Go to main content
Back

Privacy Policy

Last updated: August 2025

1. Data Controller Information

Under the General Data Protection Regulation (GDPR), the data controller for your personal information is:

Business Name: ANTOSKINS

Legal Representative: Antony Pinel

SIRET Number: 94752970700012

Contact Email: antonypinel@gmail.com

Data Protection Contact: antonypinel@gmail.com

This Privacy Policy explains how we collect, use, process, and protect your personal data when you use our platform TMMH Skins, in compliance with EU GDPR and French data protection laws.

2. Personal Data We Collect

2.1 Information You Provide Directly

  • Account Information: Email address, username, password (encrypted)
  • Profile Data: Display name, avatar/profile picture, biographical information
  • User-Generated Content: Uploaded skins, comments, ratings, feedback
  • Communications: Messages sent through contact forms or support emails

2.2 Information Automatically Collected

  • Technical Data: IP address, browser type and version, device information
  • Usage Data: Pages visited, time spent, download history, search queries
  • Performance Data: Error logs, crash reports
  • Preferences: Theme settings, language preferences, UI customizations

2.3 Cookies and Similar Technologies

  • Essential Cookies: Session management, authentication, security
  • Preference Cookies: User settings, theme preferences
  • Analytics Cookies: Usage statistics, performance monitoring
3. Legal Bases for Processing

Under GDPR Article 6, we process your personal data based on the following legal bases:

Contract Performance (Article 6(1)(b)):

Account creation, authentication, and service delivery

Legitimate Interest (Article 6(1)(f)):

Platform security, fraud prevention, service improvement, and analytics

Consent (Article 6(1)(a)):

Optional marketing communications and non-essential cookies

Legal Obligation (Article 6(1)(c)):

Compliance with French and EU laws, including data retention requirements

4. How We Use Your Personal Data

4.1 Platform Operation

  • Create and manage user accounts and authentication
  • Provide access to skins, downloads, and platform features
  • Process user ratings, comments, and feedback
  • Maintain user preferences and customization settings

4.2 Security and Safety

  • Detect and prevent fraud, abuse, and security threats
  • Monitor for violations of our Terms of Service
  • Investigate and respond to user reports
  • Ensure platform integrity and user safety

4.3 Service Improvement

  • Analyze usage patterns to improve user experience
  • Develop new features and optimize existing functionality
  • Conduct performance monitoring and error tracking
  • Generate anonymized statistics and insights

4.4 Communication

  • Send essential service notifications and updates
  • Respond to support requests and inquiries
  • Notify about significant changes to our services
  • Send security alerts when necessary
5. Data Sharing and Third-Party Services

We do not sell, rent, or trade your personal information. We may share data with trusted third-party service providers:

5.1 Essential Service Providers

PocketBase (Database Services)

Purpose: Data storage and user authentication

Data Shared: Account information, user content, usage data

Location: Self-hosted infrastructure

Vercel (Hosting Provider)

Purpose: Website hosting and content delivery

Data Shared: Technical data, performance metrics

Location: Global CDN with EU data centers

Privacy Policy: https://vercel.com/legal/privacy-policy

5.2 Legal Disclosures

We may disclose personal data when required by law or to:

  • Comply with legal obligations and court orders
  • Protect our rights, property, and safety
  • Investigate fraud or security incidents
  • Respond to legitimate requests from law enforcement
6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure adequate protection through:

  • Adequacy Decisions: Processing in countries recognized by the European Commission as providing adequate protection
  • Standard Contractual Clauses: EU-approved contractual safeguards with our service providers
  • Certification Schemes: Partners certified under recognized international privacy frameworks

For transfers to the United States, we ensure our partners comply with recognized transfer mechanisms such as the EU-US Data Privacy Framework when applicable.

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

Account Data: Until account deletion + 30 days for technical cleanup

User Content: Until deletion by user or account termination

Usage Analytics: 24 months in anonymized form

Error Logs: 90 days for debugging and security

Legal Records: As required by French law (typically 3-6 years)

After these periods, data is securely deleted or anonymized beyond recognition.

8. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right of Access (Article 15): Obtain copies of your personal data and information about how it's processed

Right to Rectification (Article 16): Correct inaccurate or incomplete personal data

Right to Erasure (Article 17): Request deletion of your personal data in certain circumstances

Right to Restrict Processing (Article 18): Limit how we process your data in specific situations

Right to Data Portability (Article 20): Receive your data in a machine-readable format

Right to Object (Article 21): Object to processing based on legitimate interests

Right to Withdraw Consent: Withdraw consent for processing based on consent

To exercise these rights, contact us at antonypinel@gmail.com. We will respond within 30 days as required by law.

9. Data Security Measures

We implement comprehensive security measures to protect your personal data:

9.1 Technical Safeguards

  • End-to-end encryption for data transmission (HTTPS/TLS)
  • Encrypted storage of sensitive data and passwords
  • Regular security updates and vulnerability assessments
  • Secure authentication and session management
  • Access controls and principle of least privilege

9.2 Organizational Measures

  • Data protection by design and by default
  • Regular security training and awareness
  • Incident response and breach notification procedures
  • Regular data protection impact assessments
  • Vendor security requirements and audits

Despite our security measures, no system is 100% secure. We cannot guarantee absolute security but commit to promptly addressing any security incidents.

10. Cookies and Tracking Technologies

10.1 Types of Cookies We Use

Strictly Necessary Cookies:

Essential for platform functionality, authentication, and security. These cannot be disabled.

Functional Cookies:

Remember your preferences, settings, and choices to enhance user experience.

Analytics Cookies:

Help us understand how users interact with our platform to improve services.

10.2 Managing Cookies

You can control cookies through:

  • Browser settings to block or delete cookies
  • Our cookie consent management (when implemented)
  • Third-party opt-out tools for analytics services

Note: Disabling essential cookies may affect platform functionality.

11. Children's Privacy

Our platform does not specifically target children, but we welcome users of all ages. For users under 16 (the digital age of consent in many EU countries):

  • We recommend parental guidance for account creation
  • Parents may contact us to exercise rights on behalf of their children
  • We take special care to protect young users' data
  • We do not knowingly collect excessive data from minors

If you believe we have collected inappropriate data from a child, please contact us immediately at antonypinel@gmail.com.

12. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected users without undue delay
  • Provide clear information about the breach and our response
  • Offer guidance on protective measures you can take
  • Implement additional safeguards to prevent future incidents

We maintain detailed incident response procedures to ensure rapid and effective breach management.

13. Updates to This Privacy Policy

We may update this Privacy Policy to reflect changes in:

  • Our data processing practices
  • Legal requirements and regulatory guidance
  • Platform features and functionality
  • Third-party service providers

Material changes will be communicated through:

  • Prominent notice on our platform
  • Email notification to registered users (when significant)
  • Updated "Last modified" date at the top of this policy

We encourage you to review this policy periodically to stay informed about how we protect your data.

14. Supervisory Authority and Complaints

You have the right to lodge a complaint with a data protection supervisory authority, particularly in your country of residence, workplace, or where an alleged infringement occurred.

French Data Protection Authority (CNIL):

Website: https://www.cnil.fr

Address: 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, FRANCE

Phone: +33 1 53 73 22 22

We prefer to resolve concerns directly, so please contact us first. However, you always have the right to contact the supervisory authority.

15. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Data Protection Officer: Antony Pinel

Email: antonypinel@gmail.com

Subject Line: "Privacy Policy - [Your Subject]"

Postal Address:

We aim to respond to all data protection inquiries within 30 days as required by GDPR. For urgent security matters, please mark your email as "URGENT" in the subject line.

Business Hours: Monday to Friday, 9:00 AM to 6:00 PM (CET/CEST)
Response Time: We strive to acknowledge receipt within 48 hours and provide a full response within 30 days.