Privacy Policy

    Last updated: June 18, 2026

    Looking for the privacy notice that covers our customer and crew mobile apps? See https://api.solidmaint.com/legal/privacy-policy.

    1. Introduction

    SolidMaint ("we", "our", or "us") is committed to protecting your personal data and your right to privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website, subscribe to our service updates, or contact us. We comply with the EU General Data Protection Regulation (GDPR) and the Spanish Organic Law on Personal Data Protection (LOPDGDD 3/2018).

    Data Controller

    Pataluha Ventures S.L.

    c/o The Pool, Avda. Bulevar Príncipe Alfonso de Hohenlohe 2, 29602 Marbella, Málaga, Spain

    privacy@solidmaint.com

    NIF B26627539. Operating subsidiary: SolidMaint S.L., NIF B27612159, registered 7 May 2026.

    2. Personal Data We Collect

    We only collect data you provide voluntarily. We list every category below in full transparency.

    Subscribers (early-access list)

    • Full name
    • Email address
    • Phone number
    • Postal code
    • Region (e.g. Marbella, Estepona)
    • Services you are interested in
    • Sign-up timestamp

    Contact form messages

    • Full name
    • Email address
    • Phone number (optional)
    • Region
    • Message content
    • Submission timestamp

    Admin / authenticated user accounts

    • Email address
    • Encrypted password (hashed by our authentication provider)
    • Assigned role (admin / moderator / user)
    • Login timestamps and session metadata

    Technical and security data (server logs)

    • IP address
    • Browser type and version
    • Pages visited and timestamps
    • Bot-protection challenge results (Cloudflare Turnstile)

    We do not collect special categories of personal data (health, religion, political opinions, etc.) and we do not knowingly collect data from minors under 16.

    3. Why We Process Your Data — Legal Basis

    Under Article 6 of the GDPR we must have a lawful basis for every processing activity. The table below maps each purpose to its legal basis and to the data categories used.

    PurposeLegal basis (GDPR Art. 6)Data categories used
    Send service launch notifications and product updatesConsent (Art. 6(1)(a)) — granted via the subscription formSubscriber data (name, email, phone, services)
    Reply to your enquiries via the contact formPre-contractual measures at your request (Art. 6(1)(b))Contact-message data
    Operate the admin panel and manage user rolesLegitimate interest in running our business safely (Art. 6(1)(f))Auth account data
    Protect the site against abuse, bots and intrusionLegitimate interest in security (Art. 6(1)(f))Technical / log data, Turnstile results
    Comply with legal obligations (e.g. accounting, replying to authorities)Legal obligation (Art. 6(1)(c))Any data legally required

    4. Retention Periods

    We keep your data only as long as needed for each purpose, then delete or anonymise it.

    • Subscriber data: until you unsubscribe, or 24 months of inactivity (whichever is sooner). Unsubscribe links are included in every marketing email.
    • Contact-form messages: 24 months from receipt, then archived for an additional 12 months for dispute purposes.
    • Server / security logs: 12 months, then automatically purged.
    • Admin account data: for the duration of the account, plus 12 months after closure.
    • Accounting and tax-related data (when commercial transactions begin): up to 10 years — minimum 6 years per Spanish Código de Comercio Art. 30, extended to 10 years for records supporting a base imponible negativa (loss carryforward) per Ley General Tributaria Art. 66 bis.

    5. Service Providers (Sub-processors)

    We share data only with carefully selected providers who help us operate the service, all bound by data-processing agreements compliant with Article 28 GDPR.

    • Lovable Cloud / Supabase — backend, database and authentication hosting (EU servers, Frankfurt region).
    • Resend Inc. — transactional and marketing email delivery (servers in the United States).
    • Cloudflare Inc. — DNS, CDN, DDoS protection and bot-protection (Turnstile) (global edge network with US headquarters).
    • Lovable.dev — website hosting and preview infrastructure (EU servers).

    We never sell your personal data to third parties and we do not share it for cross-context behavioural advertising.

    6. International Data Transfers

    Some of our sub-processors (Resend Inc. and Cloudflare Inc.) are based in the United States. Your data may therefore be transferred outside the European Economic Area.

    These transfers are protected by the European Commission's Standard Contractual Clauses (SCCs) under Article 46(2)(c) GDPR, signed with each provider, together with additional technical measures (encryption in transit and at rest).

    You may request a copy of the safeguards in place by emailing privacy@solidmaint.com.

    7. Your Rights

    Under the GDPR (Articles 15–22) and Spanish law you have the following rights regarding your personal data:

    • Right of access (GDPR Art. 15) — obtain confirmation and a copy of the personal data we hold about you.
    • Right to rectification (GDPR Art. 16) — correct inaccurate or incomplete data.
    • Right to erasure / right to be forgotten (GDPR Art. 17) — request deletion of your data when no longer needed.
    • Right to restriction of processing (GDPR Art. 18) — limit how we use your data in specific circumstances.
    • Right to data portability (GDPR Art. 20) — receive your data in a structured, machine-readable format.
    • Right to object (GDPR Art. 21) — object to processing based on legitimate interest, including direct marketing.
    • Right to withdraw consent (GDPR Art. 7(3)) — at any time, without affecting prior lawful processing.
    • Right not to be subject to automated decisions, including profiling (GDPR Art. 22), that produce legal effects on you.

    To exercise any of these rights, email privacy@solidmaint.com with a copy of an ID document. We will respond within one month (extendable by two months for complex requests).

    If you believe we have not handled your data properly, you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos — AEPD):

    https://www.aepd.es

    8. Security Measures

    We apply technical and organisational measures appropriate to the risk, including:

    • Encryption of data in transit (HTTPS/TLS 1.3) and at rest in our database.
    • Strict access controls with row-level security on every database table.
    • Bot-protection (Cloudflare Turnstile) and abuse rate-limiting on public forms.
    • Regular security reviews and prompt patching of dependencies.

    9. Cookies and Similar Technologies

    We use a small number of strictly necessary cookies (language preference, consent state) and Cloudflare security cookies. We do not use advertising or third-party tracking cookies. Full details:

    Read our Cookie Policy →

    10. Children's Privacy

    Our service is not directed to children under 16. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it promptly.

    11. Changes to this Policy

    We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest revision. Material changes will be communicated by email to subscribers or via a banner on the site.

    12. Contact

    For any privacy-related question or to exercise your rights, contact us at:

    Email: privacy@solidmaint.com

    Data Protection Officer (DPO):

    We have not appointed a formal DPO as we are not legally required to do so under Article 37 GDPR. The point of contact for all data-protection matters is privacy@solidmaint.com.