Privacy Policy.

This policy explains how Seichō Partners processes your personal data when you interact with us.

• Identification and contact: email.
• Usage du site : cookies/traceurs (voir Cookie Policy).

We do not intentionally collect sensitive data. If you provide any, you consent to its processing for strictly necessary purposes.

• Fulfilling your requests / performing a contract (Art. 6-1 b GDPR).
• B2B prospecting, information regarding our offers and events (legitimate interest, Art. 6-1 f), or consent for newsletters/forms.

Access strictly limited to:

• Authorized Seichō Partners teams (marketing, sales, operations, HR).
• Technical subcontractors (see details below) bound by contract and security controls.
• Competent authorities where required by law.

We use the following providers to operate our website:

• Supabase Inc. — Database hosting and contact form storage. Data hosted in the EU (Frankfurt, Germany). SOC 2 Type II certified. GDPR-compliant DPA in place. Encryption in transit (TLS 1.3) and at rest (AES-256).
• Resend Inc. — Transactional emails (form confirmations, GDPR rights requests). Headquartered in the USA. Standard Contractual Clauses (SCC 2021/914) in place. Data processed transiently (transit only). SOC 2 Type II certified.
• Lovable — Website hosting and application infrastructure. Headquartered in Sweden (EU). European infrastructure. European company subject to the GDPR.
• Cloudflare Turnstile — Anti-spam and GDPR protection. USA / European Union. DPA, no tracking cookies, no cross-site profiling, GDPR compliant.

We retain data only as long as necessary:

• Lead generation: 3 years after the last contact or until consent is withdrawn.
• Client/vendor relationship: contract duration + legal statutes of limitation.

We prioritize hosting within the EEA. For transfers to the United States (Resend), we use the Standard Contractual Clauses (SCC 2021/914) approved by the European Commission, supplemented by technical measures (encryption, data minimization). You may obtain a copy of these safeguards upon request.

No fully automated decisions are made regarding you. Should this change, you will be notified and retain the right to human intervention.

Technical and organizational measures adapted to the risk level (access controls, encryption in transit/at rest when applicable, logging, authorization management, audits, DPIA if necessary).

You may exercise your legal rights regarding: access, rectification, erasure, restriction, objection, portability, withdrawal of consent, and post-mortem instructions.

DPO/Privacy contact: privacy@seicho-partners.com

Complaints: CNIL (after contacting us first).

View our Cookie Policy for purposes, durations, partners and your preference center (consent, withdrawal, settings).

We may update this policy to reflect changes in our practices, the law, or our tools. The version date is authoritative. Material changes may be communicated via a dedicated notification.