Pricing About

Language

Francais English
Contact Console
GDPR Compliant

Privacy
Policy

At Bunker, we take the privacy of your data very seriously. Discover how we protect your personal information.

GDPR Compliant

Compliance with European standards

Encryption

Secured data

Hosted in Europe

Data sovereignty

No resale

Your data stays yours

Our commitment

We are committed to protecting your personal information and respecting your privacy in accordance with applicable laws, including the GDPR (General Data Protection Regulation).

Data Protection Officer (DPO)

For any questions regarding the protection of your personal data, you can contact our DPO:

Name

Robin Straub

Email

[email protected]

Information we collect

Information provided voluntarily

When you create an account, we collect your contact details, such as your name, email address, and payment information.

Technical information

We collect information about the device and browser you use to access our platform, including your IP address, browser type, and language settings.

Usage information

We collect data about how you use our platform, including pages visited, actions taken, and interactions with our interface.

Legal bases for processing

Each data processing activity relies on a legal basis in compliance with the GDPR:

Processing Legal basis
Client account management Performance of a contract
Billing and payment Legal obligation
Customer support Performance of a contract
Web analytics (Matomo) Legitimate interest / CNIL exemption
Infrastructure security Legitimate interest
Commercial prospection (B2B) Legitimate interest

How we use your information

The information we collect is used to:

Provide, operate and improve our platform and services.
Manage your account and user settings.
Answer your questions and provide personalized customer support.
Analyze platform usage to better understand the needs of our users.
Comply with our legal obligations and ensure the security of our users.

Sharing your information

We never share your personal information with third parties, except in the following cases:

View the list of subprocessors →

Service providers

We work with a limited number of third-party service providers (Stripe for payments, Cloudflare for network protection, BetterStack for monitoring). These providers are required to comply with strict confidentiality standards and have signed a Data Processing Agreement (DPA).

Legal obligations

We may be required to disclose your information in response to a legal request, such as a court order or request from public authorities.

Protection of our rights

We may disclose your information if we believe it is necessary to protect our rights, our security, or that of our users.

Transfers outside the European Union

Almost all of your data is hosted in France in our own datacenters. However, some subprocessors are located outside the EU:

Subprocessor Country Purpose Safeguards
Cloudflare USA Network protection and DNS Standard Contractual Clauses (SCCs) + signed DPA
Stripe USA Payment processing Standard Contractual Clauses (SCCs) + signed DPA

All other data is hosted exclusively in France in datacenters operated by France Nuage.

Cookies and trackers

Our website uses a very limited number of cookies:

Matomo (analytics)

Configured in CNIL exemption mode: no IP tracking, limited audience measurement cookies. No consent required.

Technical cookies

Strictly necessary for website operation (session, preferences).

We do not use any third-party cookies, advertising cookies, or cross-site tracking.

Data retention periods

We retain your personal data only for the duration necessary for the purposes for which it was collected:

Data Duration Legal basis
Client account data (name, email, company ID) Duration of contract + 30 days Performance of a contract
Billing data 10 years after last invoice Legal obligation (Commercial Code)
Connection logs (IP, user-agent) 12 months Legal obligation (LCEN)
Technical infrastructure logs 12 months Legitimate interest (security)
Analytics data (Matomo) 25 months Legitimate interest
Data after contract termination 30 days then deletion Performance of a contract

Data security

We use appropriate technical and organizational security measures to protect your personal information against unauthorized access, disclosure, modification or destruction. All communications between you and our platform are encrypted using state-of-the-art technologies.

Security & Compliance →

Your rights

Under the GDPR (Articles 15 to 22), you have the following rights:

Right of access

You can request a copy of the personal information we hold about you (Art. 15).

Right to rectification

You can ask us to correct any incorrect or incomplete information (Art. 16).

Right to erasure

You can request the deletion of your personal information in certain circumstances (Art. 17).

Right to restriction

You can request the restriction of processing of your data in certain circumstances (Art. 18).

Right to data portability

You can receive your data in a structured, commonly used and machine-readable format (Art. 20).

Right to object

You can object to the use of your personal information in certain situations (Art. 21).

Withdrawal of consent

Where processing is based on your consent, you can withdraw it at any time.

Complaint to CNIL

You have the right to lodge a complaint with the CNIL (French Data Protection Authority) at www.cnil.fr.

To exercise your rights, contact our DPO at [email protected]. We will respond within a maximum of 30 days.

We may update this privacy policy from time to time. Any changes will be posted on this page, and we will notify you by email if the changes are significant.

Last updated: February 2026

Questions about your data?

Contact our DPO at [email protected]

Contact us