Privacy Policy (GDPR Compliance)

1. Data Controller

In accordance with Regulation (EU) 2016/679 (GDPR), users are informed that personal data collected on this platform is processed under a joint-controller agreement by Alba Cruz Carmona and Álvaro Rosa Zamora (hereinafter, the "Controllers").
  • Location: Palma del Río, Spain.
  • Primary Contact: support@pekumia.com

Pekumia is currently a free personal project. The Controllers reserve the right to transfer data ownership to a legal entity (company or self-employed) should the project evolve into a commercial activity, ensuring prior notice to all users.

2. Data Collection and Purpose

Pekumia processes data voluntarily provided for the following purposes:
  • Account Management: Use of email and password for registration and secure access.
  • Personal Financial Management: Technical processing of data manually entered by the user. Pekumia does not sell or share this financial data with third parties.
  • Support and Notifications: Technical communications regarding the service or legal updates.
  • Service Evolution: Should premium features or paid services be offered in the future, necessary billing data will be requested under a new consent agreement.

3. Legal Basis for Processing

The legal basis is the Express Consent provided by the user upon registration and acceptance of this policy, alongside the Performance of a Contract (service delivery) when using the application.

4. Data Recipients and Hosting

User data is stored securely on OVHcloud servers, with data centers located in Europe. This provider acts as a Data Processor and complies with EU security and privacy regulations.

5. User Rights (ARCO+)

You have the right to access, rectify, erase (Right to be Forgotten), request portability, restriction, and object to the processing of your data by emailing support@pekumia.com. You also have the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

6. Retention and Backup Cycle

  • Active Deletion: The "Close Account" option immediately deletes data from the production database.
  • Backups: For technical security, data may remain in backup copies until automatic overwriting (cycle of 30 to 90 days). During this period, data is blocked and will not be restored to the active system.

7. Digital Will

In accordance with Spanish law (LOPDGDD), heirs or persons linked to a deceased user may request access to or deletion of content, unless expressly prohibited by the deceased.

8. Minors

Use is restricted to individuals over 14 years of age. Accounts detected belonging to minors without proper authorization will be immediately deleted.

9. Data Security

Technical measures such as SSL encryption are applied. The user is responsible for the accuracy of manually entered data and the safekeeping of their access password.

10. Policy Modifications

The Controllers reserve the right to modify this policy to adapt it to new legislation or changes in the business model. Any substantial changes will be notified to users in advance.