Puis-je changer de plan à tout moment ?

Oui, vous pouvez passer à un plan supérieur ou inférieur à tout moment. Les changements prennent effet immédiatement.

Y a-t-il un essai gratuit ?

Oui, les plans Professionnel et Équipe bénéficient d'un essai gratuit de 14 jours, sans carte bancaire requise.

Mes données sont-elles sécurisées ?

Absolument. ReNot utilise un chiffrement AES-256 de bout en bout et est conforme au RGPD. Vos données clients sont chiffrées individuellement par clé utilisateur.

Puis-je annuler mon abonnement ?

Oui, vous pouvez annuler à tout moment depuis votre espace client. Vos données restent accessibles jusqu'à la fin de la période payée.

ReNot est-il conforme au RGPD ?

Oui, ReNot est entièrement conforme au RGPD. Les données sont hébergées en Europe et chiffrées. Vous pouvez exporter ou supprimer vos données à tout moment.

GDPR Compliant

Privacy Policy

Last updated: May 7, 2026

1. Data Controller

The controller responsible for processing personal data collected through the ReNot platform is:

Company

Daw's Software

Product : ReNot

Address

Les Trixhes 4, 4890 Thimister-Clermont, Belgium

adrien.dawans@daws-software.be

Phone

+32 471 29 55 60

For any questions about your personal data or to contact our Data Protection Officer (DPO), write to: adrien.dawans@daws-software.be

2. Scope

This policy applies to all users of the ReNot platform, whether registered as a professional or as a patient/client. It describes the categories of data processed, the legal basis for processing, the security measures in place, and the rights you hold under Regulation (EU) 2016/679 (GDPR) and applicable Belgian law.

3. Data Collected

The data collected varies depending on your user profile.

For professionals:

•Identity and account: first name, last name, professional email, phone number, password (hashed and salted — never stored in plain text)
•Professional data: professional title, domain and sub-specialty, office(s), working hours and availability
•Billing data: payment information (processed exclusively by Stripe), invoice history, subscription status
•Client/patient data: name, email, phone, session notes, attached documents, appointments — collected by the professional under their own responsibility
•Integration data: Google Calendar access token (if linked), Google OAuth identifier
•Technical data: IP address, browser, operating system, access logs

For patients / clients:

•Identity and account: first name, last name, email address, phone number, date of birth, nationality
•Health-adjacent data: only information you choose to provide (national number, booking notes)
•Appointments: history of past and future bookings, professionals consulted, appointment type
•Technical data: IP address, browser, operating system, access logs

4. Legal Basis for Processing

Each processing activity rests on a distinct legal basis:

Performance of a contract (art. 6.1.b GDPR): provision of ReNot services, account management, payment processing
Legitimate interest (art. 6.1.f GDPR): platform security, fraud prevention, service improvement
Legal obligation (art. 6.1.c GDPR): retention of billing data (10 years), compliance with judicial requests
Consent (art. 6.1.a GDPR): analytics cookies, optional marketing communications

5. Data Protection and Security

ReNot implements rigorous technical and organizational measures to protect your data:

Application-level encryption of sensitive data:

•Each professional account is associated with a unique encryption key, generated at account creation and never transmitted via the API or accessible to the ReNot team
•Client contact details (name, first name, email, phone) are stored encrypted in the database using this key
•The title and content of each session note are individually encrypted before storage
•Files and documents attached to client records are stored encrypted
•When a patient/client is linked to a professional, their identity is re-encrypted with the professional's unique key, ensuring data isolation between accounts
•Passwords are hashed with a unique random salt per account — no password is ever stored in plain text or recoverable

Infrastructure and additional controls:

•Data hosted exclusively within the European Union
•Encrypted transport (HTTPS/TLS) on all communications between your device and our servers
•JWT authentication tokens with limited lifetime
•Access to production data strictly limited to authorized administrators
•Access logging and continuous anomaly monitoring
•Regular encrypted backups

6. Use of Data

Your data is used for the following purposes:

For all users:

•Providing and improving platform features
•Account authentication and security
•Service communications (appointment confirmations, reminders, technical notifications)
•Compliance with our legal and regulatory obligations

Specific to professionals:

•Subscription management and billing
•Google Calendar synchronisation (if enabled)
•Customer support and technical assistance
•Aggregated and anonymised statistics to improve the product

7. Data Retention

Retention periods are defined based on the purpose of processing:

Active account data: retained for the duration of the subscription or active use
After account closure: deleted within a maximum of 30 days, unless a legal retention obligation applies
Billing data: retained for 10 years in accordance with Belgian accounting obligations
Security logs: retained for 6 months, then automatically deleted
Appointment data (patients): retained while the account is active, then deleted within 30 days

8. Processors and Data Sharing

Your data is never sold. It may be processed by the following processors, bound by contract and subject to GDPR-equivalent guarantees:

Hosting / Infrastructure: Railway (servers in the European Union)
Payment: Stripe Inc. — processes professional billing data only (card, invoicing). Stripe is PCI-DSS certified. Health data never transits through Stripe.
Transactional email: Hostinger (SMTP) — used for appointment notifications and service communications
Competent authorities: upon judicial or legal request only

9. Transfers Outside the European Union

Stripe Inc. is a US company. Professionals' billing data may transit through servers located in the United States. This transfer is governed by the Standard Contractual Clauses (SCCs) approved by the European Commission. No health data or patient data leaves the European Union.

10. Your Rights

Under GDPR (articles 15 to 22), you have the following rights, exercisable at any time:

Right of access (art. 15): obtain confirmation that data about you is being processed and receive a copy
Right to rectification (art. 16): have any inaccurate or incomplete data corrected
Right to erasure / right to be forgotten (art. 17): request deletion of your data, subject to legal retention obligations
Right to data portability (art. 20): receive your data in a structured, commonly used, machine-readable format
Right to object (art. 21): object to processing based on legitimate interest, including direct marketing
Right to restriction of processing (art. 18): request temporary suspension of processing of your data
Right not to be subject to automated decision-making (art. 22): ReNot does not carry out any profiling or fully automated decisions

To exercise any of these rights, contact: adrien.dawans@daws-software.be. We respond within a maximum of 30 days. If a dispute remains unresolved, you may lodge a complaint with the Belgian Data Protection Authority (APD): www.autoriteprotectiondonnees.be

11. Professionals — Own Responsibility (DPA)

Professionals using ReNot to manage patient records are themselves data controllers under GDPR for their patients' data. As such, they must: inform their patients of the use of ReNot as a management tool, obtain any necessary consents, and comply with obligations relating to health data (art. 9 GDPR). Daw's Software acts as a data processor (art. 28 GDPR). A Data Processing Agreement (DPA) is available on request at adrien.dawans@daws-software.be.

12. Cookies

We use cookies for the proper functioning of the platform and to improve your experience.

View cookie policy

13. Policy Changes

We may update this policy to reflect legal, technical, or service changes. In the event of a material change, you will be notified by email and/or a banner on the platform at least 15 days before the change takes effect. The date of last update is shown at the top of this document.

14. Contact and DPO

For any questions regarding this policy or to exercise your rights:

adrien.dawans@daws-software.be

Address

Les Trixhes 4, 4890 Thimister-Clermont, Belgium