Solventus Logo olventus
Back to Home

Privacy Policy

Last updated: November 7, 2025

Data Controller

Identity: SOLVENTUS SOFTWARE S.L.

CIF: B21841747

Address: AV. OVIEDO, 10 D11, 03540 Alacant/Alicante (Alicante), Spain

Email: info@solventussoftware.com

Phone: +34 608 355 608

Website: solventussoftware.com

At SOLVENTUS SOFTWARE S.L. we are committed to protecting your privacy and the responsible processing of your personal data. This Privacy Policy describes how we collect, use, share and protect your personal information when you use our business management platform and corporate website.

This policy applies to all users of our services, including corporate clients, platform users, website visitors and business contacts.

For information about our terms of use, see Terms of Service and Legal Notice.

1. Information We Collect

1.1. Registered Users (Platform)

When you create an account on our Platform, we collect:

  • Identity data: Name, surname, email address
  • Contact data: Phone number (optional), company/organization
  • Authentication data: Password (encrypted by Clerk), session tokens

1.2. Workspace and Project Data

For business management platform users:

  • Workspace information: Name, description, assigned members
  • Project data: Project name, descriptions, proposals, status, dates
  • Collaborative notes: Note content, attachments
  • Invoices: Billing information, items, amounts, tax data
  • Appointments: Event titles, descriptions, dates, participants
  • Support tickets: Title, description, messages, status, priority

1.3. Contact Form Data

When you contact us through the website:

  • Contact information: Name, email, company (optional), phone (optional)
  • Message: Content of your inquiry or request
  • Technical data: IP address (for spam prevention), date and time of submission

Spam protection: We use Cloudflare Turnstile as a privacy-friendly alternative to traditional CAPTCHA to protect our forms. Turnstile does not store cookies or personal data.

1.4. Technical and Usage Data

  • Device information: Device type, operating system, browser, version
  • IP address: For security and fraud detection (anonymized in analytics)
  • Cookies and identifiers: According to our Cookie Policy
  • Server logs: Access logs, technical errors (retained 30 days)
  • Browsing activity: Pages visited, events, time spent (only with consent for analytics)
  • User preferences: Language, time zone, interface settings

2. How We Use Your Information

We process your personal data for the following purposes and legal bases:

Purpose Legal Basis (GDPR)
Provide platform services (project management, workspaces, billing) Contract performance (Art. 6.1.b)
Authentication and account management Contract performance (Art. 6.1.b)
Respond to contact forms and inquiries Legitimate interest (Art. 6.1.f) - Customer service
Transactional communications (system notifications, invitations, tickets) Contract performance (Art. 6.1.b)
Billing and accounting Legal obligation (Art. 6.1.c) - General Tax Law
Fraud prevention and security Legitimate interest (Art. 6.1.f)
Web analytics and service improvement (Google Analytics) Consent (Art. 6.1.a)
Marketing and advertising (Meta Pixel - future implementation) Consent (Art. 6.1.a)
Compliance with legal obligations Legal obligation (Art. 6.1.c)

3. Data Processors and Third Parties

To provide our services, we share data with the following trusted processors that act on our behalf according to Data Processing Agreements (DPAs):

3.1. Essential Service Providers

Clerk, Inc. (United States)

Service: Authentication and user management

Data processed: Email, name, password (encrypted), phone (optional), profile image, session tokens

International transfers: United States (protected by Standard Contractual Clauses)

Privacy policy: clerk.com/privacy

Supabase, Inc. (United States - EU Region)

Service: Database hosting and file storage

Data processed: All platform data (workspaces, projects, invoices, notes, files)

Data location: European Union region (AWS eu-central-1 or eu-west-1)

Certifications: SOC 2 Type II

Privacy policy: supabase.com/privacy

Resend, Inc. (United States)

Service: Transactional email delivery

Data processed: Email addresses, names, email content (invitations, ticket notifications, contact forms)

International transfers: United States (protected by Standard Contractual Clauses)

Privacy policy: resend.com/legal/privacy-policy

Cloudflare, Inc. (United States/Global)

Service: CDN, DNS, Workers (serverless functions), DDoS protection, Turnstile

Data processed: IP addresses, access logs, form data (processed by Workers)

Location: Global network with data centers in the EU

Certifications: ISO 27001, SOC 2 Type II

Privacy policy: cloudflare.com/privacypolicy

3.2. Analytics Services

Google Analytics 4 (Google LLC)

Service: Web analytics and usage metrics

Data processed: Anonymized IPs, pseudonymous client IDs, pages visited, events, device information

International transfers: United States (Google LLC)

Legal basis: Consent (requires acceptance of analytics cookies)

Privacy policy: policies.google.com/privacy

Opt-out: Google Analytics Opt-out Add-on

3.3. Marketing Services (Future Implementation)

Meta Pixel (Facebook/Instagram) - Planned

Service: Conversion tracking and remarketing

Data that would be processed: Browser IDs, page visits, custom events

Purpose: Measure advertising campaign effectiveness, create custom audiences

International transfers: United States (Meta Platforms, Inc.)

Legal basis: Consent (Art. 6.1.a) - Will be requested via cookie banner

Ad preferences: Facebook Ad Preferences

We do not sell, rent or market your personal information to third parties.

4. International Data Transfers

Some of our data processors are located in the United States (Clerk, Resend, Google Analytics). To ensure an adequate level of protection, we implement the following safeguards:

  • Standard Contractual Clauses (SCCs): Contracts approved by the European Commission (Decision 2021/914) that guarantee an adequate level of data protection
  • Data Processing Agreements (DPAs): With all our processors that comply with Article 28 of the GDPR
  • Security certifications: Our providers have ISO 27001, SOC 2, etc. certifications
  • Encryption: Data encrypted in transit (TLS 1.3) and at rest
  • Additional technical measures: According to recommendations from the European Data Protection Board (EDPB)

When technically possible, we prioritize storing and processing data within the European Economic Area (EEA). Our main database is hosted in the European Union region.

