Privacy policy

This privacy policy explains how Numista collects, uses, and shares personal data when you use the website and its services.

Controller

Numista EURL
9 boulevard Albert 1er
06600 Antibes
France

Scope

This policy applies to all Numista websites and subdomains. By using the website you agree to the processing described here.

Data we collect

Data you provide

  • Account data: username, email, password hash, country
  • Content you submit: forum posts, catalog contributions, comments, images
  • Messages sent through the private messaging system

Private messages are stored but not routinely accessed. They may be accessed only in cases of abuse reports or legal obligations.

Data collected automatically

  • IP address and technical metadata such as user agent, device, and timestamps
  • Logs required for security, stability, and abuse prevention
  • Anonymized analytics events

Cookies and local storage

We use cookies and equivalent technologies for:

  • Essential functionality such as login, session persistence, CSRF protection
  • Preference for UI settings
  • Measurement and analytics with Matomo self-hosted and Cloudflare Analytics
  • Advertising with Publift, Google Ad Manager, and partner networks

Purposes and legal bases

Operation of the service (contract necessity)

  • User account and features
  • Private messaging and public posting
  • Catalog submissions and community moderation

Security and abuse prevention (legitimate interest)

  • Logging and filtering
  • Fraud and attack mitigation via Cloudflare

Analytics (legitimate interest)

  • Matomo self-hosted with IP anonymization
  • Cloudflare Analytics for performance and security insight

Advertising (consent)

  • Personalized advertising is shown only if you consent via the cookie banner
  • If you reject, fallback non-personalized ads are shown

Legal obligations

  • Compliance with court orders and required disclosures

Sharing and disclosure

Data may be shared with processors for the purposes above:

  • Hosting provider with servers in Canada
  • Cloudflare for security, delivery, and analytics through a global edge network
  • Publift and Google Ad Manager with partner ad networks under consent for ads
  • Payment processors if and when paid services are used

No personal data is sold.

Consent management

You can manage your cookie and advertising consent at any time via the on-site tool:

Essential cookies cannot be disabled as they are required for the service to function. Personalized ads are disabled unless you explicitly consent.

Retention

  • Account data is kept while your account is active
  • You may delete your account from the account settings page
  • Logs and security data are retained only as technically necessary for security and continuity
  • Data may be retained longer where required by law

User rights under GDPR

You may request:

  • Access to your data
  • Rectification
  • Erasure
  • Restriction or portability where applicable

To exercise rights not available through self-service UI, contact us at the address below.

International transfers

The service is hosted in Canada and delivered worldwide via Cloudflare. Transfers are safeguarded by contractual and technical measures.

Security

We use technical and organizational measures to protect data, including HTTPS transport, hashing of passwords with bcrypt, access control, and monitored infrastructure.

Updates to this policy

We may update this policy. The updated version will be published on this page with a revised effective date.

Contact

For privacy questions or rights requests:
Numista EURL
9 boulevard Albert 1er
06600 Antibes
France