Skip to main content
Petit Meme
  • Memes
  • Subscriptions
  • Suggest

Privacy Policy - Petit Meme

Last updated: April 2026

This Privacy Policy describes how Petit Meme (accessible at https://petit-meme.io) collects, uses and protects your personal data, in accordance with the General Data Protection Regulation (GDPR).

1. Data controller

The data controller is:

  • Petit Meme
  • Website: https://petit-meme.io
  • Contact: legal@petit-meme.io

When you create an account via Twitter/X, we collect your name, email address and profile picture. By signing in, you accept this Privacy Policy.

2. Data collected

2.1. Account data

When creating an account, we collect:

  • Username
  • Email address
  • Password (stored in hashed form)
  • Twitter/X identifier (for social login)

2.2. Browsing and session data

  • IP address (temporarily processed for security purposes)
  • Authentication session data (session cookies)
  • Last activity date (automatically updated on login and service usage)

2.3. View and interaction data

  • Anonymous identifier (anonId) for unique view counting (cookie, only with your consent)
  • Number of views and watch time for memes

2.4. Search and Algolia analytics data (with consent)

If you accept cookies, we send to Algolia:

  • View events (memes viewed)
  • Click events (memes clicked from search results)
  • An anonymous identifier (algoliaUserToken) linking these events, with no connection to your personal identity

This data is used to improve search result relevance and generate recommendations.

2.5. Studio generation data

When you use the Studio feature (generating images from memes), we record:

  • The date and time of each generation
  • The identifier of the meme used

This data is used for usage control (limiting the number of free generations) and service improvement (aggregated usage statistics). It is retained for 365 days, then automatically deleted.

2.7. AI search data

When you use the AI search feature (natural language description of a meme you're looking for), we record:

  • The text of your request (prompt)
  • Keywords extracted by the AI
  • Identifiers of the memes returned
  • The date of the search

This data is used for usage control (limiting the number of free searches) and service improvement. Your prompt is transmitted to Anthropic for keyword extraction, with no connection to your personal identity (only the request text is sent). Data is retained for 365 days, then automatically deleted.

2.8. Payment data

Payments are handled by Stripe. We never store your credit card information. Stripe collects the data necessary for payment processing in accordance with its own privacy policy.

3. Purposes and legal bases

PurposeLegal basisData concerned
Account creation and managementPerformance of contractUsername, email, password
Authentication and securityLegitimate interestSession data, IP
View counting (with anonId cookie)ConsentAnonymous identifier
Search improvement (Algolia Insights)ConsentAnonymous identifier, view and click events
Payment processingPerformance of contractData transmitted to Stripe
Sending transactional emailsPerformance of contractEmail address
Meme searchPerformance of contractSearch queries
Usage control and Studio analyticsLegitimate interestGeneration date, meme identifier
AI search by natural languagePerformance of contractPrompt, extracted keywords, results, date
Inactivity detection and account anonymizationLegitimate interestLast activity date
Error tracking and service stabilityLegitimate interestTechnical data (URL, browser, error traces)

4. Cookies

Cookie table

NamePurposeDurationConsent required
cookieConsentRemember your consent choice1 yearNo (strictly necessary)
better-auth.session_tokenAuthentication sessionSession durationNo (strictly necessary)
themeTheme preference (light/dark)1 yearNo (strictly necessary)
PARAGLIDE_LOCALERemember the chosen language (fr/en)1 yearNo (strictly necessary)
localeBannerDismissedRemember dismissal of the language suggestion banner1 yearNo (strictly necessary)
anonIdUnique view counting1 yearYes
algoliaUserTokenLinking search events (views, clicks) for Algolia1 yearYes

You can manage your cookie preferences at any time. If you decline analytics cookies, the anonId and algoliaUserToken cookies will not be set. No events will be sent to Algolia.

5. Sub-processors and recipients

We use the following sub-processors for the operation of the service:

Sub-processorPurposeLocation
StripePayment processingUnited States (standard contractual clauses)
ResendSending transactional emailsUnited States (standard contractual clauses)
Bunny CDNVideo hosting and deliveryEuropean Union
AlgoliaSearch engineEuropean Union / United States (standard contractual clauses)
Twitter/XSocial authentication (OAuth)United States (standard contractual clauses)
SentryError tracking and stability monitoringGermany (European Union)
Google FontsLoading display fonts (IP address transmitted)United States (standard contractual clauses)
NeonDatabase hostingUnited States (standard contractual clauses)
VercelApplication hosting and executionUnited States (standard contractual clauses)
AnthropicAI search by natural languageUnited States (standard contractual clauses)

For data transfers outside the European Union, appropriate safeguards are in place (European Commission standard contractual clauses).

6. Data retention periods

DataRetention period
Account dataUntil account deletion by the user
Session dataDuration of active session (automatically deleted upon expiry)
Verification tokensAutomatically deleted 24 hours after expiry
Detailed view data (MemeViewDaily)90 days, then aggregated (global counter) and deleted
anonId cookie1 year (with consent)
algoliaUserToken cookie1 year (with consent)
Algolia event data (views, clicks)Per Algolia's retention policy (30 days by default)
Studio generation data365 days, then automatically deleted
Administrative audit log data2 years, then automatically deleted
AI search data365 days, then automatically deleted
Last activity dateCleared upon account deletion or anonymization
Payment data (Stripe)Per Stripe's legal obligations
Transactional emailsPer Resend's retention policy

An automated cleanup process runs once a week to delete expired sessions, obsolete verification tokens and aggregate view data beyond 90 days.

Upon deletion of your account, your personal data is deleted within 30 days, except for data we are required to retain under legal obligations.

7. Your rights

Under the GDPR, you have the following rights:

  • Right of access: obtain a copy of your personal data
  • Right to rectification: correct inaccurate or incomplete data
  • Right to erasure: request the deletion of your data
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to the processing of your data based on legitimate interest
  • Right to withdraw consent: withdraw your consent to analytics cookies at any time

To exercise your rights, contact us at: legal@petit-meme.io

We commit to responding to your request within one month.

8. Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encrypted communications (HTTPS/TLS)
  • Password hashing
  • Restricted access to personal data
  • Secure hosting

9. Filing a complaint with the CNIL

If you believe that the processing of your personal data constitutes a violation of the GDPR, you have the right to file a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL):

  • Website: https://www.cnil.fr
  • Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07

10. Changes to this policy

Petit Meme reserves the right to modify this Privacy Policy. In the event of a substantial change, users will be informed via the website.

11. Contact

For any questions regarding this privacy policy: legal@petit-meme.io

PrivacyTermsLegal noticeDMCA