Legal Notice & GDPR (English version)

Transparency information and privacy policy for heliorank.lu.

Disclaimer. This is a non-binding English translation provided for the convenience of international clients. The French version at heliorank.lu/mentions-legales/ is the only legally binding version and prevails in case of dispute or interpretation discrepancy. Sensitive sections (Performance Engineering warranty, jurisdiction, liability cap) are translated in full; non-critical sections are summarized — refer to the French version for the authoritative wording.

1. Site publisher

Publisher: Allaoua Nahnah, independent consultant
Registered office: Sétif, Algeria
Email: ul.knaroileh@olleh
Phone: +33 5 82 95 23 76
WhatsApp: wa.me/33582952376

2. Hosting

Host: Cloudflare Pages (Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA)
Server location: Cloudflare global infrastructure with European servers (GDPR-compliant).
Serverless workers: Cloudflare Workers (same provider, same locations).

3. Personal data protection (GDPR)

Summary (sections 3.1 to 3.5, 3.7, 3.8): Allaoua Nahnah is the data controller. Only the strictly necessary data is collected via the contact form (company name, professional email, optional message). No tracking cookies, no analytics, no advertising pixels. Legal basis: explicit consent. Data is shared with no third party for marketing. Retention: 3 years from last contact, or deletion on express request. GDPR rights (access, rectification, erasure, restriction, opposition, portability) can be exercised at the publisher's email above; response within 30 days. Recourse: CNIL (France) or CNPD (Luxembourg).

3.6 Subprocessors (translated in full)

Cloudflare (USA, GDPR-compliant via SCC): web hosting (Pages) and edge compute (Workers). A KV namespace is used exclusively for chatbot abuse limitation — the visitor's IP address is logged temporarily (1 hour maximum) as a message counter, then automatically deleted. No personal identification data beyond the IP is retained. Cloudflare edge access logs follow the provider's standard retention policy.
Web3Forms (UK, GDPR-compliant): secure transmission of contact forms.
Resend (USA, GDPR-compliant via SCC): transactional email for lead notifications.
Anthropic (USA, GDPR-compliant via SCC): Claude AI engine used by the chatbot. Messages are transmitted in real time to the Anthropic API and are not persisted by HELIORANK (no conversation database). The applicable Anthropic retention policy is available at anthropic.com/legal/privacy.

4. Cookies and trackers

Summary: The site uses no tracking cookies and no analytics tool. No information is stored on your browser beyond technical cookies strictly necessary to operate the site (ephemeral chat session). No consent banner is required.

5. Data transfers outside the European Union

Summary: As a provider based in Algeria using US-based third-party services (Cloudflare, Anthropic, Resend), your data is transferred outside the EU. These transfers are governed by the European Commission's Standard Contractual Clauses (SCC), guaranteeing a level of protection equivalent to GDPR.

6. Security

heliorank.lu maintains the following public security standards, verifiable by any third-party auditor:

Mozilla Observatory: A+ (HSTS preload, strict CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy)
SecurityHeaders.com: A+
SSL Labs: A+
Mobile Lighthouse: 100/100/100/100 (Performance, Accessibility, Best Practices, SEO)

7. Conversational AI assistant (translated in full)

The site heliorank.lu integrates a conversational assistant powered by the Claude artificial-intelligence engine (Anthropic). This assistant is provided for informational and indicative purposes only, to help visitors understand the offerings, methodology and qualify their needs prior to a direct exchange with Allaoua Nahnah.

Contractual limitations:

Any information provided by the AI assistant (prices, lead times, scope, warranties, service descriptions) may contain inaccuracies or imprecise reformulations and is non-binding on HELIORANK.
Only a named quote, dated and signed between the parties, constitutes an enforceable contractual commitment. No exchange via the AI assistant may be construed as a firm commercial offer, a price commitment, a lead-time commitment, or a preliminary contract.
In case of discrepancy between an AI assistant response and the official content of heliorank.lu, its sub-pages, or a HELIORANK quote, the official content and the quote prevail.
HELIORANK reserves the right to adjust, suspend or withdraw the AI assistant at any time without notice.

Data exchanged with the assistant: messages are transmitted in real time to the Anthropic API and are not persisted by HELIORANK. The visitor's IP address is retained for a maximum of 1 hour for rate-limiting purposes, in line with the GDPR policy described in section 3.6.

