Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

2. Personal Data We Collect

2.1 Information You Provide

• Account Information: Name, email address, password (encrypted), company name, phone number
• Profile Information: Job title, profile picture, preferences
• Payment Information: Billing address, payment card details (processed by our payment provider)
• Communications: Messages, support requests, feedback
• Content: Data you input into our platform for processing

2.2 Information Collected Automatically

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, features used, time spent, clickstream data
• Log Data: Access times, error logs, referral URLs
• Cookies and Similar Technologies: See our Cookie Policy

2.3 Information from Third Parties

• Authentication Providers: If you sign in via Google, Apple, or other providers, we receive your basic profile information
• Analytics Services: Aggregated usage data from analytics providers

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

4. How We Use Your Data

We use your personal data to:

• Provide, maintain, and improve our Service
• Process transactions and send related information
• Send technical notices, updates, and support messages
• Respond to your comments, questions, and requests
• Communicate about products, services, offers, and events (with your consent)
• Monitor and analyze trends, usage, and activities
• Detect, investigate, and prevent fraudulent transactions and abuse
• Personalize and improve your experience
• Comply with legal obligations

5. Data Sharing and Recipients

We may share your personal data with:

5.1 Service Providers

• Cloud hosting: AWS, Google Cloud (data processing)
• Payment processing: Stripe (PCI-DSS compliant)
• Authentication: Clerk (identity management)
• Analytics: Google Analytics, Mixpanel
• Email services: SendGrid, Resend

All service providers are bound by data processing agreements and required to protect your data.

5.2 Legal Requirements

We may disclose your data when required by law, court order, or government request.

5.3 Business Transfers

In connection with a merger, acquisition, or sale of assets, your data may be transferred. We will notify you of any such change.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

• EU-US Data Privacy Framework: For transfers to certified US organizations
• Standard Contractual Clauses (SCCs): Approved by the European Commission
• Adequacy Decisions: For countries deemed adequate by the EU

You may request a copy of the safeguards we use by contacting us at [email protected].

7. Data Retention

We retain your personal data for as long as necessary to:

• Provide the Service and maintain your account
• Comply with legal obligations (e.g., tax records: 6 years in Spain)
• Resolve disputes and enforce agreements
• Pursue legitimate business interests

Specific retention periods:

8. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal data under applicable privacy laws including GDPR, UK GDPR, CCPA, and other local regulations:

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA:

• Right to Know: Categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of the "sale" of personal information (we do not sell personal data)
• Right to Non-Discrimination: Equal service and pricing regardless of privacy choices

To exercise CCPA rights, contact us at [email protected].

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Access controls and authentication mechanisms
• Regular security assessments and penetration testing
• Employee training on data protection
• Incident response procedures
• Data backup and disaster recovery

Despite our efforts, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete such information promptly.

12. Cookies and Tracking

We use cookies and similar tracking technologies. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending you an email notification (for significant changes)

14. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe your data protection rights have been violated. You may contact your local authority or the authority where our company is registered:

For EU/EEA Users:

You may contact your local Data Protection Authority. A list of EU DPAs is available at edpb.europa.eu.

For UK Users:

For US Users:

California residents may contact the California Attorney General's Office at oag.ca.gov/privacy.

15. Contact Us

For questions, requests, or complaints regarding this Privacy Policy, please contact us:

We will respond to all legitimate requests within 30 days. In some cases, we may need to verify your identity before responding to your request.