logo
To login

Privacy Policy

Effective date: 18 March 2026 Last updated: 18 March 2026
Important: This document is a courtesy translation of the original French version. In case of any discrepancy between this translation and the French version, the French version shall prevail and is the only legally binding document. This document is governed by French law.

Article 1 — Introduction

This Privacy Policy describes how FIDELIO APP (hereinafter "FIDELIO", "we" or "our") collects, uses, stores and protects the personal data of its Users (hereinafter "you" or the "User") in connection with the use of the website https://www.fidelio.app (the "Website") and the FIDELIO mobile application (the "Application"), hereinafter jointly referred to as the "Platform".

This policy falls within the framework of Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter the "GDPR") and French law No. 78-17 of 6 January 1978, as amended, known as the "Informatique et Libertés" law.

By using our Platform and creating a Member Account, you accept the practices described in this policy. We invite you to read it carefully.

Article 2 — Data Controller

The data controller for your personal data is:

FIDELIO APP
Simplified joint-stock company (SAS) with a share capital of 333 euros
RCS Paris: 983 417 924
SIRET (registered office): 983 417 924 00013
Registered office: 41 rue Aglophile Fradin, 86100 Châtellerault, France
Email: [email protected]

Article 3 — Data Collected

3.1 Data provided directly by the User

During registration and use of the Services, we collect the following information:

Category Data Time of collection
Identity First name, surname Registration
Contact Email address, mobile phone number Registration
Banking IBAN (for Wallet withdrawals) Withdrawal request
Payment Bank card data (processed by our payment provider MangoPay) Fidelio Prime subscription or gift card purchase
Referral Referral code used during registration Registration

3.2 Data collected automatically

When using the Platform, we may automatically collect the following data:

  • Browsing data: IP address, browser type and version, operating system, screen resolution, pages visited, visit duration, links clicked;
  • Application usage data: Application version, device identifier, performance and diagnostic data;
  • Geolocation data: only if you have given your explicit consent via your device settings (used to suggest Partner offers near you);
  • Cookies and trackers: in accordance with Article 10 of this policy.

3.3 Transaction-related data

We collect data relating to your purchases made via the Platform from FIDELIO Partners (date of purchase, amount, Partner concerned, cashback status), which is necessary for the attribution and validation of your Cashback Rewards.

Article 4 — Purposes of Processing

Your personal data is processed for the following purposes:

Purpose Description
Member Account management Creation, authentication (OTP), management and closure of your account
Provision of Services Cashback attribution, Wallet management, withdrawal processing, Fidelio Prime subscription management, gift card sales
Referral programme Affiliate tracking, calculation and payment of Affiliate Commissions
Communication Sending service-related notifications (confirmations, cashback alerts, Terms updates)
Marketing Sending commercial communications and promotional offers (with your prior consent)
Service improvement Analysis of Platform usage, anonymised statistics, user experience improvement
Fraud prevention Detection and prevention of fraudulent behaviour (multiple accounts, self-referral, abuse)
Legal obligations Compliance with tax, accounting and regulatory obligations

Article 5 — Legal Bases for Processing

In accordance with Article 6 of the GDPR, the processing of your data is based on the following legal grounds:

  • Performance of the contract (Article 6.1.b of the GDPR): management of your Member Account, provision of the Services, processing of transactions and withdrawals;
  • Consent (Article 6.1.a of the GDPR): sending marketing communications, use of non-essential cookies, geolocation;
  • Legitimate interest (Article 6.1.f of the GDPR): fraud prevention, Service improvement, usage statistics;
  • Legal obligation (Article 6.1.c of the GDPR): data retention for tax and accounting purposes.

You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent carried out prior to the withdrawal.

Article 6 — Data Recipients

Your personal data may be shared with the following categories of recipients, strictly to the extent necessary for the achievement of the purposes described above:

Recipient Purpose Data concerned
Authorised FIDELIO personnel Day-to-day management of the Services All necessary data
MangoPay S.A. (payment provider) Payment processing (subscriptions, gift cards) and bank transfers Identity, bank details, transaction data
Pleibicom / Buybox (gift card provider) Issuance and management of gift cards Order identifier, amount
Google Firebase (hosting and notifications) Application hosting, sending push notifications Device identifier, performance data
Amazon Web Services (hosting) Website and infrastructure hosting Technical data
Heroku / Salesforce (hosting) Backend API hosting Technical and application data
FIDELIO Partners Transaction tracking for cashback calculation Anonymised identifier, transaction data
Competent authorities Upon legal request (judicial requisition, tax audit) Any data required by law

FIDELIO does not sell, rent or in any way transfer your personal data to third parties for commercial purposes.

Article 7 — Data Transfers Outside the EU

Some of our technical providers (Google Firebase, Amazon Web Services, Heroku) may process data in countries located outside the European Union.

In such cases, FIDELIO ensures that appropriate safeguards are in place in accordance with Chapter V of the GDPR, including:

  • Adequacy decision of the European Commission (Article 45 of the GDPR);
  • Standard contractual clauses adopted by the European Commission (Article 46.2.c of the GDPR);
  • EU-US Data Privacy Framework (for certified American providers).

