EndtaraBack

Privacy Policy

Last updated: 16 de junio de 2026

1. Data controller

The controller of your data is [RAZÓN SOCIAL], with tax ID [NIF] and registered office at [DIRECCIÓN] (hereinafter, «Endtara»). For any privacy matter, you may write to [EMAIL DE CONTACTO].

2. What data we process

We process different categories of data depending on your relationship with Endtara:

  • Account data (customers): name, email address and password (stored encrypted, never in plain text).
  • Organization and billing data: organization name, subscribed plan and Stripe customer identifiers. Endtara does not store your card details: they are handled by Stripe.
  • Feedback data: the comment and, if provided, the name and email of the person leaving it; page screenshots, voice notes and video clips; and technical browser metadata (device type, window size, browser, operating system, user agent, page URL and IP address).
  • Usage data: technical logs necessary to operate and secure the service.

3. Purposes and legal basis

  • Providing the service (authentication, collection and management of feedback): performance of the contract.
  • Billing and payment: performance of the contract and legal obligation.
  • Notifications of new feedback and service alerts: legitimate interest and performance of the contract.
  • Security and abuse prevention: legitimate interest.

4. Processors and providers

To provide the service we rely on providers that act as data processors:

  • Railway: hosting of the application and the database.
  • Cloudinary: storage of screenshots and voice notes.
  • Bunny Stream: hosting and playback of the video clips.
  • Stripe: payment processing.
  • Resend: sending of transactional emails.

Some of these providers may process data outside the European Economic Area. In such cases, the transfers are covered by the safeguards provided for under the GDPR (e.g. standard contractual clauses).

5. Retention

We retain the data for as long as the account remains active and, thereafter, for the applicable legal periods. You may request the deletion of your account and its content at any time.

6. Your rights

You may exercise your rights of access, rectification, erasure, objection, restriction of processing and portability by writing to [EMAIL DE CONTACTO]. If you believe we have not properly handled your request, you may lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

7. Security

We apply reasonable technical and organizational measures to protect your data, including encryption in transit, access control and server-signed media uploads.

8. Changes to this policy

We may update this policy to reflect changes in the service or in applicable regulations. We will publish the current version here together with its update date.