7.1 Zero conversation retention

Conversations with the AI assistant are neither recorded, stored, nor logged on HELIORANK servers. No application-level conversation log is kept. The content of your exchange exists only in your browser's memory during the session, and disappears when you close the tab or refresh the page. This zero-retention policy is a design choice prioritising visitor confidentiality.

7.2 Diagnostic context (/diagnostic page only)

When you open the AI assistant on the /diagnostic page after performing a scan, you can optionally share the public scan results with the assistant to receive contextualised advice. This sharing is opt-in and explicit: a consent banner offers two choices when the chat opens — "Use scan results" or "Chat without context".

If you accept context sharing, the data transmitted is strictly technical and public:

URL of the tested site (public by nature)
Lighthouse scores (Performance, Accessibility, Best Practices, SEO)
Mozilla Observatory score and detected HTTP headers (publicly verifiable)
Public technical metrics (TTFB, page weight, AVIF/WebP %)

No personal data (name, email, phone) is transmitted as part of the scan context. If you refuse context, the scan remains invisible to the assistant.

8. Intellectual property

Summary: All content on heliorank.lu (text, images, code, described methodologies) is owned by Allaoua Nahnah or used with permission. Reproduction without prior written agreement is prohibited.

9. Warranty limits

Search engine optimization (SEO) is a process of technical and editorial optimization whose results depend on many factors (competition, history, user behavior, algorithmic updates). HELIORANK commits to the quality of the work delivered and the respect of best practices, but does not guarantee any specific position in Google search results. HELIORANK's contractual warranties cover measurable technical scores (Mozilla, Lighthouse, SSL Labs), not Google organic positions.

9.1 Performance Engineering Lighthouse 95+ warranty — stack restriction. The contractual mobile Lighthouse 95+ warranty associated with the Performance Engineering offering (€4,500 + VAT) applies exclusively to sites built on static HTML, Jamstack or SSG stacks (Cloudflare Pages, Netlify, Vercel, Astro, Eleventy, Hugo, Jekyll, Next.js in static mode). This warranty does not apply to WordPress, WooCommerce, Shopify, PrestaShop, Magento, Drupal, or any other dynamic CMS, due to architectural constraints inherent to these platforms (third-party plugins/apps, imposed JavaScript bundles, dynamic server cache). For these stacks, HELIORANK offers a targeted audit (€2,500 + VAT) that identifies realistic and reachable performance gains, followed by a custom-quoted intervention without a numerical commitment on the final Lighthouse score.

9.2 Performance Engineering warranty — conditions, measurement and procedure (translated in full).

9.2.1 Engagement process and mandatory pre-engagement audit. Prior to any invoicing, a free 30-minute discovery call is systematically offered to qualify the project's technical eligibility. If eligibility is not confirmed at this stage (stack incompatibility, blocking design constraints, scope outside HELIORANK's offering), the prospect is redirected at no cost. Signing the Performance Engineering offering (€4,500 + VAT) is then conditional upon a formal pre-engagement audit (€2,500 + VAT, deductible from the final fixed fee upon signing). The audit identifies all technical trade-offs required to reach the mobile Lighthouse 95+ score on the client's scope, submits them in writing for validation, and qualifies the contract feasibility. Absent explicit client validation of the trade-offs, HELIORANK declines to contract Performance Engineering and redirects to a custom-quoted engagement without a numerical warranty.

9.2.2 Contractual technical trade-offs. The following trade-offs become contractually applicable once validated at the audit stage:

Image compression and conversion to modern formats (AVIF, WebP) with compatible fallback;
Removal or deferred loading (lazy / defer / async) of third-party JavaScript not critical to initial render: external chat widgets, marketing popups, advertising pixels, secondary analytics scripts, heavy animation libraries;
Limitation of web-font variants (typically 1-2 families, 1-3 weights, woff2 format preferred, variable fonts encouraged);
Replacement of heavy third-party iframes (interactive Google Maps, YouTube embeds, social embeds) with lightweight "lite-embed" proxies or clickable screenshots;
Replacement of icon fonts (Font Awesome, Material Icons) with inline SVG or lightweight icon sets;
Optimization or removal of resource-intensive animations (advanced parallax, non-essential autoplay videos, non-critical Lottie / GSAP libraries);
Systematic lazy-loading of below-the-fold images;
Critical CSS inlined for initial render and the rest externalized;
Removal or strict limitation of third-party cookies to first-party essential cases (technical session cookies, e-commerce cart, language preferences); third-party marketing tracking cookies (Google Analytics 4, Hotjar, Facebook Pixel, LinkedIn Insight Tag, TikTok Pixel, session replay tools, etc.) are incompatible with the 95+ warranty and must be removed or substituted with privacy-respectful first-party analytics (self-hosted Plausible, Cloudflare Web Analytics, Matomo in no-cookie mode);
As a result, GDPR / ePrivacy consent banners (Cookiebot, Axeptio, OneTrust, Didomi, etc.) can also be removed once third-party cookies are eliminated; as long as non-essential third-party cookies remain, the banner stays mandatory and its loading structurally blocks the 95+ score (external script, FOUC, blocking of critical render).

