Privacy
Privacy policy
What ScoutLib collects, why, and the rights you keep over your data.
Last updated: 2026-05-31
Data controller
TO BE COMPLETED (legal): identity of the data controller (a French association loi 1901 "ScoutLib" is recommended, otherwise the publishing individual). This depends on the chosen legal structure and will be specified before sign-ups open.
Data protection contact: rgpd@scoutlib.com.
Principle: minimization
We collect only what is strictly necessary for the service. Some sensitive data (date of birth for the age check, scout card number for leader verification) is only requested when indispensable, and purged once it is no longer needed.
Data we process
Depending on how you use ScoutLib, we may process the following data:
| Data | Purpose | Legal basis | Retention |
|---|---|---|---|
| Email address | Authentication, service notifications | Performance of the contract (Terms) | Account lifetime + 30 days |
| Display name, avatar | Author display, personalisation | Performance of the contract | Account lifetime |
| Date of birth | Minimum age check (15) | Access condition and legitimate interest (protecting minors) | Account lifetime, then purged |
| FSE group, role | Co-optation, statistics, community spirit | Consent | Account lifetime |
| Scout card number | Leader status verification | Explicit consent (data that may reveal a belief) | For the time of verification, then anonymised |
| Favourites, notes, "already done" | Leader's personal space | Performance of the contract | Account lifetime |
| Contributions (ideas) | Community catalogue | Performance of the contract and consent to publish | Kept and anonymised after departure (see Terms) |
| Reports | Moderation | Legitimate interest | 1 year after resolution |
| Audience measurement (PostHog) | Service improvement, aggregated | Consent (cookies) | 12 months |
| Technical logs (Supabase, Sentry) | Security, debugging | Legitimate interest | 90 days |
Minors (15-17)
ScoutLib is for ages 15 and over (the digital consent age in France). Under-15s cannot sign up. For minors, we apply specific safeguards:
- No marketing profiling, no advertising.
- Protective defaults and clear language.
- Minimised audience measurement (manual capture, no autocapture).
Your rights
Under the GDPR, you have the following rights over your data:
- Access and rectification — view and edit your profile directly from your account space.
- Erasure — delete your account ("delete-account" function): immediate removal, then purged within 30 days. Your published ideas are kept but anonymised ("Anonymous leader").
- Portability — export your favourites, notes and contributions as JSON ("export-my-data" function).
- Objection and consent withdrawal — disable audience measurement from the cookie page, or remove your card number at any time.
To exercise these rights, write to us at rgpd@scoutlib.com.
Processors
We use providers that process data on our behalf, under contract (DPA) and hosted in the European Union where possible:
| Processor | Role | Location |
|---|---|---|
| Supabase | Authentication, database, storage | European Union |
| Cloudflare | Hosting, DNS, CDN | European edge |
| Resend | Transactional emails | United States (standard contractual clauses) |
| Sentry | Error monitoring | European Union, personal data scrubbing |
| PostHog | Audience measurement | European Union (EU Cloud) |
| HelloAsso | Donations (external link) | France — outside the scope of account data |
Cookies
ScoutLib uses necessary cookies and, with your consent, audience measurement. Details and preferences in the cookie policy.
Security
Data is encrypted at rest and in transit. Sensitive data (card number, for verification) is protected by restricted, logged access. No health data is processed.
Changes to this policy
This policy may evolve (in particular once the legal structure is set and reviewed by a lawyer). The last-updated date is shown at the top of the page.