Legal

Privacy policy

Last updated: July 2026 v1.1 Draft · pending legal review
Summary in 5 lines
  • We process your data under the GDPR and the LOPDGDD.
  • Controller: [LEGAL NAME] OÜ (Estonian company); data hosted in the EU.
  • Waitlist = consent; service and payment = contract; B2B prospecting = legitimate interest (one-click opt-out).
  • Health documents are processed with explicit consent (art. 9.2.a), encrypted.
  • For the manager tenant data we act as processor (DPA). You may complain to the AEPD or the Estonian authority.
Launch block
This policy is a draft. The commercial pilot cannot launch until legal name, address, privacy email, signed DPA and partner-lawyer review are complete.

English is a translation for convenience. The Spanish version prevails.

1. Data controller

[LEGAL NAME] OÜ (Estonian company) · [ADDRESS] · [PRIVACY EMAIL]. EU representative (Art. 27 GDPR): [IF APPLICABLE]. Data Protection Officer: [DPO, if applicable].

2. What we process, why and on what basis

ProcessingPurposeLegal basisRetention
WaitlistNotify you of the launch and prioritise areasConsent (6.1.a)Until launch + 12 months or opt-out
Founding Member (incl. payment)Manage your prepayment and refund (payment via Stripe; no cards stored)Contract (6.1.b)Relationship + tax periods
Product useGenerate the contract, evidence dossier and depositsContract (6.1.b) and legal obligation (6.1.c)6 years (defence/tax) [confirm]
Reason documents (health)Prove the reason when it is medical treatmentExplicit consent (9.2.a)Specific period [X years]
B2B prospectingContact managers (professional data from public sources)Legitimate interest (6.1.f)Until objection (one click per message)

3. Special-category data

If the reason for the stay is medical treatment, the supporting documents can contain health data. We process it only with the tenant explicit consent (art. 9.2.a), with strong encryption, restricted access and a specific retention period.

4. Our role: controller and processor

For waitlist, Founding Member and prospecting data we are the controller. For the tenant data a manager processes with our product, we act as a processor on the manager behalf, under a bilateral processing agreement (DPA).

5. Recipients

The intended closed-pilot recipients are: EU hosting and database, EU S3-compatible object storage, Stripe (payments), Signaturit or equivalent e-signature provider, Didit or equivalent identity-verification provider, transactional email provider, antivirus/OCR if enabled, LLM provider only if assisted extraction is enabled, the partner law firm (document review) and the brokerage only if you request insurance. Formspree/Tally are not used for launch; forms post to Tempora first-party endpoints.

6. International transfers

Data is hosted in the EU. If any provider processes data outside the EEA, we apply standard contractual clauses or another Chapter V mechanism.

7. Retention

Waitlist: until launch + 12 months or until you withdraw consent. Contract dossiers: 6 years (legal defence and tax) [confirm]. Health data: specific period.

8. Your rights

Access, rectification, erasure, objection, restriction and portability: [PRIVACY EMAIL]. Supervisory authority: Spanish Data Protection Agency (AEPD, www.aepd.es) or the Estonian authority, as applicable.

9. Security

Encryption in transit and at rest, role-based access control, audit logging and pseudonymisation where possible.

10. Sub-processor list

The final sub-processor list, location and transfer safeguards live in the DPA. The pilot cannot accept real documents until that list is complete and approved.