UPDATED TBD
Privacy Policy
[TBD-LAWYER] Intro to the Privacy Policy: identity of the data controller, GDPR legal basis, DPO contact, and a summary of what data is collected and why.
Data we collect
[TBD-LAWYER] Exhaustive list of categories of personal data collected: identification, contact, payment (via Stripe), app usage, approximate location, instructor profile photo, professional certification.
Purpose and legal basis
[TBD-LAWYER] Purpose for each category (contract performance, legal obligations, legitimate interest, consent), GDPR legal basis (Art. 6), and retention periods.
Sharing with third parties
[TBD-LAWYER] Processor list: Supabase (hosting + DB), Stripe (payments), Resend (email), GA4 (analytics). DPAs signed, international transfers (US with SCCs), DAC7 reporting to the Spanish tax authority.
Your GDPR rights
[TBD-LAWYER] Data-subject rights: access, rectification, erasure, objection, restriction, portability. Procedure (email privacy@…). Right to lodge a complaint with the AEPD.
Cookies and analytics
[TBD-LAWYER] Strictly necessary cookies (session, locale), analytics cookies (GA4), opt-out, and reference to the cookies policy (TBD if split into its own page in v1.2).