to notify the user in case of rectification or deletion of data, unless this would entail disproportionate formalities, costs, and steps.
A. CONTROLLER
B. OBLIGATIONS OF THE DATA CONTROLLER
If the integrity, confidentiality, or security of the user's personal data is compromised, the data controller undertakes to inform the user by any means.
In accordance with regulations regarding the processing of personal data, the user has the rights listed below.
To enable the data controller to comply with their request, the user must provide: their first and last name as well as their email address, and if relevant, their account, personal space, or subscriber number.
The data controller must respond to the user within a maximum period of 30 (thirty) days.
A. PRESENTATION OF USER RIGHTS REGARDING DATA COLLECTION AND PROCESSING
a. Right of access, rectification, and erasure
The user may access, update, modify, or request the deletion of data concerning them, following the procedure below:
If they have one, the user has the right to request the deletion of their personal space by following the procedure below:
b. Right to data portability
The user has the right to request the portability of their personal data held by the site to another site, following the procedure below:
c. Right to restriction and objection to data processing
The user has the right to request restriction or object to the processing of their data by the site, unless the site can demonstrate legitimate and compelling reasons that prevail over the user's interests, rights, and freedoms.
To request restriction of data processing or to object to data processing, the user must follow the procedure below:
d. Right not to be subject to a decision based solely on automated processing
In accordance with Regulation 2016/679, the user has the right not to be subject to a decision based solely on automated processing if the decision produces legal effects concerning them or significantly affects them in a similar way.
e. Right to determine the fate of data after death
The user is reminded that they may organize what should happen to their collected and processed data if they die, in accordance with Law No. 2016-1321 of October 7, 2016.
f. Right to contact the competent supervisory authority
If the data controller decides not to respond to the user's request, and the user wishes to contest this decision, or if they believe that one of the rights listed above has been infringed, they are entitled to contact the CNIL (Commission Nationale de l'Informatique et des Libertés, https://www.cnil.fr) or any competent judge.
The site may use 'cookies'.
A 'cookie' is a small file (less than 4 KB), stored by the site on the user's hard drive, containing information about the user's browsing habits.
These files allow the site to process statistics and traffic information, facilitate navigation, and improve the service for the user's comfort.
For the use of 'cookies' involving the storage and analysis of personal data, the user's consent is necessarily required.
This user consent is considered valid for a maximum period of 6 (six) months. At the end of this period, the site will again request the user's authorization to store 'cookies' on their hard drive.
a. User's opposition to the use of 'cookies' by the site
Non-essential cookies for the site's operation are only placed on the user's device after obtaining their consent. The user may withdraw their consent at any time, as follows:
More generally, the user is informed that they may oppose the storage of these 'cookies' by configuring their browser software.
For information, the user can find the steps to configure their browser software to oppose the storage of 'cookies' at the following addresses:
If the user decides to disable 'cookies', they may continue browsing the site. However, any malfunction of the site caused by this action cannot be considered the fault of the site publisher.
b. Description of 'cookies' used by the site
The site publisher draws the user's attention to the fact that the following cookies are used during their navigation:
This privacy policy can be consulted at any time at the following address:
The site publisher reserves the right to modify it to ensure its compliance with current law.
Therefore, the user is invited to consult this privacy policy regularly to stay informed of the latest changes.
The user is informed that the last update of this privacy policy was on: 01/06/2021.
By browsing the Site, the User certifies having read and understood this privacy policy and accepts its conditions, especially regarding the collection and processing of their personal data, as well as the use of 'cookies'.
Where personal data has been used in the context of features based on artificial intelligence technologies, its erasure applies to the source data retained by Clemz, as well as to the associated generated content where it is still linked to an identifiable account.
Data that has been irreversibly anonymised, no longer making it possible to identify a person, no longer constitutes personal data and cannot be subject to an erasure request under the GDPR.
You have the right to object to the processing of your personal data or to request its restriction, under the conditions laid down in Articles 18 and 21 of Regulation (EU) 2016/679 (GDPR).
Where processing is based on Clemz's legitimate interest, in particular for the improvement of features based on artificial intelligence technologies or the prevention of abuse, you may object on grounds relating to your particular situation.
However, the right to object does not apply where processing is necessary for the performance of the contract binding the User to Clemz, in particular for the provision of the requested features.
You have the right to receive the personal data concerning you that you have provided to Clemz, in a structured, commonly used and machine-readable format, or to request that it be transmitted to another controller, where technically feasible.
This right applies only to personal data that you have provided directly to Clemz and that is processed on the basis of consent or contract performance. Content automatically generated by features based on artificial intelligence technologies does not constitute personal data "provided" by the User within the meaning of Article 20 of the GDPR and therefore does not fall within the right to portability, unless it contains identifiable personal data.
Any request relating to the exercise of the rights mentioned above must be sent by email to the following address: bonjour@clemz.app
Clemz undertakes to respond to any request within one (1) month of receipt. This period may be extended by two (2) months in the event of complexity or a large number of requests; in such case, the User will be informed within one month.
When you wish to delete your Clemz account, you may submit a request by email to the following address: bonjour@clemz.app.
Clemz processes the deletion request and, where applicable, may confirm that it has been received and communicate the main applicable terms.
11.1 Deletion of identifying data
Once the request has been validated, the User's email address and the personal data enabling their identification are deleted or rendered non-identifying in accordance with appropriate procedures.
After this step, Clemz no longer uses this data to identify the User, subject to data retained for legal obligations or for the establishment, exercise or defence of legal claims.
Content generated by features based on artificial intelligence technologies and still linked to the User's account is deleted or anonymised under the same conditions.
11.2 Limited retention of anonymised data
In order to ensure fair operation and Service quality, Clemz may retain certain information rendered non-identifying in accordance with appropriate procedures, so as to minimise the risks of re-identification.
