Privacy policy
Last updated: 02/26/2026
1. DATA CONTROLLER
SolveLens is the controller of the personal data you provide when using our service.
Controller details:
• Trade name: SolveLens
• Contact email: jordimolgom@gmail.com
2. DATA WE COLLECT
2.1. Identification Data
• Full name
• Email address
• Company name (optional)
• Phone number (if provided)
2.2. Payment Data
Payment data (credit card, etc.) is managed exclusively by Stripe, a PCI-DSS certified company. SolveLens does NOT store or have access to complete credit card data.
2.3. Technical Access Data
For the maintenance service, we collect:
• Hosting/FTP credentials
• WordPress or other CMS access credentials
• Database access credentials
• DNS access information (if necessary)
• URLs of managed websites
This data is stored encrypted and only used for service delivery.
2.4. Browsing Data
Through cookies and similar technologies, we collect:
• IP address
• Browser type
• Pages visited
• Date and time of visits
• Preferred language
For more information, see our Cookie Policy.
2.5. Communication Data
• Email communication history
• Change requests or support requests
• Comments or feedback provided
3. PURPOSE OF PROCESSING
Data is processed for the following purposes:
3.1. Service Delivery
• Manage subscription and billing
• Provide the contracted web maintenance service
• Perform backups
• Monitor website status (Pro Plan)
• Respond to change or support requests
3.2. Communications
• Send subscription confirmations and invoices
• Send notifications about service status
• Send alerts in case of incidents (Pro Plan)
• Respond to queries and requests
3.3. Service Improvement
• Analyze service usage to improve our offering
• Perform aggregated statistics (without identifying users)
• Develop new features
3.4. Legal Compliance
• Comply with legal and tax obligations
• Respond to requests from competent authorities
• Maintain records according to applicable legislation
4. LEGAL BASIS
Data processing is based on:
4.1. Contract Performance
• Data necessary for the provision of the contracted service
• Identification, payment and technical access data
• Legal basis: Article 6.1.b) GDPR
4.2. Consent
• Non-essential cookies
• Commercial communications (if consent has been given)
• Legal basis: Article 6.1.a) GDPR
4.3. Legitimate Interest
• Service improvement and user experience
• Security and fraud prevention
• Legal basis: Article 6.1.f) GDPR
4.4. Legal Obligation Compliance
• Invoice and tax record retention
• Legal basis: Article 6.1.c) GDPR
5. DATA RETENTION
5.1. Processing Duration
Data will be retained while:
• The contractual relationship lasts
• Necessary for service delivery
• Required by applicable legislation
5.2. Post-Contract Retention
After contract termination:
• Billing data: 6 years (tax obligation)
• Technical access data: deleted within 90 days maximum
• Communication data: deleted within 1 year maximum
• Backups: deleted within 90 days after cancellation
5.3. Deletion
Once retention periods have ended, data will be securely and permanently deleted.
6. RECIPIENTS
6.1. Data Sharing
Data may be shared with:
• Stripe: Payment processing (PCI-DSS certified)
- Shared data: Payment information (only Stripe has access to cards)
- Legal basis: Contract performance
- Privacy policy: https://stripe.com/privacy
• Hosting Providers: For maintenance service delivery
- Shared data: Access credentials (under confidentiality agreements)
- Legal basis: Contract performance
• Communication Services: For email sending
- Shared data: Email addresses
- Legal basis: Contract performance
• Public Administrations: When legally required
- Shared data: Strictly necessary data
- Legal basis: Legal obligation compliance
6.2. International Transfers
Some data may be processed by services located outside the European Economic Area (EEA), always with adequate safeguards:
• Stripe: PCI-DSS certified and standard contractual clauses
• Other services: With adequate safeguards according to GDPR
7. USER RIGHTS
In accordance with the General Data Protection Regulation (GDPR), you have the following rights:
7.1. Right of Access
You have the right to know what data of yours we are processing and to obtain a copy of it.
7.2. Right of Rectification
You have the right to request correction of inaccurate or incomplete data.
7.3. Right to Erasure ("Right to be Forgotten")
You have the right to request deletion of your data when:
• They are no longer necessary for the purposes for which they were collected
• You withdraw consent
• You object to processing and there are no other legitimate grounds
• Data has been processed illegally
7.4. Right to Restrict Processing
You have the right to request restriction of processing of your data in certain circumstances.
7.5. Right to Data Portability
You have the right to receive your data in a structured format and to transmit it to another controller.
7.6. Right to Object
You have the right to object to the processing of your data for reasons related to your particular situation.
7.7. Right to Withdraw Consent
When processing is based on consent, you have the right to withdraw it at any time without affecting the lawfulness of previous processing.
7.8. Right to Lodge a Complaint
You have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) if you consider that the processing of your data does not comply with the regulations.
AEPD Contact:
• Website: https://www.aepd.es
• Phone: 912 663 517
• Address: C/ Jorge Juan, 6, 28001 Madrid
8. EXERCISING RIGHTS
To exercise any of these rights, you must contact:
• Email: jordimolgom@gmail.com
• Subject: "GDPR Rights Exercise"
• You must include: Full name, contact email and right you wish to exercise
We commit to respond within a maximum period of 30 days.
9. SECURITY
9.1. Security Measures
We implement adequate technical and organizational measures to protect your data:
• Encryption of sensitive data (credentials, etc.)
• Restricted access to data (principle of least privilege)
• Regular security updates
• Encrypted backups
• Security monitoring
• Staff training in data protection
9.2. Security Incident
In case of a security breach that may affect your data, we will inform you within a maximum period of 72 hours in accordance with GDPR.
10. COOKIES AND SIMILAR TECHNOLOGIES
For more information on cookie usage, see our Cookie Policy.
11. POLICY MODIFICATIONS
We reserve the right to modify this privacy policy. Any modification will be notified with at least 30 days' notice by email or through the control panel.
12. CONTACT
For any questions about this privacy policy or about the processing of your data:
• Email: jordimolgom@gmail.com
• Response time: 24-48 hours on business days
This privacy policy forms part of the Terms and Conditions of the Service.