Privacy Policy

1. Data Controller

The data controller for your personal data is Concreto Software de Hormigón S.L. (hereinafter, "Concreto"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. By using Concreto, you agree to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

  • Registration data: name, email, password.
  • Billing data: payment information processed by secure third parties.
  • Technical data: input data and operations you create on the platform.
  • Communications: support messages, feedback, comments.

2.2 Automatically Collected Information

  • Usage data: pages visited, features used, session time.
  • Device information: browser type, operating system, IP address.
  • Cookies: we use cookies to improve user experience.
  • System logs: error logs and activity records for maintenance.

3. How We Use Your Information

We use the collected information to:

  • Provide the service: process and store calculations, generate reports, manage your account.
  • Improve the platform: analyze usage, develop new features.
  • Communication: send important notifications, service updates.
  • Technical support: respond to inquiries, resolve technical issues.
  • Security: prevent fraud, protect against unauthorized access.
  • Terms compliance: analyze access patterns to ensure compliance with the terms of use.
  • Legal compliance: comply with legal and regulatory obligations.
  • Billing: process payments and manage subscriptions.

4. Legal Basis for Data Processing

We process your personal data under the following legal bases:

  • Contract performance: necessary to provide the service.
  • Consent: when you explicitly accept.
  • Legitimate interest: improve the service, prevent fraud.
  • Legal obligation: comply with legal requirements.

5. Sharing Information with Third Parties

We do not sell your personal data. We may share information with:

5.1 Service Providers

  • Hosting: cloud storage and computing services (within the EU).
  • Payment processing: Stripe or other secure processors.
  • Accounting: Holded or other secure software.
  • Analytics: usage analysis tools (anonymized when possible).
  • Email: transactional email services (Amazon SES).

5.2 Legal Requirements

We may disclose information if required by law, court order, or to protect our legal rights.

5.3 Business Transfers

In case of merger, acquisition, or sale of assets, your data may be transferred to the new owner.

6. Data Security

We implement technical and organizational security measures to protect your data:

  • Data encryption in transit (HTTPS/SSL).
  • Encryption of sensitive data at rest.
  • Two-factor authentication available (2FA).
  • Regular backups.

However, no system is 100% secure. You are responsible for maintaining the confidentiality of your password and being vigilant against social engineering attacks, such as mass and/or targeted "phishing" attempts.

7. Data Retention

We retain your personal data while:

  • Your account is active or your subscription is in effect.
  • It is required by legal obligations.

After subscription cancellation, we maintain your account and data to facilitate a possible reactivation, unless you request its deletion.

After deletion of your account, we retain your tax data for 4 years according to legal and accounting requirements.

8. Your Rights

Depending on your location, you may have the following rights:

  • Access: request a copy of your personal data.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of your data ("right to be forgotten").
  • Objection: object to processing of your data.
  • Restriction: limit processing of your data.
  • Withdraw consent: when processing is based on consent.

To exercise these rights, contact us through the support channels. Exercising these rights may result in the inability to provide the service.

9. Cookies and Similar Technologies

We use cookies and similar technologies for:

  • Essential: necessary for site operation.
  • Functional: remember preferences and settings.
  • Analytics: understand how the platform is used.
  • Performance: improve speed and functionality.

10. International Data Transfers

Some of our providers (such as Amazon SES for email delivery) may process data outside the EU. In these cases, we ensure that adequate safeguards exist to protect your data, such as the Data Privacy Framework (DPF) or other safeguards recognized by European regulations.

11. Changes to this Policy

We may update this Privacy Policy periodically. Significant changes will be notified by email or through a notice in the application. The "Last updated" date at the end of this policy indicates when the last modification was made.

12. Links to Third-Party Sites

Concreto may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We recommend reading their privacy policies.

13. Contact and Inquiries

If you have questions about this Privacy Policy or wish to exercise your rights, you can contact us through the support system within the application.

Last updated: 2026