Privacy Policy
Last updated: 2026-05-14This Privacy Policy describes how STE FIDELIZI (operating under the trading name Authority Shapes), located at Résidence Al Mostakbel, Immeuble Dahlia, Manzeh 6, 2091 Ariana, Tunisia ("we", "us", "our"), collects, uses, and protects your personal data when you visit https://authorityshapes.com (the "Site") or engage with our services.
We comply with:
- Tunisian Law No. 2004-63 of July 27, 2004, on the protection of personal data
- Regulation (EU) 2016/679 ("GDPR") for users located in the European Union
1. Data Controller
The data controller is:
STE FIDELIZI
Résidence Al Mostakbel, Immeuble Dahlia, Manzeh 6, 2091 Ariana, Tunisia
Email: intake@authorityshapes.com
RNE Identifier: 1500925E
For all questions relating to the processing of your personal data or to exercise your rights, contact: intake@authorityshapes.com
2. Data We Collect
2.1 Data you provide directly
When you fill out a form on the Site (application form, newsletter subscription, clarity call request), we collect:
- Identification data: first name, last name
- Contact data: email address, phone number (optional)
- Professional data: company, role, industry, current revenue range, business challenges
- Any information you voluntarily provide in free-text fields
2.2 Data collected automatically
When you browse the Site, we may automatically collect:
- Technical data: IP address (anonymized), browser type, operating system, device
- Browsing data: pages visited, time spent, referring source
- Cookies and similar technologies (see Section 7)
2.3 Data we do NOT collect
We do not collect sensitive data within the meaning of Article 9 GDPR (racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, sexual orientation).
3. Purposes of Data Processing
We process your data for the following purposes:
| Purpose | Legal basis (GDPR) |
|---|---|
| Responding to your application or contact request | Performance of pre-contractual measures (Art. 6(1)(b)) |
| Sending newsletter and educational content | Consent (Art. 6(1)(a)) |
| Performance of our services contract | Contract performance (Art. 6(1)(b)) |
| Site analytics and performance optimization | Legitimate interest (Art. 6(1)(f)) |
| Compliance with legal obligations (accounting, tax) | Legal obligation (Art. 6(1)(c)) |
| Defense against legal claims | Legitimate interest (Art. 6(1)(f)) |
4. Data Retention
| Data category | Retention period |
|---|---|
| Application forms (not converted to client) | 24 months from last contact |
| Client data (during contract) | Duration of contract + 5 years (legal obligations) |
| Newsletter subscribers | Until unsubscribe + 3 months |
| Accounting and tax data | 10 years (legal obligation) |
| Website analytics (anonymized) | 14 months |
| Form submissions on Web3Forms infrastructure | 30 days (automatically deleted by service provider) |
5. Recipients of Your Data
Your data is accessed only by:
- Haithem Zribi and authorized personnel of STE FIDELIZI
- Technical service providers (data processors) acting under our instructions:
- Vercel Inc. (440 N Barranca Ave #4133, Covina, CA 91723, USA) — website hosting and privacy-friendly analytics (Vercel Analytics, no cookies, no individual user tracking)
- Web3Creative / Web3Forms (Kerala, India) — form submissions handling, with infrastructure hosted on Amazon Web Services (AWS US-East region, United States). Form submissions are retained by Web3Forms for a maximum of 30 days (free plan) or 1 year (pro plan), then automatically deleted.
We do not sell, rent, or trade your personal data to third parties.
6. International Data Transfers
Some of our service providers are located outside the European Union and Tunisia:
- Vercel Inc. (United States) — covered by the EU-US Data Privacy Framework (Adequacy Decision of the European Commission of July 10, 2023).
- Web3Forms / Web3Creative (India, with AWS infrastructure in the United States) — India is not covered by an EU adequacy decision. Transfers are made on the basis of your explicit consent when you submit a form, in accordance with Article 49(1)(a) GDPR ("derogations for specific situations"). By submitting any form on this Site, you acknowledge and consent to this transfer.
For data subjects in Tunisia, transfers are made in accordance with Articles 49-51 of Law No. 2004-63 and authorizations from the Instance Nationale de Protection des Données Personnelles (INPDP) where required.
You may withdraw your consent at any time by contacting intake@authorityshapes.com. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
7. Cookies and Tracking Technologies
This Site uses only strictly necessary technical cookies required for basic site functionality (e.g., session management, security). These cookies do not require consent under Article 5(3) of the ePrivacy Directive.
We do NOT use:
- Advertising or marketing cookies
- Third-party tracking cookies
- Google Analytics or any cookie-based analytics
- Retargeting or behavioral profiling tools
Privacy-friendly analytics: We use Vercel Analytics to measure aggregated site performance (page views, referrers, geographic distribution at country/city level, device types, Core Web Vitals). Vercel Analytics operates without cookies and does not track individual users or store personal data identifiable to a specific person. No consent is required for its use under GDPR and the ePrivacy Directive.
Search engine tools: We use Google Search Console and Bing Webmaster Tools to monitor our search engine visibility. These tools operate exclusively on Google's and Microsoft's infrastructure and do not place any cookies on your browser when you visit our Site.
If we ever introduce non-essential cookies (e.g., third-party analytics with personal data processing), we will update this Privacy Policy and display a consent banner before any such cookies are placed on your device.
8. Your Rights
Under the GDPR and Tunisian Law 2004-63, you have the following rights:
- Right of access (Art. 15 GDPR): obtain a copy of your data
- Right to rectification (Art. 16 GDPR): correct inaccurate data
- Right to erasure ("right to be forgotten", Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object to processing (Art. 21 GDPR)
- Right to withdraw consent at any time, where processing is based on consent
- Right to lodge a complaint with a supervisory authority:
- EU residents: your national Data Protection Authority
- Tunisia residents: Instance Nationale de Protection des Données Personnelles (INPDP) — www.inpdp.nat.tn
To exercise your rights, send a written request to intake@authorityshapes.com. We will respond within one (1) month of receipt, in accordance with Article 12 GDPR.
9. Data Security
We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction:
- TLS/HTTPS encryption for all data in transit
- Secure access to data storage (authentication, access controls)
- Regular review of security practices
- Limited data access on a need-to-know basis
10. Changes to This Policy
We may update this Privacy Policy from time to time. Any material change will be announced on the Site with an updated "Last updated" date. Continued use of the Site after such changes constitutes acceptance of the revised policy.
11. Contact
For any question relating to this Privacy Policy or to exercise your rights:
STE FIDELIZI — Authority Shapes
Email: intake@authorityshapes.com
Postal address: Résidence Al Mostakbel, Immeuble Dahlia, Manzeh 6, 2091 Ariana, Tunisia