Legal & Privacy

Privacy Policy

Last updated: May 2026 · Effective date: 18 May 2026

1. Purpose of this Privacy Policy

This Privacy Policy explains how Massimo Céspedes ("DioGrid", "we", "us" or "our") collects and processes personal data through the DioGrid website, application, support channels, forms, commercial communications, account areas and related services. It is intended to provide the information required by the General Data Protection Regulation ("GDPR"), the Spanish Organic Law 3/2018 on Personal Data Protection and guarantee of digital rights ("LOPDGDD"), and other applicable data protection rules.

2. Data controller

Controller: Massimo Céspedes. NIE: X2156141Y. Registered address: Calle Pallars 166, primero. General contact: massimo.c@diogrid.app. Privacy contact: massimo.c@diogrid.app. Data Protection Officer, if appointed: Not applicable.

3. Scope

This Policy applies to personal data processed when you browse the public website, use the DioGrid app or account area, contact support, report an issue, subscribe to updates, purchase or manage a paid plan where available, or interact with DioGrid through official channels. It does not apply to third-party websites or services that DioGrid does not control.

4. Categories of personal data we may process

Depending on your use of the Service, we may process: (a) identification and contact data, such as name, email address and billing contact details; (b) account and authentication data, such as account identifier, login method, access status and security information; (c) billing and transaction information, such as plan, invoice data, purchase status, tax information where legally required, and payment confirmation data received from payment providers; (d) support and communications data, such as messages, attachments, bug reports, feedback and correspondence; (e) technical and usage data, such as device, browser, approximate diagnostic data, logs necessary for security and service operation, cookie identifiers where consent or exemption applies, and interaction data where analytics has been lawfully enabled; and (f) project or configuration data, such as saved builds, selected collections, exported configurations or similar content, only if the Service includes storage or cloud features.

5. Sources of data

We obtain personal data directly from you when you create an account, complete a form, contact us, make a purchase, configure the Service, or voluntarily provide information. We may also receive limited data from service providers involved in authentication, payments, hosting, email delivery, analytics or customer support, only where relevant to provide the Service or comply with law.

6. Purposes and legal bases

We process personal data for the following purposes and legal bases: (a) to provide the Service, manage access, enable account features, deliver purchased digital content or subscriptions, and respond to requests necessary for the contract — performance of a contract or pre-contractual measures; (b) to process invoices, accounting obligations, tax records and legally required documentation — compliance with legal obligations; (c) to respond to support requests, bug reports and general enquiries — performance of a contract where the request relates to the Service, or legitimate interest in managing communications and improving assistance; (d) to protect the Service, prevent abuse, investigate incidents and maintain security — legitimate interests in ensuring network and information security, without overriding user rights; (e) to send newsletters, product updates or promotional communications where required — consent, unless a legally permitted existing-customer communication basis applies and an opt-out is provided; (f) to use non-essential analytics, personalisation or advertising technologies — consent collected through the cookie or consent mechanism; and (g) to improve documentation, usability and service quality using aggregated or appropriately minimised information — legitimate interests where applicable or consent where legally required.

7. Whether data is mandatory

Data marked as required in forms, checkout or account creation is necessary to provide the requested service, process the request or comply with applicable obligations. If you do not provide required information, we may not be able to create an account, complete a purchase, respond to a request or provide the relevant feature. Optional fields are clearly intended to help us assist you better or improve the Service.

8. Recipients and processors

We may disclose personal data only where necessary to: (a) service providers acting as processors, such as hosting, infrastructure, email delivery, customer support, analytics, authentication or cloud providers; (b) payment and billing providers acting under their own role or as processors depending on the service; (c) professional advisers where necessary and subject to confidentiality; (d) public authorities, regulators, courts or law enforcement bodies when legally required; and (e) potential successors in a corporate reorganisation, merger or transfer of business, subject to applicable safeguards. We do not sell personal data.

9. International transfers

Some providers may process data from or provide support outside the European Economic Area. Where international transfers occur, DioGrid will rely on an appropriate transfer mechanism under Chapter V GDPR, such as an adequacy decision, Standard Contractual Clauses, or another lawful safeguard, and will provide additional information where required.

10. Retention periods

We retain personal data only for as long as necessary for the purpose for which it was collected and afterwards for any applicable legal limitation periods or mandatory retention obligations. In general: account data is kept while the account remains active and thereafter for the time needed to manage closure and possible claims; billing and tax records are retained for the legally required period; support requests and issue reports are retained for the time necessary to resolve the request and defend or manage potential claims; consent records are retained as evidence of the consent choice for the applicable period; marketing data is retained until you unsubscribe or withdraw consent; security logs are retained for the period reasonably necessary to detect, investigate and prevent incidents, then deleted or anonymised unless further retention is legally justified.

11. Your data protection rights

You may request access to your personal data, rectification of inaccurate data, erasure where applicable, restriction of processing, objection to processing based on legitimate interests, and data portability where the GDPR conditions are met. Where processing relies on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. You may exercise these rights by contacting massimo.c@diogrid.app. We may ask for information necessary to verify your identity when appropriate.

12. Right to complain

You have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos — AEPD) if you believe that your data protection rights have been infringed, without prejudice to any other administrative or judicial remedy available to you.

13. Children and minors

The Service is not intentionally directed at children below the age required to validly consent to information society services under applicable law. Where parental or guardian authorisation is legally required, the Service should not be used without it. If we become aware that personal data has been collected contrary to this rule, we will take reasonable steps to address it.

14. Security measures

DioGrid applies reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, alteration or disclosure, taking into account the nature of the data, the state of the art, implementation costs and the risks involved. No online service can guarantee absolute security, so users should also protect their credentials and devices.

15. Cookies and similar technologies

The website or app may use cookies, local storage or similar technologies. Essential technologies may be used where necessary to provide a service requested by the user. Non-essential technologies, such as certain analytics, personalisation or advertising tools, will only be activated when a valid legal basis exists, normally prior consent through the cookie banner or settings panel. More information is available in the Cookie Policy.

16. Automated decisions

DioGrid does not make decisions based solely on automated processing that produce legal effects concerning users or similarly significantly affect them, unless this is expressly stated for a specific feature and the applicable safeguards are provided.

17. Updates to this Policy

We may update this Privacy Policy to reflect legal, technical, operational or service changes. The latest version will always be published on the website with its effective date. Where required by law, we will provide additional notice.

18. Contact

Privacy questions and rights requests: massimo.c@diogrid.app. General contact: massimo.c@diogrid.app. Postal address: Calle Pallars 166, primero.