Privacy Policy

LAST UPDATED: 27 JUNE 2026

This Privacy Policy takes effect upon registration for new users, and on the date it is published on our site for existing users.

Opinagora is a rewards panel: you earn points by answering surveys and completing missions (downloading games, testing apps or websites, etc.), then redeem those points for gift cards and other rewards. This policy describes the data we collect in this context, what we do with it, who we share it with, and the rights available to you.

Data controller and Data Protection Officer

The information collected on this site is recorded in a file by Cre'Online, acting as data controller, represented by Fabrice Payet, manager, for the purposes set out in this policy under "How do we use the information we collect".

You can contact the data controller by email at [email protected].

We have appointed a Data Protection Officer (DPO), Gaëlle Lefevre, responsible for overseeing our compliance with the General Data Protection Regulation (GDPR). You can contact her with any question about your personal data at [email protected].

The information we collect

Information you provide at registration

When you create your account on the Opinagora panel, we collect the following information through the registration form:

• your name (or username)
• a valid email address
• a password (which we never store in plain text, see "Protecting your data")
• your country
• your language
• your date of birth
• your gender

Date of birth and gender are collected at registration because they determine eligibility for many surveys. Providing all of this information is required to open your account and access our services.

If you register or sign in through a third-party provider (Google, Facebook), we receive from that provider your account identifier, your email address (verified by the provider) and your name. We then ask you to complete your country, language, date of birth and gender.

Profile information (optional)

You may provide additional information by answering profiling questionnaires, for example:

• your level of education
• your household composition and income
• your professional situation
• your interests and consumption habits
• your economic and financial situation

This information is helpful but not mandatory. If you do not provide it, you may not have access to certain surveys, or you may be offered surveys that match your profile less closely.

Delivery data (Product Test rewards)

When you take part in a "Product Test" mission that involves shipping a physical item, we collect the information needed for delivery: recipient name, postal address and phone number. This information is collected only if you apply for that type of mission, and it is encrypted at rest in our database.

Information collected automatically

Other information is collected when you use our site, whether or not you are signed in to your member account:

• your connection data (IP address, browser type and version, operating system, device identifier)
• your usage data (pages visited, items clicked, surveys and missions you take part in, points earned and spent)
• referral information (if you reach our site through an external link or an acquisition partner, we record the source that referred you)

If you contact us through our support form or by email, we keep a record of that correspondence in order to handle your request.

Legal bases for processing

In accordance with the GDPR, each processing activity relies on a specific legal basis:

• Performance of a contract: creating and managing your account, processing your participation in surveys and missions, calculating and crediting your points, sending your rewards and service-related communications (account notifications, survey invitations, information about your points) rely on the performance of the contract between us (our terms of service).
• Consent: optional profiling questionnaires and certain cookies and trackers (see "Use of cookies") rely on your consent, which you can withdraw at any time.
• Legitimate interest: fraud prevention, multiple-account detection, platform security and service improvement rely on our legitimate interest, balanced against your rights and freedoms.
• Legal obligation: certain data (in particular accounting data and data relating to rewards paid out) is retained to comply with our legal and regulatory obligations.

How do we use the information we collect?

All the data we collect serves to build and operate a panel of members likely to take part in market research matching their profile, and to pay them the associated rewards. Cre'Online processes your data for the following purposes:

• offering you and sending you invitations to paid surveys matching your profile
• allowing our research partners to offer you surveys matching your profile
• offering you missions (partner offers, app, game or website testing)
• calculating, crediting and adjusting your points, and sending your rewards (gift cards, PayPal, prepaid cards, or physically shipped products)
• sending you notifications about your account, your points and our services
• preventing, detecting and handling fraud, multiple accounts and security breaches
• producing anonymous statistics on panel composition and study results
• responding to your requests through our support
• keeping you informed of new features and improvements to our services
• improving our services and developing new features

In carrying out this processing, we do not conduct direct marketing on behalf of third parties and we do not sell your data to telemarketers or advertising agencies.

