Privacy Policy

Last updated: 22.04.2026

This Privacy Policy explains what data the SpainTrails platform processes, for what purposes, and on what legal grounds. This document applies to the website, user account area, and user-generated content published on the platform.

1. Data Controller

The personal data controller is Pavel Pivkin, NIE: Z0425266R, address: C/ RAMBLA CATALUNYA 38 P08 01, 08020, BARCELONA, BARCELONA, España.

For privacy matters and data subject rights requests, contact support@spaintrails.es. General inquiries are accepted at support@spaintrails.es.

Data is processed in accordance with Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 (LOPDGDD), and Law 34/2002 on Information Society Services and Electronic Commerce (LSSI-CE).

2. Categories of Data We May Process

We process account data, public profile data, and user content that you publish on the platform.

Some data becomes visible to other users as part of the service functionality (for example, profile name, avatar, routes, comments, and interactions with posts).

  • Account data: email, username, profile details, avatar.
  • Authentication data: standard sign-in, Google OAuth, Facebook Login, Telegram Login.
  • User content: routes, descriptions, media files, comments, likes, favorites.
  • Technical data: IP address, device/browser information, security technical logs.
  • Communication data: support requests, service messages, and marketing communications.

3. Purposes and Legal Bases for Processing

We process data for the performance of the contract for platform use, compliance with legal obligations, legitimate interests related to security and service improvement, and your consent where required.

  • Contract performance: registration, sign-in, display of your content and profile, and operation of platform features.
  • Legitimate interests: moderation, anti-abuse, fraud prevention, and infrastructure protection.
  • Consent: analytics and other non-essential cookies, as well as marketing communications where applicable.
  • Legal obligations: responses to lawful authority requests and compliance with mandatory legal requirements.

4. Sign-In via Third-Party Providers

When signing in through Google, Facebook, or Telegram, we receive only the data set made available by the relevant provider and authorized by you during sign-in.

Data processing by those providers is governed by their own policies, and you accept their terms when using that authentication method.

5. Disclosure to Third Parties

We may share data with processors that technically help us provide the service, and only to the extent necessary for those purposes.

Data may also be disclosed where there is a legal obligation or to protect the rights and security of the platform and its users.

  • Hosting and infrastructure: Vercel (frontend hosting), Railway (backend hosting and infrastructure), DonDominio/MrDomain (DNS and domain registrar).
  • Media storage: Supabase (media storage).
  • Email and mailing services: Resend (transactional email delivery), Email newsletters: Resend; Telegram newsletters: sent directly via Telegram Bot API (no third-party aggregator).
  • Analytics (with consent): Google Analytics (with user consent).

6. International Data Transfers

Some providers may be located outside Spain/the EEA. In such cases, legally required safeguards are applied, including contractual guarantees and other permitted transfer mechanisms.

7. Data Retention Periods

We retain personal data only for as long as necessary for the processing purposes, contract performance, and compliance with legal obligations.

After retention periods expire, data is deleted or anonymized unless otherwise required by law.

8. Your Rights

You may request access, rectification, erasure, restriction of processing, portability, and objection to processing in the cases provided by law.

You may also withdraw consent for non-essential processing categories (for example, analytics or marketing communications) without losing access to the platform's core features.

Data subject rights requests are handled within the timeframes established by GDPR, generally within one month from receipt of the request.

9. Complaints and Inquiries

If you believe your rights have been violated, please contact us first at support@spaintrails.es.

You also have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Espanola de Proteccion de Datos, AEPD).

or

Don't have an account? Sign up