Privacy Policy
Last updated: March 2026 · Effective date: March 2026This Privacy Policy explains how MB Europe (Mertcan BILGILI, auto-entrepreneur, 28000 Chartres, France) collects, uses, stores, and protects your personal data when you use the MBPlastiPro platform. We comply with the General Data Protection Regulation (GDPR — EU 2016/679) and the French Data Protection Act (Loi Informatique et Libertés).
1. Data Controller
MB Europe – MBPlastiPro
Mertcan BILGILI (auto-entrepreneur)
28000 Chartres, France
SIREN: 102599859 · SIRET: 10259985900018
Email: mertcan@metinbilgili.com
2. Data We Collect
2.1 Account data (provided by you)
- Full name — used to personalise your account and confirmation emails.
- Email address — used for authentication, email verification, and service communications.
- Password — stored as a SHA-256 hash only; we never store your plaintext password.
- Subscription plan — Free, Pro, or Expert, to manage feature access and billing.
- Marketing consent flag — whether you have opted in to receive product updates and technical emails.
2.2 Usage data (collected automatically)
- Calculator inputs and results (stored locally in your browser via localStorage; not transmitted to our servers unless you save a project).
- AI troubleshooting session counts (stored server-side to enforce plan limits).
- Project data you choose to save (name, description, results).
- Consultation requests you submit.
2.3 Technical data
- IP address and approximate geolocation (country/city) — used for language detection and abuse prevention.
- Browser type, operating system, and device type — used for compatibility and error logging.
- Session authentication token — stored in localStorage on your device.
3. Legal Bases and Purposes
| Purpose | Data used | Legal basis |
|---|---|---|
| Account creation and authentication | Name, email, password hash | Contract performance (Art. 6(1)(b) GDPR) |
| Email verification | Email, name, one-time token | Contract performance |
| Delivering the platform service | All account and usage data | Contract performance |
| Enforcing subscription plan limits | Email, plan, usage counters | Contract performance |
| Transactional emails (verification, billing) | Email, name | Contract performance / Legitimate interest |
| Product updates and newsletters | Email, name | Consent (Art. 6(1)(a) GDPR) — opt-in only |
| Bot and fraud prevention (reCAPTCHA) | Behavioural signals at registration | Legitimate interest (Art. 6(1)(f) GDPR) |
| Security monitoring and abuse prevention | IP address, usage logs | Legitimate interest |
4. reCAPTCHA
We use Google reCAPTCHA v2 on our registration form to protect against automated bot registrations. When you interact with the reCAPTCHA widget, Google collects data including your IP address and browser behaviour, processed according to Google's Privacy Policy. We rely on legitimate interest as the legal basis, as bot prevention directly protects all users of the platform.
5. Marketing Communications
We only send product update and newsletter emails to users who have explicitly opted in during registration by ticking the marketing consent checkbox. This consent is:
- Freely given — the checkbox is unchecked by default and not required to create an account.
- Specific — it covers MBPlastiPro product updates and technical content only.
- Revocable — withdraw at any time via the unsubscribe link in any marketing email, or by emailing mertcan@metinbilgili.com.
Withdrawing marketing consent does not affect your account or access to the platform.
6. Data Storage and Retention
Your account data is stored in Vercel KV (powered by Upstash Redis). Vercel participates in the EU-US Data Privacy Framework.
| Data type | Retention period |
|---|---|
| Unverified registration tokens | 30 minutes (auto-deleted) |
| Active account data | Duration of account + 90 days after deletion request |
| Consultation submissions | 3 years from submission |
| Billing records | 10 years (French accounting law) |
| Security / access logs | 90 days rolling |
7. Third-Party Service Providers
We share your data only with the following sub-processors, solely to deliver the service:
| Provider | Purpose | Data transferred | Location |
|---|---|---|---|
| Vercel Inc. | Platform hosting, serverless functions, KV database | All account and usage data | USA / EEA (DPF) |
| Resend Inc. | Transactional email delivery | Email address, name | USA |
| Google LLC | reCAPTCHA bot prevention | IP address, browser behaviour | USA |
We do not sell, rent, or share your personal data with any other third parties for marketing or commercial purposes.
8. Your Rights Under GDPR
As a resident of the European Economic Area, you have the following rights:
To exercise any of these rights, contact us at mertcan@metinbilgili.com. We will respond within 30 days. Account deletion requests via the Settings page are processed immediately.
9. Cookies and Local Storage
MBPlastiPro does not use tracking or advertising cookies. We use browser localStorage exclusively to store your session token, language preference, and locally cached calculator data. This data stays on your device and is not transmitted to our servers unless you save a project. The Google reCAPTCHA widget may set its own security cookies; these do not require consent under the ePrivacy Directive.
10. Data Security
Security measures include: passwords stored as SHA-256 hashes only; all data in transit encrypted via HTTPS/TLS; KV database access restricted to authenticated serverless functions; email verification required before activation; reCAPTCHA to prevent automated registrations. In the event of a data breach, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay.
11. Children's Privacy
MBPlastiPro is intended for professional use and not directed at users under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with data, please contact us immediately.
12. Supervisory Authority
CNIL (Commission Nationale de l'Informatique et des Libertés)
3 Place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07
www.cnil.fr
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email and by posting the updated Policy on this page with a revised effective date.
14. Contact
MB Europe – MBPlastiPro
28000 Chartres, France
Email: mertcan@metinbilgili.com
We aim to respond to all requests within 30 days.