Privacy Policy

• Name: [NOMBRE_COMPLETO]
• Tax ID: [NIF]
• Address: [DOMICILIO]
• Email: [EMAIL_LEGAL]

For any privacy queries you can write to us at privacy@bearzip.com.

• Account data: username, email, password (bcrypt-hashed), role, registration date.
• Profile data: avatar, bio and any optional information you publish.
• Content: apps you upload, reviews, forum threads, private messages.
• Payment data: processed and stored by Stripe. We only keep a transaction identifier; we never see or store your card data.
• Technical data: IP address, user-agent and access logs for security and diagnostics.
• Sandbox: execution logs of the apps you try in the isolated environment.

• Contract performance: to provide the service you have signed up for (account, purchases, PRO subscription).
• Consent: for optional promotional emails; you can withdraw it at any time.
• Legitimate interest: for platform security, fraud prevention and service improvement.
• Legal obligation: to comply with tax obligations and requirements of competent authorities.

We use your data to:

• Manage your account and authenticate you.
• Process payments and billing.
• Show and distribute the apps you acquire.
• Send transactional emails (verification, password reset, purchase confirmations).
• Detect and prevent abuse or fraud.
• Handle complaints and technical support.

• Active account: while you keep the account open.
• After deleting the account: 30 days to allow recovery; afterwards, anonymization or deletion.
• Tax data: 5 years by Spanish legal obligation.
• Security logs: 90 days.
• Verification tokens: deleted automatically 7 days after expiring.

• Stripe (payments) — PCI DSS Level 1 compliant.
• Cloudflare R2 (storage of app files).
• Gmail SMTP (transactional email delivery).
• Hosting provider where the Platform runs.

We do not sell your data to third parties or share it for advertising purposes.

Some of our providers (Stripe, Cloudflare, Google) may process data outside the EEA. We ensure such transfers have adequate guarantees (Standard Contractual Clauses approved by the European Commission or adequacy decisions).

Under the GDPR and LOPDGDD, you have the right to:

• Access: request a copy of your data.
• Rectification: correct inaccurate data.
• Erasure (forgotten): delete your account and associated data.
• Objection: object to certain processing.
• Limitation: restrict processing in certain circumstances.
• Portability: receive your data in a structured, readable format.
• Withdraw consent at any time.

You can exercise these rights from Settings or by writing to privacy@bearzip.com. You have the right to file a complaint with the Spanish Data Protection Agency (www.aepd.es).

Export notice: the JSON file you download contains personal data (email, purchase history, messages, reviews). Once downloaded it is your responsibility to safeguard it; do not share it or upload it to public services.

We use essential technical cookies necessary for the Platform's operation (session, authentication). We do not use advertising or tracking cookies. The first time you visit the Platform a banner appears where you can choose between accepting only the necessary ones or all; your decision is stored locally. If we add analytics or marketing cookies in the future, we will request consent again.

We apply reasonable technical and organizational measures: bcrypt password hashing, HTTPS for all communications, security headers (CSP, HSTS, X-Frame-Options), rate limiting, container-based sandbox isolation and immediate session revocation on credential changes.

The Platform is not directed at minors under 16. If we detect a minor's account we will close it and delete its data.

We may update this policy to reflect legal or functional changes. We will notify you by email 14 days in advance if the change is substantial.