1. Data Controller
The data controller responsible for your personal data is Pablo Alfaya Fernandez, operating as Equafy, with address at Calle La Santa Maria 86, Spain. For any privacy-related requests or questions, you may contact us at info@getequafy.com.
2. Data We Collect and Why
We collect and process data necessary to provide and improve the Equafy service. This includes:
- Account data: email address, name, and job title (if provided) to manage your account and authenticate you.
- Project and equity data: project names, member names, contribution types, amounts, and multipliers. This data is used to perform equity calculations and to display each party's share of the company (cap table and related outputs).
- Payment data: billing is handled by our payment provider; we do not store full card numbers. We may store billing-related identifiers and subscription status.
- Usage data: we may collect information about how you use the platform (e.g., features used, actions taken) to improve the service and fix issues.
3. Legal Basis and Purpose
We process your data to perform our contract with you (account and subscription management, equity calculations), to comply with legal obligations, and where we have a legitimate interest in improving and securing the service. Where required by law, we will obtain your consent before processing for additional purposes.
4. Third-Party Processors
We use trusted third-party service providers to operate Equafy. These include:
- Stripe — for payment processing and subscription management. Stripe's privacy policy applies to payment data they process.
- Supabase — for authentication, database storage, and backend services. Your account and project data are stored and processed through Supabase in accordance with their data processing terms.
- Vercel — for cloud hosting and frontend delivery. Vercel processes infrastructure data, including IP addresses, to ensure the security, performance, and reliability of the platform.
We ensure that these providers offer adequate safeguards (e.g., standard contractual clauses or equivalent) where data is transferred outside the European Economic Area or your jurisdiction.
5. GDPR Rights (European Union / EEA)
If you are in the European Union or the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):
- Right of access: you may request a copy of the personal data we hold about you.
- Right to rectification: you may ask us to correct inaccurate or incomplete data.
- Right to erasure: you may request deletion of your personal data, subject to legal retention requirements.
Important Exception Regarding Equity Data: Please note that while you can delete your account and personal profile information, we cannot delete your historical contribution data, risk multipliers, or presence in the immutable Audit Log of a shared project. Retaining this specific data is strictly necessary under our "legitimate interest" to preserve the mathematical integrity of the cap table and the legal rights of your co-founders or partners within that project.
- Right to restrict processing: you may ask us to limit how we use your data in certain circumstances.
- Right to data portability: you may request your data in a structured, machine-readable format.
- Right to object: you may object to processing based on legitimate interests or for direct marketing.
- Right to withdraw consent: where we rely on consent, you may withdraw it at any time.
- Right to lodge a complaint: you may lodge a complaint with a supervisory authority in your country.
To exercise these rights, contact us at info@getequafy.com. We will respond within the timeframes required by applicable law.
6. CCPA / California Privacy Rights (United States)
If you are a California resident, the California Consumer Privacy Act (CCPA) and related laws may provide you with additional rights:
- Right to know: you may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purpose for collection, and the categories of third parties with whom we share it.
- Right to delete: you may request deletion of your personal information, subject to certain exceptions.
- Right to opt out of sale or sharing: we do not sell your personal information. We may share data with service providers as described in this policy.
- Right to non-discrimination: we will not discriminate against you for exercising your privacy rights.
To submit a CCPA request, contact us at info@getequafy.com and specify that you are a California resident. We may need to verify your identity before processing your request.
7. Data Retention and Security
We retain your data for as long as your account is active and as needed to provide the service, comply with legal obligations, resolve disputes, and enforce our agreements. We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or alteration.
8. Cookies and Local Storage
We use essential cookies and local storage mechanisms (such as those provided by Supabase) strictly to keep you logged in securely and ensure the platform functions correctly. We do not use intrusive tracking or advertising cookies. By using Equafy, you consent to the use of these strictly necessary operational cookies.
9. Changes and Contact
We may update this Privacy Policy from time to time. We will indicate the "Last updated" date at the top and, where required, notify you of material changes. Continued use of Equafy after changes constitutes acceptance of the updated policy. If you believe your privacy rights have been violated, you also have the right to file a complaint directly with the Spanish Data Protection Agency (AEPD). For any questions or to exercise your rights, contact us at info@getequafy.com or at Calle La Santa Maria 86, Spain.