Sidekick's commitment to privacy

Hello! I’m Josselin, and I want to express how we ensure your data is securely transmitted and processed.

We’ve designed our system so that even we can’t track individual user requests. Your activities remain completely private.

Every interaction you have with Sidekick is secured through a custom web service that ensures that your data is protected at every step.

We act purely as blind middlemen and do not store any data. Your requests are not linked to any personal identifiers like an Apple ID.

For any questions about our privacy practices, please contact us.

Enjoy using your Sidekick with peace of mind!

Josselin Colletta

CEO

Table of contents

Privacy Policy - Carton Rouge

Last updated: May 11, 2026

Version : 1.0

This policy explains how personal data is processed in the Carton Rouge mobile application.

Before publication, complete the fields in brackets:

- Data controller: Backspace

- Address: 230 route des Dolines, Valbonne, France

- Privacy contact: dev@backspace.vision

- Support contact: dev@backspace.vision

- Database hosting region: Ireland

1. Who is responsible for your data?

The Carton Rouge application is published by [legal entity / publisher to confirm], the data controller for the personal data collected through the application.

For any question about this policy or about exercising your rights, you can contact us at: [privacy email to confirm].

2. What is the application for?

Carton Rouge lets users discover limited-edition physical artworks, preview selected artworks in augmented reality with SizeFit, follow artworks, request an alert, send a bespoke project brief, or submit a confidential offer to the Carton Rouge team.

The application does not sell digital goods, does not process in-app payments, and does not create user accounts.

3. What data do we collect?

Data you provide voluntarily

When you submit an offer, an alert request, or a bespoke project brief, we may collect:

- first and last name;

- email address;

- phone number, when requested or provided;

- company, where applicable;

- free-form message, creative brief, or comment;

- artwork, variant, format, or color concerned;

- proposed offer amount;

- date, time, and text of the consent given.

Data related to your use of the application

To operate the experience and understand interest in the artworks, we may process:

- application-generated session identifier;

- application-generated installation or device identifier;

- followed artworks or variants;

- active alerts;

- first-party interaction events, such as app open, artwork view, SizeFit open, format or color change, share, request start, or request submission;

- limited technical metadata associated with those events.

This data is used for application functionality, security, abuse prevention, product-interest measurement, and the commercial follow-up requested by the user.

Camera, augmented reality, and photos

The camera is used only to display the artwork in your space with SizeFit. AR scene information is processed on the device for the augmented reality display.

Carton Rouge does not upload your camera feed, does not collect your environment, and does not access your existing photo library.

If you use the capture button in SizeFit, the image is saved locally to your photo library by iOS. This capture is not sent to Carton Rouge by the application.

Data we do not collect

In the current version of the application, we do not collect:

- payment data or bank details;

- advertising identifier IDFA;

- precise geolocation data;

- address book or contacts;

- contents of your photo library;

- health data;

- data from data brokers;

- data used for cross-app or cross-site advertising tracking.

4. Why do we use this data?

We use personal data for the following purposes:

- to operate the application, catalogue, followed artworks, alerts, SizeFit, and forms;

- to respond to an offer, alert request, information request, or bespoke project brief;

- to prepare a commercial exchange concerning a physical artwork;

- to keep proof of the consent given when submitting a form;

- to secure the application, limit abuse, and detect abnormal usage;

- to measure interest in artworks and improve the experience, using only strictly necessary data or where the applicable consent has been collected.

Depending on the case, these processing activities are based on:

- pre-contractual steps requested by the user, in particular when the user submits an offer or commercial request;

- consent, in particular for alerts, certain follow-up contacts, and forms that explicitly request it;

- Carton Rouge's legitimate interest in securing the application, responding to received requests, and improving its service, while respecting users' rights;

- compliance with legal obligations, if a commercial relationship leads to contractual, accounting, or administrative documents.

5. Who can access the data?

The data is accessible only to the people and service providers who need it for the purposes described above:

- the Carton Rouge team and its authorized representatives;

- technical service providers required to operate the application, including Supabase for backend hosting and database services;

- Apple, only in connection with app distribution, iOS system permissions, and Apple services used by the user;

- advisors, authorities, or authorized third parties where necessary to comply with a legal obligation, protect our rights, or handle an official request.

We do not sell your personal data. We do not share it with advertising networks, data brokers, or partners for cross-app or cross-site advertising targeting.

6. Where is the data hosted?

Application data is hosted in a database set in Ireland.

If data is transferred outside the European Economic Area, Carton Rouge will ensure that appropriate safeguards are in place in accordance with applicable regulations.

7. How long do we keep the data?

Data is kept only for as long as necessary for the purposes for which it is collected.

As an indication, unless deletion is requested, a legal obligation applies, or proof is required:

- offer requests, alert requests, bespoke project briefs, and contact details: up to 3 years after the last contact or last commercial interaction;

- proof of consent: for as long as necessary to manage the relevant request and prove the consent;

- interaction events and session data used for product analytics: up to 13 months;

- data needed for security, abuse prevention, or incident resolution: for the period strictly necessary for those purposes;

- contractual, accounting, or administrative documents that may be created after a commercial relationship: for the applicable legal retention periods.

AR captures saved to your photo library remain on your device and are managed by you through iOS.

8. Security

Carton Rouge implements measures intended to protect personal data, including:

- encrypted network communications via HTTPS/TLS;

- local storage of technical identifiers in secure device mechanisms where available;

- backend access controls;

- server-side checks, rate limiting, and validation of submitted data;

- separation between contact data and technical events where possible.

No method of transmission or storage is completely infallible. In the event of an incident that presents a risk to the individuals concerned, Carton Rouge will apply the notification obligations required by applicable regulations.

9. Your rights

Depending on the applicable regulations, you may request:

- access to your data;

- correction of inaccurate data;

- deletion of your data;

- restriction of processing;

- objection to certain processing activities;

- portability of the data you provided;

- withdrawal of your consent where the processing is based on consent.

To exercise these rights, contact us at: [privacy email to confirm].

We may ask you for reasonable additional information to verify your identity and process your request.

If you believe your rights are not being respected, you may lodge a complaint with the CNIL: https://www.cnil.fr/

10. iOS permissions

The application may request certain iOS permissions when they are needed:

- Camera: used for SizeFit and augmented reality.

- Add to Photos: used only if you choose to save an AR capture to your photo library.

You can change these permissions at any time in your device's iOS settings.

11. Minors

Carton Rouge is intended for an audience interested in collectible physical artworks and is not directed at children. We do not knowingly seek to collect personal data about minors.

12. Changes to this policy

This policy may be updated to reflect changes to the application, our practices, or legal obligations. The last updated date will be changed accordingly.

In the event of a material change, we will take reasonable steps to inform you.