You may obtain a copy of the safeguards in place by contacting us at: [email protected].

Article 8 — Data Retention Period

Your personal data is retained for the following periods:

Type of data Retention period Legal basis
Member Account data Duration of the contractual relationship + 3 years after account closure Civil statute of limitations
Transaction data (cashback, purchases) 10 years from the close of the financial year Accounting obligations (article L.123-22 of the French Commercial Code)
Payment data 13 months from the debit (or 15 months for deferred debit cards) Article L.133-24 of the French Monetary and Financial Code
Connection data (logs) 1 year Decree No. 2011-219 (LCEN)
Cookies and trackers 13 months maximum CNIL recommendation
Commercial prospecting data 3 years from the last contact CNIL recommendation

At the end of these periods, data is deleted or irreversibly anonymised.

Article 9 — Data Security

FIDELIO implements appropriate technical and organisational measures to protect your personal data against destruction, loss, alteration, disclosure or unauthorised access, including:

  • Encryption of data in transit (HTTPS/TLS) and at rest;
  • Enhanced authentication via one-time password (OTP);
  • Restricted access to data on a need-to-know basis;
  • Regular backups and secure hosting;
  • Monitoring and logging of system access.

However, no method of transmission over the internet or electronic storage is entirely secure. FIDELIO cannot therefore guarantee absolute data security but undertakes to implement all reasonable means to ensure its protection.

Article 10 — Cookies and Trackers

10.1 What is a cookie?

A cookie is a small text file placed on your device (computer, smartphone, tablet) when you visit the Website. It stores information related to your browsing.

10.2 Types of cookies used

Type Purpose Consent required
Strictly necessary cookies Platform operation, authentication, security No (exempt)
Performance cookies Audience measurement, anonymised statistics Yes
Tracking cookies Tracking purchases from Partners for cashback attribution No (necessary for the service)

10.3 Managing your preferences

You may manage your cookie preferences at any time via your browser settings or via the consent banner displayed during your first visit to the Website.

Important: Disabling tracking cookies may prevent the correct attribution of cashback when you make purchases via the Platform.

Article 11 — User Rights

In accordance with the GDPR and the Informatique et Libertés law, you have the following rights over your personal data:

  • Right of access (Article 15 of the GDPR): obtain confirmation that data concerning you is being processed and receive a copy thereof;
  • Right to rectification (Article 16 of the GDPR): request the correction of inaccurate or incomplete data;
  • Right to erasure (Article 17 of the GDPR): request the deletion of your data, subject to legal retention obligations;
  • Right to restriction of processing (Article 18 of the GDPR): request the suspension of the processing of your data in certain circumstances;
  • Right to data portability (Article 20 of the GDPR): receive your data in a structured, commonly used and machine-readable format;
  • Right to object (Article 21 of the GDPR): object to the processing of your data based on legitimate interest, including profiling;
  • Right to define directives regarding the fate of your data after death (Article 85 of the amended Informatique et Libertés law);
  • Right to withdraw your consent at any time, where processing is based on consent.

How to exercise your rights?

You may exercise your rights by sending your request, accompanied by proof of identity, to the following address:

FIDELIO APP — Data Protection Officer
41 rue Aglophile Fradin, 86100 Châtellerault, France
Email: [email protected]

FIDELIO undertakes to respond to your request within one (1) month from its receipt. This period may be extended by two (2) additional months in the event of complexity or a high number of requests.

Article 12 — Data of Minors

FIDELIO Services are intended for persons aged eighteen (18) years or older. FIDELIO does not knowingly collect personal data from minors. If FIDELIO discovers that a minor has provided personal data, such data will be deleted as soon as possible.

Article 13 — Policy Amendments

FIDELIO reserves the right to amend this Privacy Policy at any time to reflect regulatory, technical or practice changes.

In the event of a substantial amendment, Users will be informed by email or by notification within the Application at least thirty (30) days before the amendments take effect.

The version in force is the one accessible on the Platform, identified by its last updated date.

Article 14 — Contact and Complaints

For any questions regarding this Privacy Policy or the exercise of your rights, you may contact us:

FIDELIO APP
41 rue Aglophile Fradin, 86100 Châtellerault, France
Email: [email protected]

If you believe, after contacting us, that your data protection rights are not being respected, you have the right to lodge a complaint with the French Data Protection Authority (Commission Nationale de l'Informatique et des Libertés — CNIL):

CNIL
3 Place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07
Website: https://www.cnil.fr

© 2026 FIDELIO APP — All rights reserved.

Cashback near you

Discover Fidelio partner merchants in your city

ParisMarseilleLyonToulouseNiceNantesMontpellierStrasbourgBordeauxLilleRennesToulonReimsSaint-ÉtienneLe HavreDijonAngersGrenobleNîmesAix-en-ProvenceClermont-FerrandBrestToursAmiensLimogesMetzPerpignanBesançonRouenOrléans