Privacy Policy

• Controller: Torresburriel S.L.U.
• Tax ID: ESB99321598
• Address: Calle Coso 62, planta 6, 50001 Zaragoza, Spain
• Privacy contact: privacy@torresburriel.com

• Account data: name, email address and profile picture provided by your identity provider (e.g. Google) when you sign in.
• Group and outing data: groups you create or join, members, outings, amounts, places, dates and notes you choose to record.
• Technical data: minimum technical information needed to operate the service, such as session identifiers.

• Providing the service (creating an account, managing groups and outings) — performance of a contract (Art. 6.1.b GDPR).
• Security, fraud prevention and abuse mitigation — legitimate interest (Art. 6.1.f GDPR).
• Legal obligations (responding to lawful requests, accounting obligations where applicable) — Art. 6.1.c GDPR.

Personal data is kept while your account remains active. When you delete your account, we delete or anonymise your personal data, except where retention is required by law or to handle potential claims.

We share data with the following categories of processors, who act on our behalf under appropriate data processing agreements:

• Cloud hosting and database (Lovable Cloud / Supabase) — application hosting and data storage.
• Identity providers (Google) — authentication when you sign in.
• Maps (Google Maps) — to display places associated with your outings.

We do not sell personal data and do not share it with third parties for their own marketing purposes.

Some processors may be located outside the European Economic Area. Where this is the case, transfers are protected by appropriate safeguards under Chapter V of the GDPR, including European Commission adequacy decisions or Standard Contractual Clauses.

Under the GDPR, you have the right to access, rectify, erase, restrict and object to the processing of your personal data, as well as the right to data portability and to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise these rights, contact us at privacy@torresburriel.com, including sufficient information to verify your identity and the right you wish to exercise.

You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD, www.aepd.es) or the supervisory authority of your habitual residence.

We apply appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage, including encryption in transit, access control and row-level security on our database.

Splitly uses only strictly necessary first-party storage (such as session storage for authentication and user preferences). We do not use advertising or third-party tracking cookies. If this changes in the future, we will request your consent in accordance with applicable law.

We may update this Privacy Policy from time to time. The latest version will always be available at this URL with its last updated date.