Privacy Policy
Last updated: January 2026
At [NAME OR COMPANY NAME] we take the protection of your personal data seriously. This policy describes what data we collect, for what purpose and how we process it, in compliance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).
1. Data controller
- Identity: [NAME OR COMPANY NAME]
- VAT number: [VAT NUMBER]
- Email address: [PRIVACY EMAIL]
2. Data we collect
We only collect data that is necessary to provide the service:
- Registration data: name and email address, required to create and manage your account.
- Usage data: technical information about how you use the application (pages visited, actions performed, timestamps). We do not collect information that would identify you individually beyond your account.
- Billing data: if you subscribe to a paid plan, your name, company and payment details (managed by our payment provider; we do not store card data).
- Communications: if you contact us, we will keep the content of that communication in order to handle it.
3. Legal basis for processing
| Purpose | Legal basis |
|---|---|
| Service provision (account and workspace management) | Performance of a contract (Art. 6.1.b GDPR) |
| Service communications (changes, incidents, security) | Legitimate interest (Art. 6.1.f GDPR) |
| Commercial communications (news, updates) | Consent (Art. 6.1.a GDPR) |
| Compliance with legal obligations (billing, taxation) | Legal obligation (Art. 6.1.c GDPR) |
4. Purposes of processing
- Create and manage your user account.
- Provide the contracted service (admin panel, REST API, etc.).
- Send you service-related communications (security notifications, important updates).
- Manage the contractual and billing relationship.
- Handle your queries and support requests.
5. Data retention
- Account data will be retained for as long as you maintain a contractual relationship with us.
- After account cancellation, data will be kept in a blocked state for the legally required period (generally 5 years for tax and commercial obligations) and then permanently deleted.
- Communication data will be retained for as long as necessary to handle your request and, where applicable, to address any potential claims.
6. Your rights
You have the right to:
- Access: know what data we hold about you.
- Rectification: correct inaccurate data.
- Erasure ("right to be forgotten"): request deletion of your data when it is no longer necessary.
- Restriction: restrict processing in certain circumstances.
- Portability: receive your data in a structured, commonly used format.
- Objection: object to processing based on legitimate interest.
- Withdrawal of consent: at any time, without affecting the lawfulness of prior processing.
To exercise any of these rights, write to us at [PRIVACY EMAIL] stating your name, the right you wish to exercise and a copy of your identity document.
If you believe that the processing of your data is not compliant with the GDPR, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.
7. Security
We apply appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure or destruction. This includes encryption of sensitive data, role-based access control and periodic security audits.