This data is used exclusively for internal statistical purposes, without individual analysis or commercial reuse.
This anonymised data comprises:
This retention serves the following purposes:
No identifiable personal data is retained by Clemz after account deletion, other than legal retention obligations.
Data that has been used in the context of automated processing or artificial intelligence features is retained only in anonymised form when necessary for statistical or Service improvement purposes.
11.3 Compliance with CNIL recommendations
The anonymisation processes implemented are designed to comply with the criteria and recommendations of the CNIL (French data protection authority), so as to minimise the risks of re-identification, in particular by avoiding the isolation of an individual, cross-referencing with other sources, or the deduction of information about a person.
Once irreversibly anonymised, this data is no longer qualified as personal data and no longer falls within the scope of the GDPR.
Clemz does not allow the reuse of personal data processed on behalf of Users for external model training purposes, outside of Service provision.
11.4 Buyer data
In the context of the "Sales" module, certain information concerning buyers (such as delivery or billing address) is displayed to the User because it comes directly from their activity on Vinted.
This data is used exclusively for the operation of the Service and is not transmitted to third parties, other than legal obligations or strictly necessary technical providers.
When a Clemz account is deleted, data relating to buyers is deleted or rendered non-identifying in accordance with appropriate procedures, subject to applicable legal retention obligations. Aggregated and non-identifying information (e.g. number of sales, overall volume) may be retained for statistical purposes.
The User remains solely responsible for compliance with legal and regulatory obligations relating to the personal data of their buyers.
For personal data relating to buyers from third-party platforms (including Vinted), Clemz acts exclusively as a processor within the meaning of Article 28 of the GDPR, on behalf of the User, who remains the controller of such data.
This data is processed only to enable the User to manage their sales, logistics and administrative obligations, without autonomous reuse by Clemz, without enrichment or use for commercial or marketing purposes.
Buyer data is retained for the period necessary for Service performance, then deleted or rendered non-identifying within a reasonable time. Where artificial intelligence features have been used on this data, processing ceases upon account deletion and Clemz does not retain identifiable buyer data beyond legal requirements.
11.5 Retention period and automatic deletion
Certain technical data relating to the User's activity (such as documents generated via the Service, including photos, shipping labels or invoices) may be temporarily archived to enable the proper operation of the Service.
These elements are retained for the duration of the contractual relationship, necessary for their use, then, where applicable, for the applicable legal periods (accounting, tax obligations) or deleted/anonymised within time limits proportionate to the purposes pursued.
By way of example, photos saved and transmitted by the User via Clemz are in principle deleted within approximately thirty (30) days after the end of the subscription, unless temporary technical necessity, legal obligation, or retention for the establishment, exercise or defence of legal claims.
Clemz applies regular and proportionate retention and deletion rules, in accordance with the storage limitation principle laid down by the GDPR.
Technical data relating to the use of artificial intelligence features (such as technical logs or usage indicators) is retained for periods proportionate to the purposes of security and abuse prevention, then deleted or anonymised.
Clemz implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR, including:
Where certain features rely on artificial intelligence technologies involving data flows to third-party technical providers, Clemz ensures that these flows are secured by appropriate encryption protocols and contractually framed in accordance with the GDPR.
Providers involved in the context of artificial intelligence features are subject to contractual obligations of confidentiality, security and data protection equivalent to those applicable to Clemz.
Only the data strictly necessary for the operation of the features concerned is transmitted to artificial intelligence systems, in accordance with the data minimisation principle laid down by the GDPR.
Clemz implements technical monitoring mechanisms intended to prevent abusive or improper use of features based on artificial intelligence technologies, in respect of Users' rights and freedoms.
In the event of a personal data breach likely to result in a high risk to the rights and freedoms of data subjects, Clemz will inform them as soon as possible, in accordance with Articles 33 and 34 of the GDPR.
Clemz published by CLEMZ SASU whose registered office is located at 58 rue de Monceau – CS 48756, 75380 Paris Cedex 08 – France
Contact address: bonjour@clemz.app
Certain features based on artificial intelligence technologies may involve the intervention of specialised technical processors.
When these providers process personal data on behalf of Clemz, they act exclusively as processors within the meaning of Article 28 of the GDPR, on Clemz's instructions and within a secure contractual framework.
Any published content (comments, reviews) may be moderated or removed by Clemz in the event of non-compliance with applicable rules, current legislation or these terms, in accordance with French Act No. 2004-575 of 21 June 2004 on Confidence in the Digital Economy (LCEN).
Where automated assistance features or features based on artificial intelligence technologies are used in the context of writing or moderating content (forum, comments, reviews), these tools intervene only as technical assistance.
The final moderation decision remains based on criteria defined by Clemz and, where applicable, validated by human intervention.
15.1 Strictly necessary cookies
Clemz uses only technical cookies or trackers that are strictly necessary for the operation of the Service and account connection management (authentication, session maintenance, security). As these trackers are essential for the provision of the expressly requested Service, they do not require your consent.
You may configure your browser to delete or block these cookies; in that case, access to the account and/or the Service may not work properly.
15.2 YouTube videos (third-party content)
Certain pages may offer the display of videos hosted by YouTube. Playing these videos may result in the placement or reading of trackers by YouTube/Google.
15.3 Payment (Stripe Checkout)
For payment, the User is redirected to a payment page operated by Stripe (Stripe Checkout). On this occasion, Stripe may place or read trackers necessary for the proper functioning of payment and the prevention of fraud and abuse. Clemz does not control the trackers placed on Stripe pages.
If you consider that your rights are not being respected, you may contact Clemz and/or lodge a complaint with the competent supervisory authority, in particular the Commission Nationale de l'Informatique et des Libertés (CNIL): www.cnil.fr.