Legal
Last updated: 10 March 2026 · Effective: 10 March 2026
At Expiro, we take the privacy of your data seriously. This policy explains what data we collect, how we use it, and the rights you have over your information under GDPR.
We collect information you provide directly when you create an account, including your name, email address, business name, phone number, and billing information.
We automatically collect certain technical data when you use Expiro, including IP address, browser type, operating system, pages visited, and device identifiers.
Product and inventory data you enter into Expiro — including product names, barcodes, expiry dates, quantities, and store locations — is stored securely on our servers.
We may collect usage analytics to understand how features are used and to improve the platform. This data is aggregated and does not personally identify you.
To provide, maintain, and improve the Expiro platform and its features.
To process transactions and send related information, including purchase confirmations and invoices.
To send operational communications such as expiry alerts, stock notifications, and daily summaries, based on your notification preferences.
To respond to comments, questions, and requests and provide customer support.
To monitor and analyse trends, usage, and activities in connection with our services.
To comply with legal obligations and enforce our Terms of Service.
All data is stored on servers located within the European Union (EU) in compliance with GDPR requirements.
We use industry-standard encryption (TLS 1.3) for all data in transit. Data at rest is encrypted using AES-256.
Access to production systems is restricted to authorised Expiro personnel using multi-factor authentication.
We conduct regular security audits and penetration tests. Any security vulnerabilities are remediated promptly.
Despite our measures, no security system is impenetrable. We will notify affected users of any data breach within 72 hours in compliance with GDPR Article 33.
Right of Access: You may request a copy of all personal data we hold about you.
Right to Rectification: You may request correction of any inaccurate data we hold.
Right to Erasure ('Right to be Forgotten'): You may request deletion of your personal data. Note that certain data may be retained for legal compliance purposes.
Right to Data Portability: You may request your data in a structured, machine-readable format.
Right to Object: You may object to certain types of data processing, including direct marketing.
To exercise any of these rights, contact us at privacy@expiro.food. We will respond within 30 days.
Account data is retained for the duration of your subscription plus 90 days after account closure to enable recovery.
Audit logs and traceability records are retained for 5 years to comply with food safety regulations.
Billing information is retained for 7 years to comply with French and EU tax law.
After the applicable retention period, data is permanently deleted from all systems.
We may update this Privacy Policy from time to time. We will notify you of any material changes by email or via an in-app notification at least 30 days before the changes take effect.
Your continued use of Expiro after the effective date of a revised policy constitutes your acceptance of the updated terms.
If you have any questions about this Privacy Policy or our data practices, please contact our Data Protection Officer at: privacy@expiro.food
Expiro SAS, 123 Rue de la DLC, 75001 Paris, France.
