Privacy policy

At Papely we process personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on Personal Data Protection and digital rights (LOPDGDD).

1. Data controller

The data controller is Jesús Olazagoitia (Tax ID 16613653V), operating under the Papely brand, with registered address at Av. Lope de Vega, 55, 26006 Logroño (La Rioja), Spain. Contact: [email protected].

2. Data we collect

• Account: name, email and login credentials.
• Billing: tax identification and payment details, processed by our provider (Polar).
• User content: PDF templates, datasets, generated documents and workspace configuration.
• Technical data: IP address, browser type, language, usage metrics and error logs.
• Communications: support emails and survey responses.

3. Purposes and legal basis

• Providing the service (performance of contract): operating the platform, generating documents and sending deliverables.
• Billing and legal obligations: issuing invoices and complying with accounting and tax obligations.
• Support: responding to your inquiries.
• Product improvement (legitimate interest): analyzing aggregate usage to debug errors and prioritize improvements.
• Marketing (consent): only when you agree to receive promotional communications.

4. Data retention

We keep account data while the account is active. Once cancelled, billing data is retained for as long as legally required. Generated documents are retained according to the subscribed plan (see the plans table on the pricing page). Technical logs are anonymized or deleted after 12 months.

5. Recipients and processors

To provide the service we share data with GDPR-compliant data processors:

• Infrastructure: Railway (hosting), Cloudflare R2 (object storage).
• Payments: Polar.
• Transactional email: Postmark.
• Authentication: Google (when you sign in with Google).
• Observability: Sentry (error logs).

We do not sell personal data to third parties. International transfers rely on standard contractual clauses or adequacy decisions of the European Commission.

6. Your rights

You may exercise at any time your rights of access, rectification, erasure, objection, restriction of processing, portability and the right not to be subject to automated decision-making. Write to us at [email protected]. If you believe your request has not been properly handled, you may lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

7. Security

We apply reasonable technical and organizational measures to protect data: encryption in transit (TLS), access control, backups and monitoring. No system is 100% secure; we recommend using strong passwords and enabling the protections available in your account.

8. Minors

Papely is not directed at children under 16. If we detect that data of a minor has been collected without appropriate consent, we will delete it.

9. Changes to this policy

We may update this policy to reflect legal or service changes. We will give you reasonable advance notice of substantial changes.