5. Data Retention

We retain your personal data only for as long as necessary for the established purposes:

Data Type Retention Period
Account data (while active) Until you request deletion or account closure
Invoice and transaction data 7-10 years (legal obligation - General Tax Law 58/2003)
Contact form data 2 years from last interaction or until inquiry resolution
Server logs 30 days (security and debugging)
Technical support data (tickets) 3 years from ticket closure
Session cookies When browser is closed
Analytics cookies (if accepted) Up to 2 years (see Cookie Policy)

After these periods, we anonymize or securely delete your personal data, unless the law requires additional retention.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction or alteration:

Technical Measures:

  • Encryption: TLS 1.3 for data in transit; encryption at rest in databases
  • Robust authentication: Managed by Clerk with hashed passwords (bcrypt), multi-factor authentication available
  • Access control: Row-Level Security (RLS) in Supabase database, role-based authentication
  • API protection: Input validation, protection against SQL injection
  • Secure infrastructure: Servers in certified data centers (AWS), firewalls, DDoS protection (Cloudflare)
  • Backups: Daily automatic encrypted backups
  • Updates: Security patches applied regularly

Organizational Measures:

  • Limited access: Only authorized personnel access personal data under strict need principle
  • Confidentiality: Confidentiality agreements with all personnel with data access
  • Training: Data protection and security training
  • Audits: Periodic security reviews
  • Incident response plan: Documented procedures for security breaches

In case of a security breach affecting your rights and freedoms, we will notify you as required by GDPR (Articles 33-34) within 72 hours to the Spanish Data Protection Agency (AEPD) and affected users if there is high risk.

7. Your Rights

Under GDPR and LOPDGDD, you have the following rights regarding your personal data:

Right of Access (Art. 15 GDPR)

You can request a copy of all personal data we have about you. Coming soon: "Download My Data" button in your account settings.

Right to Rectification (Art. 16 GDPR)

You can correct inaccurate or incomplete data. Available in: User profile settings on the platform.

Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)

You can request deletion of your data. Important note: Invoice and transaction data must be retained 7-10 years by Spanish tax legal obligation, but will be anonymized to protect your identity.

Right to Restriction of Processing (Art. 18 GDPR)

You can request that we restrict processing of your data in certain circumstances (e.g., while we verify the accuracy of data you have contested).

Right to Data Portability (Art. 20 GDPR)

You can receive your data in structured JSON format and transmit it to another controller.

Right to Object (Art. 21 GDPR)

You can object to processing based on legitimate interest. In direct marketing, the right to object is absolute. You can manage analytics cookies from our cookie panel.

Right to Withdraw Consent (Art. 7.3 GDPR)

When processing is based on your consent (e.g., analytics cookies, future marketing), you can withdraw it at any time from "Cookie Settings" or account settings.

Right Not to be Subject to Automated Decision-Making (Art. 22 GDPR)

We do not use automated decision-making or profiling that produces legal effects on you. All decisions affecting your account are reviewed by humans.

How to Exercise Your Rights

To exercise any of these rights:

  1. Through your account: User settings on the platform (for access, rectification)
  2. By email: info@solventussoftware.com ((with subject: "GDPR Rights Exercise"))
  3. By postal mail: SOLVENTUS SOFTWARE S.L., AV. OVIEDO, 10 D11, 03540 Alacant/Alicante (Alicante), Spain
  4. Response time: 30 days from receipt of your request (extendable 60 additional days in complex cases)

We may request identity verification to protect your personal data against unauthorized access.

Right to File a Complaint

If you believe we have infringed your data protection rights, you can file a complaint with:

Spanish Data Protection Agency (AEPD)

C/ Jorge Juan, 6, 28001 Madrid, Spain

Web: www.aepd.es

Electronic office: sedeagpd.gob.es

Phone: +34 912 663 517

8. Cookies and Similar Technologies

We use cookies and similar technologies to improve your experience. For detailed information, see our Cookie Policy.

Cookie summary:

  • Strictly necessary: Authentication (Clerk), consent management (do not require consent)
  • Functional: User preferences (consent recommended)
  • Analytics: Google Analytics (require consent)
  • Marketing: Meta Pixel - future implementation (will require consent)

You can manage your cookie preferences at any time from our cookie settings panel accessible in the footer.

9. Minors

Our services are not directed to minors under 14 years of age (minimum age according to LOPDGDD in Spain). We do not knowingly collect personal information from minors under 14 without verifiable parental consent.

If we discover that we have collected data from a minor without parental consent, we will delete that information immediately. If you know that a minor has provided personal data, please contact us at info@solventussoftware.com.

10. Changes to this Policy

We may update this Privacy Policy occasionally to reflect changes in our practices, services or legal requirements.

We will notify you:

  • By email (for significant changes requiring new consent)
  • Through notice on the platform and website
  • With a 30-day grace period before changes take effect

The "Last updated" date at the beginning of this policy indicates the most recent version. We recommend reviewing this page periodically.

11. Contact

For any questions about this Privacy Policy or our data practices, you can contact us:

Data Controller

SOLVENTUS SOFTWARE S.L.

CIF: B21841747

Address: AV. OVIEDO, 10 D11, 03540 Alacant/Alicante (Alicante), Spain

Email: info@solventussoftware.com

Phone: +34 608 355 608

Website: solventussoftware.com

Related documents:

Cookie Policy | Terms of Service | Legal Notice