belcita

Legal

Privacy policy

Last updated: June 2026

At belcita we take your privacy seriously. This policy explains what personal data we process, for what purpose and what rights you have, in accordance with the GDPR (EU 2016/679) and Spanish Organic Law 3/2018 (LOPDGDD).

Template document. The provider’s identifying details (company name, tax ID and address) will be completed before launch. For final use, have it reviewed by your legal counsel.

1. Data controller

The data controller is belcita (the company name, tax ID and address will be completed before launch). You can contact us at hola@belcita.com about anything related to your data.

2. Data we process

  • Identification and contact data: name, email and phone number.
  • Business data: trade name, address and tax details needed for invoicing.
  • Usage data: pages visited, actions in the dashboard, IP address and device and browser data.
  • Payment data: handled by our payment provider; we do not store your full card details.

3. Purposes and legal basis

  • Provide the service and manage your account (contract performance).
  • Invoicing and compliance with tax and accounting obligations (legal obligation).
  • Customer service and support (contract performance and legitimate interest).
  • Measure and improve use of the service (consent or legitimate interest).
  • Send you commercial communications about belcita (consent, which you can withdraw at any time).

4. Retention

We keep your data while your account is active and, once cancelled, for the legally required periods (for example, tax and accounting ones). After those periods, it is securely deleted or anonymised.

5. Recipients and processors

We do not sell your data. To provide the service we rely on providers acting as processors, under a contract compliant with Art. 28 GDPR:

  • Cloud hosting and infrastructure (European Union).
  • Transactional email delivery.
  • Payment provider (POS).
  • Messaging (WhatsApp) when you use that feature.
  • Analytics tools, only if you give consent.

6. International transfers

Our primary hosting is in the European Union. If any provider involved a transfer outside the EEA, it would be carried out with the appropriate safeguards under the GDPR (for example, standard contractual clauses).

7. Security

We apply appropriate technical and organisational measures (encryption in transit, access control, backups and per-customer data isolation) to protect your data from unauthorised access, loss or alteration.

8. Your rights

You can exercise your rights at any time by writing to hola@belcita.com:

  • Access, rectification and erasure.
  • Objection and restriction of processing.
  • Portability of your data.
  • Withdrawal of consent, without retroactive effect.

9. Complaints

If you believe we have not handled your rights correctly, you can lodge a complaint with the Spanish Data Protection Agency (AEPD), www.aepd.es.

10. Changes to this policy

We may update this policy to reflect legal or service changes. We will publish the current version on this page with its update date.