Limeo

Privacy Policy

Last updated: April 17, 2026

Introduction

KRZ CORP ("Limeo", "we", "us") is committed to protecting the privacy of its users. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Limeo platform (limeo.io). This policy applies to all users of our B2B cloud cost optimization service.

Data Controller

The data controller is KRZ CORP, a SASU registered in France, located at 25 Rue de Ponthieu, 75008 Paris, France. SIREN: 948 579 339. For any questions regarding the processing of your personal data, contact us at privacy@limeo.io.

Data We Collect

We collect the following categories of data:

  • Account information: email address, full name, organization name, role
  • Authentication data: managed securely via Supabase (Google OAuth or email/password)
  • Cloud infrastructure metadata: resource identifiers, usage metrics, cost data from your connected cloud providers (AWS, GCP, Azure). We never access application data, secrets, or database contents.
  • Billing data: payment information processed by Stripe. We do not store credit card numbers on our servers.
  • Usage data: platform interactions, feature usage, session metadata, and logs for service improvement

Purpose of Data Processing

Your data is processed for the following purposes:

  • Providing and operating the Limeo cloud cost optimization service
  • Analyzing your cloud infrastructure to generate cost-saving proposals
  • Processing billing and invoicing through Stripe
  • Communicating with you about your account, service updates, and support

Legal Basis for Processing

We process your data based on: (a) the performance of our contract with you (Article 6(1)(b) GDPR) for service delivery and billing; (b) your consent (Article 6(1)(a) GDPR) for optional communications; (c) our legitimate interests (Article 6(1)(f) GDPR) for service improvement and security. You may withdraw consent at any time without affecting the lawfulness of prior processing.

Third-Party Services

We share data with the following third-party processors, all of whom are bound by data processing agreements:

  • Supabase (authentication and database hosting) — EU region
  • Stripe (payment processing) — PCI DSS compliant
  • Amazon Web Services (infrastructure hosting) — EU region (eu-west-1)
  • Vercel (frontend hosting and CDN)

Cookies

Limeo uses strictly necessary cookies for authentication and session management. We do not use advertising or tracking cookies. Authentication cookies are managed by Supabase and are essential for the platform to function. No consent is required for strictly necessary cookies under the ePrivacy Directive.

Data Retention

Account data is retained for the duration of your active use of the Service and for 12 months after account closure for legal and billing purposes. Cloud infrastructure metadata is retained for 90 days after analysis for audit trail purposes. Billing records are retained for the legally required period (10 years under French commercial law). You may request earlier deletion of non-mandatory data at any time.

Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

  • Right of access: obtain confirmation of whether your data is being processed and a copy of your data
  • Right to rectification: correct inaccurate or incomplete personal data
  • Right to erasure: request deletion of your data when it is no longer necessary
  • Right to restriction: request limitation of processing in certain circumstances
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interests

Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption at rest (AES-256) and in transit (TLS 1.2+), access controls, regular security audits, and incident response procedures. Cloud credentials are short-lived, renewed hourly, and never stored permanently.

Contact & DPO

For any questions or to exercise your rights, contact our Data Protection Officer at privacy@limeo.io or by mail at: KRZ CORP, 25 Rue de Ponthieu, 75008 Paris, France. You also have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés), the French supervisory authority.