Privacy Policy

Effective Date: April 27, 2024

Last Updated: January 28, 2026

TONVI TECH SL ("we", "our", "us", "Upload-Post") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website https://www.upload-post.com and related services (collectively, the "Services").

This Privacy Policy is designed to comply with the General Data Protection Regulation (GDPR) (EU) 2016/679, the Spanish Organic Law 3/2018 on Personal Data Protection (LOPDGDD), and other applicable data protection laws.

1. Information We Collect

1.1 Information You Provide Directly

• Account Information: Name, email address, password, and profile information when you create an account
• Payment Information: Billing address, payment card details (processed securely by our payment processors Stripe and Paddle)
• Communications: Messages, support requests, and feedback you send to us
• User Content: Videos, images, text, and other content you upload through our Services

1.2 Information from Third-Party Platforms

When you connect social media accounts, we may receive:

• Profile information (name, username, profile picture)
• Account identifiers and access tokens
• Platform-specific data required for posting (channel IDs, page IDs)
• Limited analytics data where permitted by the platform

1.3 Information Collected Automatically

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, features used, time spent, click patterns
• Log Data: Server logs, error reports, API requests
• Cookies and Similar Technologies: See Section 8 for details

2. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance (Art. 6(1)(b) GDPR): Processing necessary to provide our Services and fulfill our contractual obligations to you
• Legitimate Interests (Art. 6(1)(f) GDPR): Processing for our legitimate business interests, such as improving our Services, fraud prevention, and security
• Consent (Art. 6(1)(a) GDPR): Processing based on your explicit consent, such as marketing communications
• Legal Obligation (Art. 6(1)(c) GDPR): Processing required to comply with legal requirements

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Provision

• Creating and managing your account
• Processing and posting your content to connected social media platforms
• Processing payments and subscriptions
• Providing customer support

3.2 Service Improvement

• Analyzing usage patterns to improve our Services
• Developing new features and functionality
• Conducting research and analytics

3.3 Communication

• Sending service-related notifications (transactional emails)
• Responding to inquiries and support requests
• Sending marketing communications (with your consent)

3.4 Security and Compliance

• Detecting, preventing, and addressing fraud and abuse
• Enforcing our Terms of Use
• Complying with legal obligations

4. Information Sharing and Disclosure

We do NOT sell your personal data. We may share your information in the following circumstances:

4.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our Services:

• Payment Processors: Stripe, Paddle (for payment processing)
• Cloud Infrastructure: For hosting and data storage
• Analytics: Plausible Analytics (privacy-focused, no personal data shared)
• Email Services: For transactional and marketing emails

4.2 Social Media Platforms

When you use our Services to post content, your content and associated metadata are transmitted to the social media platforms you have connected. This transmission is necessary to provide our core service functionality.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights, privacy, safety, or property
• Prevent fraud or illegal activities
• Respond to lawful requests from public authorities

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change and your choices regarding your data.

5. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules where applicable
• For US transfers: EU-US Data Privacy Framework certification where applicable

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal data for as long as necessary to:

• Provide our Services and maintain your account
• Comply with legal obligations (e.g., tax records for 6 years)
• Resolve disputes and enforce our agreements
• Prevent fraud and abuse

Specific retention periods:

• Account Data: Until account deletion + 30 days
• Transaction Records: 6 years (legal requirement)
• User Content: Until deletion by user or account termination
• Log Data: 90 days
• Analytics Data: 26 months (aggregated, anonymized)

8. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

8.1 Essential Cookies

Required for the website to function properly (authentication, security, preferences). These cannot be disabled.

8.2 Analytics Cookies

We use Plausible Analytics, a privacy-focused analytics service that does not use cookies and does not collect personal data. No consent is required for Plausible.

8.3 Marketing Cookies

With your consent, we may use cookies for advertising and conversion tracking (e.g., Google Ads). You can withdraw consent at any time.

You can manage cookie preferences through your browser settings or our cookie consent banner.

9. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

• Right of Access (Art. 15): Request a copy of your personal data
• Right to Rectification (Art. 16): Request correction of inaccurate data
• Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
• Right to Restriction (Art. 18): Request limitation of processing
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests
• Right to Withdraw Consent (Art. 7): Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint (Art. 77): File a complaint with a supervisory authority

9.1 Exercising Your Rights

To exercise any of these rights, please contact us at:

• Email: [email protected]
• Address: Calle Puerta del Mar, 18 5th Floor, 29005 Málaga, Spain

We will respond to your request within 30 days. We may need to verify your identity before processing your request.

9.2 YouTube API Data

If you have authorized our application to access your YouTube data:

• You can revoke access at any time through Google security settings
• Upon account deletion request, we will delete all stored YouTube API data within 30 days
• To request deletion, contact us at the email address above

10. Children's Privacy

Our Services are not intended for children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will delete that information immediately. If you believe we have collected data from a child, please contact us at [email protected].

11. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you access.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on our website at least 30 days before the changes take effect. Your continued use of our Services after the effective date constitutes acceptance of the updated Privacy Policy.

13. Supervisory Authority

If you are located in the European Union and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD): www.aepd.es

14. Contact Us

For any questions or concerns about this Privacy Policy or our data practices, please contact us:

• Company: TONVI TECH SL
• C.I.F.: B-19780394
• Address: Calle Puerta del Mar, 18 5th Floor, 29005 Málaga, Spain
• Email: [email protected]