The information we share

Research partners and their clients

The surveys offered to you come from our research providers (research institutes and survey platforms) and from their own clients. When you access a survey, certain data about you is transmitted to that partner, namely a pseudonymous panelist identifier, a hashed version of your email address, and the profile answers relevant to the survey concerned (for example your age range, gender, device type and the other profiling answers you have provided), for the sole purposes of:

• identifying the surveys for which you are eligible
• redirecting you to those surveys and confirming your participation
• compiling and analysing study results in statistical form

Our main research provider is Cint AB. You can read its participant privacy notice at: https://www.cint.com/participant-privacy-notice/

Service providers and processors

To operate the service, we use processors that access your data only on our behalf and according to our instructions:

• Survey supply: Cint AB.
• Missions and offers: our mission partners, including the inBrain platform and partner offer networks (CPA), to whom we transmit a tracking identifier in order to validate your participation and credit your points.
• Electronic reward delivery: Tremendous, LLC (gift cards, PayPal, prepaid cards).
• Fraud prevention and geolocation: MaxMind, Inc. (minFraud and GeoIP services).
• Transactional email delivery: Amazon Web Services (Amazon SES).
• Avatar hosting and content delivery: Cloudflare, Inc.
• Translation of content and support messages: DeepL SE.
• Social sign-in: Google and Meta (Facebook), when you choose this registration or sign-in method.
• Bot protection (CAPTCHA): Cloudflare, Inc. (Turnstile service at registration).
• Technical monitoring and error tracking: Sentry (Functional Software, Inc.).
• Infrastructure hosting: Hetzner Online GmbH (Germany, European Union).
• Customer reviews: Trustpilot, if you choose to publish a review.

Other cases of sharing

We may also share data in order to:

• comply with a legal, regulatory or judicial obligation, or any request from a competent public authority
• enforce our terms of use and investigate possible violations
• detect, prevent or address fraud, security breaches or technical issues
• protect the rights, property or safety of our members, the public or Cre'Online

We work with our partners and processors to ensure they uphold high standards of privacy and security, which we review regularly.

Transfers of your data outside the European Union

In order to offer you more surveys and to pay your rewards, some of our partners and providers are located outside the European Union, in particular in the United States. The data concerned may include your panelist identifier, your profile criteria, and the information needed to deliver your rewards.

We frame these transfers using the appropriate safeguards provided by the GDPR:

• where the recipient is established in a country benefiting from an adequacy decision of the European Commission, the transfer relies on that decision;
• where the recipient is established in the United States and certified under the EU-US Data Privacy Framework, the transfer relies on that certification;
• in all other cases, we enter into the Standard Contractual Clauses adopted by the European Commission with the recipient, supplemented where necessary by additional technical and organisational measures.

You can obtain a copy of the applicable safeguards by writing to us at [email protected].

Sensitive data

Cre'Online refrains from collecting, using or storing data revealing racial or ethnic origin, political, philosophical or religious opinions, trade union membership, sex life or sexual orientation, or health data of panel members.

Protection of minors

Our services are not intended for, and may not be used by, persons under the age of 16. Cre'Online does not knowingly collect personal data from minors under 16 and does not allow them to open an account. If we learn that a minor's personal information has been collected, we may delete it without notice. If you believe this has happened, please contact us.

Use of cookies

When you browse our site, information may be stored in "cookie" files placed on your device (computer, tablet, phone). A cookie is a small file that allows its issuer to recognise your device on later visits. We use the following categories:

• Technical cookies and trackers: necessary for navigation, access to your member account and security (for example, recognising you after sign-in, or avoiding sending you a survey you have already completed). They rely on the legitimate interest in the proper functioning of the service and do not require your consent. Blocking them through your browser may prevent you from accessing certain features.
• Fraud prevention tracker: to protect the panel against fraud and multiple accounts, we use a device identifier provided by our processor MaxMind (cookie __mmapiwsid, retained for up to 2 years). This processing relies on our legitimate interest in ensuring service security and fraud prevention. You have a right to object under Article 21 of the GDPR (see "Managing and accessing your data").
• Audience measurement cookies: where applicable, to measure traffic and improve the usability of the site. They produce only statistics and are placed only with your consent. Their lifespan does not exceed 13 months.

You can manage or withdraw your consent to non-essential cookies at any time through your browser settings or the management tools offered on the site.

Protecting your data

We guarantee respect for your privacy and the security of the data collected, stored in a secure database.

Your password is stored in encrypted (hashed) form: we never have access to it in plain text. If you forget it, you must use the "Forgot password" function to set a new one. The delivery data for product tests (name, address, phone) is encrypted at rest.

We recommend that you choose a strong password, never share it with anyone, sign out after use (especially on a shared device) and keep your devices secure (firewall, antivirus).

We take appropriate technical and organisational measures to protect your data against loss, alteration, disclosure or unauthorised access. However, no method of transmission or storage is entirely infallible. In the event of a data breach likely to result in a risk to your rights and freedoms, we undertake to notify the competent supervisory authority within 72 hours and, where applicable, to inform you.

Managing and accessing your data

In accordance with the GDPR, you have the following rights over your personal data, subject to the exceptions and limitations provided by law:

• Right of access: to know what data we hold about you and obtain a copy.
• Right to rectification: to have your data corrected or updated.
• Right to erasure: to obtain the deletion of your data ("right to be forgotten").
• Right to restriction: to request that the processing of your data be restricted in certain cases.
• Right to object: to object to processing based on legitimate interest, in particular the fraud prevention tracker.
• Right to withdraw consent: to withdraw at any time a consent previously given, without retroactive effect.
• Right to portability: to receive a copy of the data you have provided to us in a structured format, and to transmit it to another controller.

Modifying your data

You can view and edit most of your data directly from your personal account.

Deleting and anonymising your account

You can delete your account at any time from your member area (profile page, "Delete my account" option). Deletion triggers irreversible anonymisation: we erase all data that identifies you (name, email, password, date of birth, gender, IP address, device identifier, delivery address, profiling answers, support content, etc.). To comply with our legal obligations and the integrity of our records, certain non-identifying data (in particular the financial history of points in pseudonymised form) is retained without being attributable to you.

If you have never taken part in our surveys, or if you do not meet the conditions of our registration process, we may delete your account.

Exercising your other rights

To exercise your other rights, write to us at [email protected]. We strive to respond within one month of receiving your request. This period may be extended by two further months given the complexity and number of requests; we would inform you accordingly.

Survey responses

When you take part in a survey, you are redirected to the survey of our partner or its client. Cre'Online is not the controller for the responses you provide within those surveys. We are therefore unable to directly handle your requests relating to those responses (access, rectification, deletion), but we will assist you by relaying your request to the relevant partner. When you contact us about this, please provide the link or invitation you used, the survey reference, and your name and email address.

Data retention

We retain your data for as long as your account is active. You can delete your account at any time, which triggers its irreversible anonymisation (see "Deleting and anonymising your account").

Independently, we apply a data minimisation policy: certain data is automatically deleted or anonymised at the end of rolling retention periods. For example, IP addresses, device identifiers, email send logs and technical fraud-analysis data are purged or anonymised after a few months. Certain data is retained longer where required by law (accounting and tax obligations) or for the establishment and defence of our rights, then deleted or anonymised.

Lodging a complaint with a supervisory authority

Without prejudice to any other remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your data infringes the GDPR. In France, the competent authority is the Commission Nationale de l'Informatique et des Libertés (CNIL), www.cnil.fr.

Changes to this Policy

We reserve the right to modify or update this Policy at any time. Any change will be published on this page, which we encourage you to consult regularly. In the event of a significant change in the way we collect or use your data, we will inform account holders by electronic means.