Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

2. Information We Collect

We collect information you provide directly to us, as well as information collected automatically when you interact with our website. This includes:

• Contact data: name, email address, phone number provided via our contact form.
• Project data: information about your project, budget, and requirements.
• Technical data: IP address, browser type and version, time zone, operating system, referral URL, and pages visited.
• Usage data: how you interact with our website, including pages viewed and links clicked.
• Communication data: emails and messages you exchange with us.
• Payment data: processed securely through Stripe; we do not store full card numbers on our servers.

3. Legal Basis for Processing

We process your personal data under the following legal bases pursuant to the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679):

• Contract performance (Art. 6(1)(b)): processing necessary to deliver services you have requested or to take pre-contractual steps.
• Legitimate interest (Art. 6(1)(f)): improving our services, website security, and fraud prevention.
• Legal obligation (Art. 6(1)(c)): compliance with Spanish tax and accounting law.
• Consent (Art. 6(1)(a)): for optional marketing communications, where you have opted in.

4. How We Use Your Information

We use collected information to:

• Respond to enquiries and provide project proposals
• Deliver contracted software development services
• Process payments and issue invoices
• Send service updates, project status reports, and support communications
• Improve our website and services through analytics
• Comply with legal obligations under Spanish law
• Send marketing communications (only with your consent)

5. Third-Party Service Providers

We share your data with carefully selected third parties only as necessary to operate our services:

• Stripe, Inc.: payment processing. Stripe is a certified PCI-DSS Level 1 service provider. Data may be transferred to the United States under Standard Contractual Clauses.
• Formspree: contact form processing. Data is processed under Formspree's privacy policy.
• Vercel / Hosting providers: website hosting and content delivery.
• Google Analytics (if enabled): website traffic analysis via anonymised data.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

6. International Transfers

Some of our third-party providers are based outside the European Economic Area (EEA). Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, or we rely on adequacy decisions by the European Commission.

7. Data Retention

We retain your personal data for the following periods:

• Contact enquiries: 3 years from last contact, unless a contract is established.
• Client project data: 5 years after project completion, in compliance with Spanish commercial law.
• Invoices and financial records: 7 years under Spanish tax law (Ley 58/2003, General Tributaria).
• Technical logs: maximum 12 months.

8. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

• Right of access (Art. 15): obtain a copy of the personal data we hold about you.
• Right to rectification (Art. 16): request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17): request deletion of your data, subject to legal retention obligations.
• Right to restriction (Art. 18): request that we restrict processing of your data in certain circumstances.
• Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
• Right to object (Art. 21): object to processing based on legitimate interest or for direct marketing.
• Right to withdraw consent (Art. 7(3)): withdraw consent at any time without affecting prior processing.

To exercise any of these rights, contact us at hello@getstackvio.com. We will respond within 30 days.

9. Cookies

Our website uses cookies and similar tracking technologies. We use:

• Strictly necessary cookies: required for the website to function. Cannot be disabled.
• Analytics cookies: help us understand how visitors interact with our website (only with consent).

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect website functionality.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include TLS/SSL encryption for data in transit, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

11. Supervisory Authority

You have the right to lodge a complaint with the Spanish data protection supervisory authority:

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated date. For existing clients, we may also notify you via email. We encourage you to review this policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.

For any questions about this Privacy Policy, contact us at hello@getstackvio.com.