Operational consequence. Business uses that mandatorily require maintaining third-party cookies (Google Ads / Facebook Ads re-marketing campaigns, multi-touch attribution, session replay Hotjar / FullStory, etc.) are structurally incompatible with the mobile Lighthouse 95+ warranty. If the client identifies these needs as non-negotiable, the pre-engagement audit concludes that Performance Engineering is contractually unfeasible and redirects to a custom quote without a numerical commitment on the score.

9.2.3 Reference measurement. The contractually committed mobile Lighthouse score is measured under non-negotiable reference conditions, enforceable against both parties:

URL measured: client site homepage (unless written agreement on another URL at the audit stage);
Tool: Google PageSpeed Insights (pagespeed.web.dev), Mobile tab, Lighthouse in lab data mode;
Technical parameters: simulated Moto G Power profile, simulated Slow 4G connection (1.6 Mbps download, 750 Kbps upload, 150 ms RTT);
Calculation method: median of 3 successive measurements within a 30-minute window;
Measurement window: within 7 business days following HELIORANK's delivery notification.

9.2.4 Procedure in case of trade-off refusal during the engagement. If the client formally refuses in writing (email or amendment) one or more trade-offs previously validated at the audit stage, the 95+ warranty is automatically lifted, with no refund procedure. The engagement switches to "best efforts" mode: HELIORANK delivers the optimizations possible within the trade-offs effectively accepted, and the fixed fee remains fully due. Alternatively, the client may terminate the engagement; in that case, the share of work delivered is invoiced at HELIORANK's daily rate of €1,200 + VAT, and any remaining balance is refunded.

9.2.5 Procedure in case of a lower score after compliant delivery. If all contractual trade-offs have been applied and the median mobile Lighthouse score measured under the 9.2.3 conditions is strictly below 95, HELIORANK has a remediation window of 5 business days for additional adjustments. After this window, if the score remains below 95 without scope modification by the client, the full Performance Engineering fee is refunded. The pre-engagement audit (€2,500 + VAT) remains acquired by HELIORANK.

9.2.6 Independent audit in case of disagreement. In case of dispute by either party over the score measurement, an independent audit may be triggered by a neutral technical third party (SEO consultant or audit platform mutually agreed). The fees of the independent audit are borne by the unsuccessful party. The neutral third party's measurement is final.

9.2.7 Warranty exclusions. The 95+ warranty does not cover:

content added by the client after delivery (blog articles, unoptimized images, third-party plugins or apps installed subsequently);
content modifications made by the client during the engagement that degrade the measured score;
changes in third-party platforms outside HELIORANK's control (Cloudflare Pages updates, Lighthouse rule changes penalizing retroactively, etc.);
temporary host, CDN or network failures at the time of measurement;
loss of business, revenue or visibility resulting directly or indirectly from the engagement.

9.2.8 Liability cap. HELIORANK's contractual liability under the Performance Engineering warranty is strictly limited to the refund of the fixed fee invoiced for the relevant engagement. In no event shall HELIORANK be liable for liquidated damages, indemnities, damages or compensation for commercial losses, lost earnings, or any indirect harm resulting from the performance or non-performance of the engagement.

10. Governing law and jurisdiction (translated in full)

This contract and the engagements entrusted to HELIORANK are governed by Algerian law. The parties shall make their best efforts to resolve any dispute amicably, by written exchange, within thirty (30) days from the notification of the dispute by either party. Failing amicable resolution, and by an expressly accepted attribution of jurisdiction clause, any dispute relating to the performance, interpretation or validity of this contract shall fall under the exclusive jurisdiction of the Commercial Court of Algiers (Algeria).