Protection and processing of your personal data
Version: 1.0 Effective date: 20 Mai 2026 Last updated: February 19, 2026
The data controller for personal data collected through the GroundCam platform (hereinafter "the Platform"), accessible at https://groundcam.io and its subdomains, is:
For any questions regarding the protection of your personal data, you may contact our Data Protection Officer:
In the course of using the Platform, we collect the following data:
| Category | Data collected |
|---|---|
| Registration and account | Last name, first name, email address, password (hashed), organization name |
| User profile | Profile picture (optional), role within the organization |
| Billing | Payment information (processed by Stripe, our payment provider - we do not store credit card numbers) |
| Video sessions | Client phone number (for sending the SMS link), client name (optional) |
| Support | Any information provided when submitting a support request |
| Category | Data collected |
|---|---|
| Connection data | IP address, browser type and version, operating system, pages visited, date and time of connection |
| Video session data | Session duration, timestamps, screenshots taken during the session |
| Geolocation data | GPS coordinates (only if the end client explicitly authorizes sharing their location during a video session) |
| Cookies and trackers | See our Cookie Management Policy |
End clients who join a video session via an SMS link are not required to create an account. The data collected concerning them is limited to:
| Purpose | Legal basis (GDPR) |
|---|---|
| Creation and management of user account | Performance of a contract (Art. 6.1.b) |
| Provision of video session service | Performance of a contract (Art. 6.1.b) |
| Sending SMS to invite a client to a session | Performance of a contract (Art. 6.1.b) |
| Geolocation during video sessions | Consent (Art. 6.1.a) |
| Billing and subscription management | Performance of a contract (Art. 6.1.b) and legal obligation (Art. 6.1.c) |
| Sending transactional emails (confirmations, invitations) | Performance of a contract (Art. 6.1.b) |
| Platform improvement and usage statistics | Legitimate interest (Art. 6.1.f) |
| Handling support requests | Performance of a contract (Art. 6.1.b) |
| Compliance with legal and regulatory obligations | Legal obligation (Art. 6.1.c) |
| Platform security and fraud prevention | Legitimate interest (Art. 6.1.f) |
Only authorized members of GroundCam have access to personal data, limited to what is necessary for the performance of their duties.
We use sub-processors for the operation of the Platform, in particular for hosting, data storage, authentication, video sessions, sending SMS and emails, and payment processing. Some of these sub-processors are located outside the European Economic Area (see Article 6).
A detailed list of our sub-processors, including their identity, location, and the safeguards in place, may be provided upon request to our DPO at [email protected].
Your data may also be disclosed to:
Some of our sub-processors are located in the United States. These transfers are governed by:
We ensure that each transfer of data outside the European Economic Area is accompanied by appropriate safeguards in accordance with Chapter V of the GDPR.
| Data category | Retention period |
|---|---|
| User account data | Duration of the contractual relationship + 3 years after last activity |
| Billing data | 10 years (statutory accounting obligation) |
| Video session data (metadata) | Duration of the organization's subscription + 1 year |
| Screenshots and recordings | Duration of the organization's subscription, deleted within 30 days following the end of the subscription |
| Geolocation data | Duration of the video session + storage with the associated screenshot |
| End client data (anonymous) | 12 months after the session |
| Connection logs and technical data | 12 months (in accordance with applicable regulations) |
| Cookies | See our Cookie Management Policy |
Upon expiry of these periods, data is deleted or irreversibly anonymized.
In accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act (Loi Informatique et Libertés), you have the following rights:
You may obtain confirmation as to whether or not personal data concerning you is being processed, as well as a copy of such data.
You may request the correction of inaccurate or incomplete personal data concerning you.
You may request the deletion of your personal data, subject to statutory retention obligations.
You may request the restriction of processing of your data in the circumstances provided for by applicable regulations.
You may receive your data in a structured, commonly used and machine-readable format, and transmit it to another data controller.
You may object to the processing of your data based on legitimate interest, on grounds relating to your particular situation.
Where processing is based on your consent (in particular geolocation), you may withdraw it at any time without affecting the lawfulness of processing carried out prior to the withdrawal.
You may define instructions regarding the retention, erasure, and disclosure of your data after your death.
To exercise your rights, you may contact us:
We undertake to respond to your request within one month of receipt. This period may be extended by two months due to the complexity or the number of requests.
If you believe that the processing of your data does not comply with applicable regulations, you may lodge a complaint with the French Data Protection Authority (Commission Nationale de l'Informatique et des Libertés - CNIL):
We implement appropriate technical and organizational measures to ensure the security and confidentiality of your personal data, including:
We reserve the right to amend this Privacy Policy at any time. In the event of a substantial change, we will notify you by email or by a notification on the Platform.
The date of the last update is indicated at the top of this document. We encourage you to review this page regularly.
This Privacy Policy is governed by French law.
In the event of a dispute relating to the interpretation or performance of this policy, and failing amicable resolution, the competent courts of Paris shall have exclusive jurisdiction.
For any questions regarding this Privacy Policy or the processing of your personal data: