Privacy Policy

Pataluha Ventures S.L. · Last updated: 22 May 2026 · Version 2.6

Looking for the privacy notice that covers our marketing website? See https://solidmaint.com/privacy.

We comply with the EU General Data Protection Regulation (GDPR) and the Spanish Organic Law on Personal Data Protection (LOPDGDD 3/2018).

1. Data Controller

Pataluha Ventures S.L. ("we", "us"), NIF B26627539, registered in Spain, operates the SolidMaint platform (Customer app, Crew app, web back-office) and is the data controller for your personal data. SolidMaint S.L. (NIF B27612159, registered office c/o The Pool, Avda. Bulevar Príncipe Alfonso de Hohenlohe 2, 29602 Marbella, Málaga, Spain) is a subsidiary of Pataluha Ventures S.L., registered on 7 May 2026. Until the platform is transferred to SolidMaint S.L., Pataluha Ventures S.L. remains the sole controller. Contact: privacy@solidmaint.com

2. Personal Data We Collect

We collect different categories of data depending on which app you use (Customer or Crew). Where a category applies to only one app, we say so.

• Account data (both apps) — Name, email address, phone number, profile photo, language preference, role.
• Authentication data (both apps) — Hashed password, session tokens, optional Apple Sign In or Google Sign In federated identifier, optional biometric unlock state (Face ID / fingerprint stays on the device and is never transmitted).
• Property data (Customer app) — Address, cadastral reference, construction details, devices and appliances, uploaded documents.
• Service data (both apps) — Service requests, task history, photos (before / during / after work), captions, ratings, logbook entries.
• Payment data (Customer app) — SEPA mandate references, Stripe customer IDs, last-four card digits stored by Stripe (we do not store full card numbers). Crew payouts go through Stripe Connect; the crew app does not collect cards.
• Voice recordings (Crew app) — Voice notes for work reports and AI co-driving voice mode. Server-side transcription via Google Gemini; the audio file is deleted 30 days after upload, the transcript is retained with the task record.
• Receipt-OCR data (Crew app) — Receipt images uploaded for expense reporting; server-side line-item extraction (store name, date, items, totals) stored on the expense record.
• Location data (Crew app) — Precise GPS coordinates while a task timer is active, used for 100-metre geofence verification and for the foreground-service notification "tracking location during active task". Background location is requested only if you opt in to the timer-arrival reminder or while an active timer runs with the screen off. Coordinates are purged 8 weeks after task completion + invoice issuance.
• Communication data (both apps) — Chat messages between you and HQ, crew, customers, or task-group participants. WhatsApp inbound messages relayed via Twilio.
• Push tokens (both apps) — FCM (Android) / APNs (iOS) device push tokens linked to your user account, used to deliver notifications about service requests, task assignments, approvals, messages.
• Crash diagnostics (both apps) — Sentry crash reports, breadcrumbs (user-interaction events, performance traces) and a `userId` tag, used to diagnose bugs.
• Usage data (both apps) — Login timestamps, device info (model, OS version), IP address (used briefly for rate-limiting and security checks; not retained as a profile field).
• Operator-handled data (HQ back-office) — Our staff may enter, import, or otherwise process your contact and property data on your behalf as part of internal operational workflows (for example during onboarding, scheduling, follow-up, or service coordination). Such processing may include AI assistance — see §10 for the AI processors we use.

3. Legal Basis for Processing

• Contract performance (Art. 6(1)(b) GDPR) — processing necessary to provide the maintenance services you request and to pay crew members.
• Legitimate interest (Art. 6(1)(f) GDPR) — platform security, fraud prevention, crash diagnostics, anonymous service-quality analytics.
• Consent (Art. 6(1)(a) GDPR) — marketing communications (opt-in only); AI training-data persistence (see §10).
• Legal obligation (Art. 6(1)(c) GDPR) — tax records and invoice retention (up to 10 years — minimum 6 years per *Código de Comercio* Art. 30, extended to 10 years where records support a *base imponible negativa* per *Ley General Tributaria* Art. 66 bis).

4. How We Use Your Data

• Providing and improving our property maintenance services.
• Processing payments (customer side) and crew payouts (crew side via Stripe Connect).
• Communicating about service requests, tasks, approvals, and messages.
• Auto-translating chat messages between different language speakers.
• AI-assisted features: photo recognition (Smart Scan), voice transcription (Crew voice reports, AI co-driving), receipt OCR, agent assistance, vision analysis.
• Verifying crew presence at the property via geofence.
• Crash diagnostics and product analytics.
• Warranty expiry notifications for registered devices.

In-app conversations are NOT private from us

Messages in service-request chats (customer ↔ crew, customer ↔ HQ, crew ↔ HQ), in-app AI chat with our assistant, and WhatsApp conversations routed through our platform are visible to authorised HQ staff for:

• Service quality monitoring — spot-checking that the conversation between you and your assigned crew member is constructive, that quotes match what was agreed, and that issues are flagged early.
• Routine system maintenance and debugging — understanding what users have asked the AI assistant when a turn fails, why a translation produced an odd result, why a notification didn't land. We minimise this — but a closed-box "the system doesn't work" report can't be diagnosed without reading the failing turn.
• Dispute resolution — when a customer or crew member reports that the other party promised X and delivered Y, HQ reviews the chat to mediate fairly with documented evidence.

Messages are encrypted in transit and at rest (HTTPS in transit; AWS-managed encryption on the S3 mirror and on the Neon Postgres database). The encryption protects against third-party interception and infrastructure-provider access — it does not make conversations private from SolidMaint operations staff. For confidential matters (legal complaints, HR-style concerns), email privacy@solidmaint.com.

This applies equally to direct customer ↔ crew chats; the platform is operated as a managed service, not a peer-to-peer messaging tool.

5. Data Sharing / Sub-processors

We share your data only with the processors and sub-processors listed below. We do not sell your personal data. The list reflects the actual data flows in the apps; we update it when we change processors.

| Recipient | Location | What we share | Why |

| --- | --- | --- | --- |

| Stripe Payments Europe Ltd | Ireland (parent: Stripe Inc., US, with SCCs) | Card details, SEPA mandate references, customer / contractor IDs, payment metadata. Customer app collects cards in-app via the Stripe SDK; Crew app receives payouts only — no card collection. | Payment processing (customer) and crew payouts via Stripe Connect Express. |

| Neon Inc. | EU (AWS eu-central-1, Frankfurt) | Primary database — all relational data. | Managed Postgres hosting. |

| Fly.io | EU (Frankfurt `fra` region) | API server runtime. | API hosting. |

| Amazon Web Services (S3 + CloudFront) | S3 buckets in EU (eu-central-1); CloudFront edge cache global | Photos, voice recordings, receipt images, uploaded documents. | File storage and CDN delivery. The CloudFront edge cache may cache content outside the EU; SCCs apply. (We migrated from Cloudflare R2 in March 2026 due to Spanish ISP blocks on the prior CDN.) |

| Google LLC — Gemini API | US, with SCCs | AI chat content, photos sent for vision analysis, voice recordings sent for transcription, receipt and document content sent for parsing/OCR, and personal data (such as name, email, phone, address) processed by AI assistance in customer-facing or operator-facing tools. We use Google's paid Gemini tier, under which Google contractually commits not to use inputs or outputs to train its models. | AI assistance across customer-facing and operator-facing features. |

| Google LLC — Firebase Cloud Messaging | US, with SCCs | FCM device push token; minimal notification payload (no PII in the payload itself). | Android push notifications. |

| Google LLC — Google Maps Platform | US, with SCCs | Property addresses sent for geocoding; optional Street View display. | Map UI in the apps. |

| Apple Inc. — APNs | US, with SCCs | APNs device push token. | iOS push notifications. |

| Sentry GmbH (processor on AWS US) | Vienna (controller); US (processing) | Crash reports, breadcrumbs (interactions, performance), `userId` tag, device tag. | Crash diagnostics and performance monitoring. |

| Twilio Inc. | US, with SCCs and EU sub-processors | Phone number, SMS / WhatsApp message content. | SMS notifications and WhatsApp inbound relay. |

| Resend Inc. | US, with SCCs | Email address, message body. | Transactional email (account verifications, notifications). |

| Apple Inc. — Sign In with Apple | US, with SCCs | OAuth ID-token; optional relay email if you choose to hide your address. | Optional federated login. |

| Google LLC — Sign In | US, with SCCs | OAuth ID-token. | Optional federated login. |

| Assigned crew members | EU (operating in Spain) | Customer name, property address, access codes, task details — only for tasks assigned to that crew member. | Service delivery. |

6. Cross-Border Transfers

Primary data storage (database, file storage) is in the EU. Some processors operate in the United States for specific functions (AI inference, push notifications, crash diagnostics, email, OAuth identity); these international transfers rely on EU-Commission Standard Contractual Clauses per GDPR Art. 46(2)(c). Where a processor offers EU-residency options that we have selected, the §5 table says so.

7. Retention Periods

| Data type | Retention |

| --- | --- |

| Account data | Until account deletion + 30-day grace period |

| Voice recordings (Crew) | 30 days; transcript retained on the task record |

| Receipt images (Crew) | Retained on the expense record until account deletion |

| GPS coordinates from completed work | 8 weeks after task completion + invoice issuance |

| Chat messages | Until account deletion |

| Sentry crash events | 90 days (Sentry default plan retention) |

| Audit logs (security-relevant events) | 2 years |

| Financial records (transactions, invoices, payout receipts, invoice PDFs, accounting supporting documents) | Up to 10 years — minimum 6 years per *Código de Comercio* Art. 30, extended to 10 years for records supporting a *base imponible negativa* (loss carryforward) per *Ley General Tributaria* Art. 66 bis |

| AI training corpus (consent-only) | Until consent withdrawal or account deletion |

| Anonymised aggregate metrics | Indefinite; cannot be linked to you |

8. Security Measures

We protect your data with the following technical and organisational measures:

• TLS in transit — all client-server traffic uses HTTPS with modern cipher suites; HTTP is rejected at the load balancer.
• Encryption at rest — AWS-managed encryption on S3 file storage, provider-managed encryption on the Neon Postgres database, and Sentry-managed encryption on diagnostic data.
• Password hashing — passwords are stored as bcrypt hashes, never in plaintext.
• Role-based access control — HQ back-office and crew accounts have explicit roles (admin, supervisor, dispatcher, support, worker, customer) that gate which data each role can see.
• Audit logging — security-relevant events (login, role changes, data exports, account deletions, AI training-data toggles) are recorded and retained 2 years.
• Incident response — Sentry crash and error monitoring with operator-controlled access; PII handlers tagged for fast triage during security incidents.

9. Your Rights (GDPR Articles 15–22)

• Access (Art. 15) — Download all your data from Profile → Download My Data.
• Rectification (Art. 16) — Edit your profile at any time.
• Erasure (Art. 17) — Delete your account from Profile → Delete Account, or follow the data-deletion guide at `/legal/data-deletion`.
• Data portability (Art. 20) — Export your data as a machine-readable ZIP archive.
• Restriction (Art. 18) / Objection (Art. 21) — Email privacy@solidmaint.com.
• Withdraw consent (Art. 7(3)) — Toggle AI training-data persistence off in your profile, or unsubscribe from marketing emails via the link in any such email.
• Complaint — You may lodge a complaint with the Spanish data protection authority (AEPD) at www.aepd.es or with your local EU/EEA supervisory authority.

10. AI Processing and Training-Data Persistence

Some user and operational content is processed by AI models to power features (photo recognition, voice transcription, OCR, agent assistance, chat translation, document parsing, and other customer- and operator-facing AI assistance). Two distinct flows:

• Inference (always on) — Content relevant to the feature you are using, or to an operator action taken on your behalf, is sent to the relevant model (typically Google Gemini API), the model returns a result, and the result is stored on the related record (task, message, expense, property, etc.). This processing is necessary to deliver the feature you requested or to fulfil our service contract with you (Art. 6(1)(b) GDPR). We use Google's paid Gemini tier; under Google's API terms, paid inputs and outputs are not used to train Google's models, and Google's transient logs are retained no longer than necessary for abuse monitoring.
• Training-data persistence (consent only) — If you have toggled AI training data ON in your profile, we additionally retain the input + output of each AI call originating from your own activity in a pseudonymised archive on our own infrastructure for model improvement. This is consent-based (Art. 6(1)(a) GDPR) and you can withdraw consent at any time. AI calls made by our operators in the course of internal workflows do not flow through this opt-in archive; they are operational state, retained only as long as the relevant operational record exists.

Withdrawing consent removes your future calls from the training archive and triggers deletion of all previously-archived training records tied to your account. Use Profile → AI training data to toggle, or Profile → Erase AI training data to delete on demand. The deletion routine is `DELETE /v1/profile/ai-training-data` and is also invoked as part of full account deletion (`gdpr-delete.ts`).

Operational tables that hold AI session state (`ai_sessions`, `ai_turns`, `ai_tool_calls`) are runtime data, not training data. They exist to support resume-after-disconnect, debug-by-user, and audit-per-request, and they are deleted in the same cascade when you delete your account or revoke consent.

11. Cookies and Similar Technologies

We use only strictly-necessary cookies and storage. We do not set advertising, behavioural-tracking, or third-party analytics cookies.

Specifically: an authentication session token in `localStorage` (web) or `expo-secure-store` (mobile), anonymous service-worker / push-notification registrations, and platform crash-diagnostic identifiers (Sentry).

Our other processors do not set cookies in our apps; they receive request-bound telemetry only.

12. Children's Privacy

The platform is not intended for users under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact privacy@solidmaint.com.

13. Changes to This Policy

We will notify you of material changes via email and/or in-app notice at least 30 days before they take effect. The version number and date at the top of this page indicate when it was last updated.

14. Contact

For any privacy-related questions: privacy@solidmaint.com.

For account deletion, see the dedicated guide at /legal/data-deletion.