Privacy

Your data stays yours.

Chillo is built to be useful without being intrusive. This page explains the data we process, why, how long we keep it, and the rights you have over it.

Last updated: 10 May 2026. For any privacy-related question, you can write to contact@cardasoft.com.

Data controller

The data controller is Cardasoft, publisher of Chillo. For any contact related to data protection: contact@cardasoft.com.

Marketing website

The Chillo website (this marketing site) does not set advertising tracking cookies and does not rely on third-party analytics. No personal data is collected just by browsing the pages.

Data processed in the app

To work, the Chillo app needs your email address and an account identifier, along with the content you add to it: groups, expenses, income, balances, todos, notes. This data is required for the service.

Purposes

Data is processed to: create and secure your account, run groups and compute balances, send the relevant notifications, manage your Premium subscription where applicable, and respond to your support requests.

Legal bases

Processing is based on the performance of the contract that binds you to the service (Article 6.1.b GDPR) for core features, on your consent for any optional communications (Article 6.1.a) and on the legitimate interest in keeping the service secure (Article 6.1.f).

Retention periods

Account data is kept while your account is active. Once the account is deleted, it is erased within 30 days, except for accounting or tax records that may be subject to longer legal retention obligations.

Recipients and processors

Your data is neither sold nor rented. It is accessible to the Cardasoft team strictly to operate the service, and hosted with technical providers bound by GDPR-compliant contracts. The exact list of subprocessors is available on request.

Transfers outside the EU

Where data may be transferred outside the European Union, the transfer takes place under appropriate safeguards (standard contractual clauses, adequacy decision), as required by Articles 44 and following of the GDPR.

Your rights

You have rights of access, rectification, erasure, restriction, objection, and data portability, along with the right to set instructions on the fate of your data after death. You can exercise these rights by writing to contact@cardasoft.com.

Complaints

If you feel your rights are not respected, you can lodge a complaint with the supervisory authority in your country. In France this is the CNIL.

Security

Cardasoft applies reasonable technical and organisational measures to protect your data: encrypted transport, restricted access, and logging of sensitive operations.

Updates to this policy

This policy may be updated to reflect changes to the service or regulation. The update date is shown at the top of this page. In case of a material change, you will be informed directly in the app.