Privacy Policy

1. Data Controller

• Identity: Jose Antonio Touriño Eirín
• Tax ID: 76827011L
• Address: Juan Bautista Andrade, Pontevedra, España
• Email: [email protected]
• Data Protection Officer (DPO): [email protected]

2. Processing Purposes

Personal data you provide will be processed for the following purposes:

• User account management and delivery of the contracted service.
• Billing and administrative management of the contract.
• Service-related communications (technical notices, updates, incidents).
• Sending commercial communications about our products and services, always with prior consent.
• Compliance with applicable legal obligations.
• Service improvement through aggregated and anonymized usage analysis.

3. Legal Basis for Processing

• Contract performance: For the provision of the contracted SaaS service (art. 6.1.b GDPR).
• Consent: For sending commercial communications (art. 6.1.a GDPR).
• Legitimate interest: For service improvement and fraud prevention (art. 6.1.f GDPR).
• Legal obligation: For compliance with tax and commercial obligations (art. 6.1.c GDPR).

4. Data We Collect

• Registration data: first name, last name, email, password (encrypted).
• Company data: organization name.
• Usage data: activity logs within the platform, IP address, browser.
• Billing data: when applicable, data necessary for invoice issuance.

5. Data Recipients

Your data may be disclosed to:

• Technology service providers (hosting, cloud infrastructure) located in the EU or with adequate safeguards.
• Public authorities when legally required.
• Web analytics providers (Google Ireland Limited — Google Analytics / Google Tag Manager). This may involve international data transfers to Google LLC (USA) under the EU-U.S. Data Privacy Framework and the standard contractual clauses approved by the European Commission. You can find more information and withdraw your consent in the cookie policy.

6. Data Retention

Data will be retained while the contractual relationship is maintained and, once terminated, for the legally established periods to address potential liabilities (generally 5 years for commercial obligations and 4 years for tax obligations).

7. Data Subject Rights

In accordance with GDPR and Spanish data protection law (LOPD-GDD), you have the right to:

• Access: Know what personal data we process about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your data when no longer necessary.
• Opposition: Object to the processing of your data in certain circumstances.
• Restriction: Request restriction of data processing.
• Portability: Receive your data in a structured, commonly used format.

To exercise these rights, you may contact [email protected] or use the data export and deletion functions available in Settings > Privacy and Data.

You also have the right to file a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

8. Security Measures

We apply appropriate technical and organizational measures to ensure data security, including: password encryption, HTTPS communications, role-based access control, periodic backups, and access audit logs.