← Home
Privacy Policy
Last updated: May 8, 2026
⚠️ Template to personalize: Before publishing the final version, replace the items marked
[FILL IN] with your real data (name, tax ID, email) and review with a lawyer or specialised service like
iubenda.com.
This note will disappear in the final version.
1. Who we are
Data controller:
- Name:
[FILL IN — your full legal name or company name]
- Tax ID (NIF/CIF):
[FILL IN]
- Address:
[FILL IN — fiscal address]
- Email: hola@lloretbylocal.com
The Lloret by Local app ("the app") is curated and operated by us as a personal travel guide for Lloret de Mar.
2. What data we collect
2.1 Data you provide directly
- Email and password (encrypted) when you create an account
- Name or alias you choose for your public profile
- Profile picture (optional)
- Year of birth (optional)
- Reviews and ratings you write about plans
2.2 Data collected automatically
- Real-time location (only while actively using the app and with permission granted) — to show you on the map and follow the itinerary. We do not store or transmit it.
- Saved / completed plans — linked to your account to sync between devices.
- Purchases made — record of which premium plans you've unlocked (via Apple/Google).
- App language and preferences — to remember your settings.
2.3 Data we do NOT collect
- ❌ No tracking cookies, ad pixels or fingerprinting tools
- ❌ We do not sell any data to third parties
- ❌ We do not collect payment information directly — Apple/Google handle it
- ❌ We do not access your address book, contacts or photo library beyond what you enable
3. Why we use it
- Operate the service: show you plans, remember your progress, sync between devices.
- Verify reviews: only people who completed a plan can write a review of it.
- Improve the app: anonymous usage stats to improve content.
- Technical communications: password reset, account confirmation emails.
We do not send newsletters or marketing emails without your explicit consent.
4. Legal basis (GDPR)
- Performance of contract (art. 6.1.b GDPR): to deliver the plans you bought.
- Consent (art. 6.1.a GDPR): for location permission, profile picture and reviews.
- Legitimate interest (art. 6.1.f GDPR): for technical security and fraud prevention.
5. Where we store data
- EU servers: our data is hosted on Supabase (data centre in Frankfurt, Germany).
- We do not transfer data outside the EEA without adequate safeguards.
6. How long we keep it
| Data type | Retention |
|---|
| User account | Until you delete the account |
| Saved plans / purchases | Until you delete the account |
| Reviews | Until you or we delete them |
| Payment data | Managed by Apple/Google |
| Technical logs | 30 days |
When you delete your account from inside the app (Settings → My account → Delete account), all your data is erased immediately.
7. Your rights (GDPR)
You have the right to:
- Access the data we have about you
- Rectify it if incorrect
- Erase it ("right to be forgotten") — you can do this directly from the app
- Portability — request a file with your data
- Restrict processing or object to it
- Withdraw consent at any time
- File a complaint with the supervisory authority (Spanish Data Protection Agency — aepd.es)
To exercise any of these rights, write to hola@lloretbylocal.com. We'll respond within one month.
8. Minors
The app is not directed at children under 14. If we discover we hold data from a minor without their guardians' consent, we will delete it.
9. Changes to this policy
We may update this policy. If we make substantial changes we'll notify you in the app or by email. The date at the top indicates the last version.
10. Contact