Apúntalo privacy policy

1. Controller

The owner of Apúntalo and controller for the own processing described in this policy is Víctor de Vierna Valcarce, NIF 71457636V, C/ Embalse La Tabla N1, Jiménez de Jamuz, 24767 León, Spain.

Contact email: hello@apuntalo.com. Full identifying details are also shown in the legal notice.

2. Who this policy applies to

It applies to website visitors, businesses that create an account or subscribe to Apúntalo, their team members, final clients whose data is managed for appointments and people who contact Apúntalo.

3. When Apúntalo is controller and when it is processor

As controller, Apúntalo decides the purposes and means needed to manage the website, signups, accounts, billing, payments, support, security, own communications and minimal analytics.

As processor, when a business uses Apúntalo to manage appointments, final clients, reminders, bookings, calendars, staff or integrations, we process the data on behalf of that business and under its instructions.

4. Personal data we may process

• Contact and identification data.
• Business data, services, opening hours, team and calendar settings.
• Internal user or staff data.
• Final client data, appointments, services and operational notes.
• WhatsApp/SMS communication data, confirmations, errors and required metadata.
• Payment, billing, device, log, security and activated integration data.

5. Purposes and legal bases

We use data to create and manage accounts, calendars, bookings, reminders, operational communications, support, billing, abuse prevention, security, permitted analytics and voluntary integrations.

Legal bases may include contract performance, pre-contractual steps, legal obligations, legitimate interest, consent or the instructions of the business acting as controller.

6. Final client data of businesses

If you are a client of a business using Apúntalo, that business is usually the controller of your data. Apúntalo acts as a technology provider and will assist the business when needed.

7. Google Calendar and Contacts data

When a user connects a Google account, Apúntalo requests only the permissions needed for the enabled features. Use of Google API data follows Google API Services User Data Policy, including limited use requirements.

We do not use data obtained from Google Workspace, including Calendar and Contacts, to develop, improve or train general-purpose artificial intelligence models.

8. Health, wellbeing and possible sensitive data

Apúntalo may be used by businesses where an appointment, service or note may reveal sensitive information. The business must assess the legal basis, inform its clients and limit data to what is necessary.

9. Analytics, cookies and events

We may use cookies or similar technologies to measure visits, performance and basic conversions. The cookie policy explains this in more detail.

In-product external analytics are limited to permitted events without personal data; internal logs may contain operational information needed to diagnose issues.

10. Providers and subprocessors

Apúntalo may rely on Google Cloud, Firebase, Meta / WhatsApp Business Platform, SMS providers when applicable, Stripe, Paycomet, Google Calendar, Google Contacts, Gmail, Google Workspace and monitoring, support or automation tools when needed and documented.

11. International transfers

Where providers are outside the European Economic Area or access from third countries exists, we will apply the mechanisms required by data protection law, such as adequacy decisions, standard contractual clauses or valid safeguards.

12. Retention

We keep data for as long as needed to provide the service, meet legal obligations, handle liabilities and maintain security. Backups and logs have limited retention according to their purpose.

13. Security

We apply technical and organisational measures aimed at confidentiality, integrity, availability and resilience: access control, separation by business, encryption in transit, secrets management, backups, technical logs, provider review and incident response.

14. Rights

You may exercise rights of access, rectification, erasure, objection, restriction, portability and withdrawal of consent by writing to hello@apuntalo.com. If the request concerns data processed on behalf of a business, it may need to be handled through that business.

15. Minors

Apúntalo is aimed at businesses and professionals. If a business enters minors’ data in its calendar, it is responsible for having a valid legal basis and meeting its information duties.

16. Changes to this policy

We may update this policy to reflect legal, technical or operational changes. Relevant changes will be published on this page with the updated date.