Privacy Policy & Cookies

Effective Date: 01/01/2026
Data Controller: CAUSFY GLOBAL TECHNOLOGIES, S.L.
NIF: [NIF pendiente]
Registered Office: C/ Princesa 31, planta 2, puerta 2, 28008 Madrid, Spain
Commercial Registry: [Registro Mercantil — pendiente]
Privacy Contact: [[email protected] — confirmar]

This Policy explains what personal data we collect, how we use it, on what legal basis, who we share it with, how long we retain it, and what rights you have when using Causfy. It applies to our websites (causfy.com, causfy.app), applications, dashboards, forms, and related services. This Policy is part of the Terms of Service.

This Policy is governed by Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 (LOPDGDD), and applicable Spanish data protection legislation.

1. Data Controller

The data controller is CAUSFY GLOBAL TECHNOLOGIES, S.L., with registered office at C/ Princesa 31, planta 2, puerta 2, 28008 Madrid, Spain. Contact for privacy matters: [[email protected] — confirmar].

2. Categories of Personal Data We Collect

Identification and contact data:

• Name, email address, and basic account data.
• Technical session and security identifiers.
• Access logs for fraud prevention and account protection.

Campaign content:

• Text, images, videos, links, evidence, updates, and any content published by the creator.
• Campaign-related interactions when the product enables them.

Financial and transaction data:

• Amount, currency, date, status, and operation references.
• Payment method used when applicable.
• Network technical references when applicable in crypto operations.

KYC/KYB verification data (when applicable):

• Identity or business documentation necessary for KYC or KYB verification (may be processed by authorised third-party providers: [Proveedor KYC/KYB — pendiente]).
• Anti-fraud signals and compliance-related checks.

Support and communications data:

• Data you provide when requesting support, reviews, or reports.
• Evidence and files you choose to attach.
• Questions and messages sent to AI assistants.
• Files or materials uploaded by creators for campaign assistants.

Technical and diagnostic data:

• Security and diagnostic logs to prevent abuse and maintain the service.
• Cookies necessary for session, security, and preferences.
• Analytics cookies when enabled (see Cookies section below).
• Third-party technologies when a creator integrates pixels or tags (creator responsibility).

3. Legal Bases for Processing

4. Data Retention

We retain personal data for the time necessary for each purpose and for the applicable legal retention periods:

• Account data: for the duration of the contractual relationship and thereafter as required by applicable law (generally up to 5–10 years for commercial/tax records).
• KYC/KYB data: as required by anti-money laundering legislation (generally 5 years from the end of the relationship under Spanish and EU AML rules).
• Transaction data: as required by tax and commercial law (generally 5–7 years).
• Security and fraud logs: up to 12 months from creation, or longer if required for ongoing legal proceedings.
• Support communications: up to 3 years from resolution, or longer if legally required.

After the applicable retention period, data will be securely deleted or anonymised.

5. Recipients and Data Sharing

We share personal data only when necessary with:

• Infrastructure and technology providers: hosting, security, monitoring.
• Payment providers: [Proveedor de pagos — pendiente] for processing payments and payouts.
• KYC/KYB providers: [Proveedor KYC/KYB — pendiente] for identity verification.
• AI tool providers: [Proveedor de IA — pendiente] for AI assistant functionality (see AI Policy).
• Public authorities and courts: when required by applicable law, a court order, or lawful regulatory request.

We do not sell personal data as a business model.

Campaign content is public when the creator publishes it as such. Donor visibility may be configurable according to product options, with technical and legal limits.

6. International Transfers

If personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) adopted by the European Commission.
• Transfers to countries with an adequacy decision by the European Commission.

Details of applicable transfers and safeguards are available on request at [[email protected] — confirmar].

7. Minors

Causfy’s services are not directed to minors under 14 years of age, in accordance with Article 7 of LOPDGDD. We do not knowingly collect personal data from children under 14. If you believe a minor under 14 has provided us with personal data, please contact us at [[email protected] — confirmar] and we will delete it promptly.

8. Cookies

Causfy uses cookies and similar tracking technologies. Categories:

• Strictly necessary cookies: required for the service to function (session, security, authentication). No consent required.
• Analytics cookies: used to understand how users interact with the service. Require consent where applicable under LSSI and GDPR.
• Third-party cookies: may be placed by creator-integrated tools. Creators are responsible for obtaining required consents.

You may manage cookie preferences through our cookie consent tool or your browser settings. Blocking certain cookies may affect service functionality.

A detailed Cookie Policy is [pending — confirmar].

9. Third-Party Tools Integrated by Creators

Causfy may allow a creator to incorporate third-party measurement or advertising tools in their campaign. In those cases:

• The third party may collect data according to their own policies.
• The creator is solely responsible for informing users, obtaining required consents, and complying with GDPR, LSSI, and other applicable regulations in their campaign.
• Causfy may restrict abusive or insecure integrations.

10. Security

We apply reasonable technical and organisational security measures appropriate to the risk, in accordance with Article 32 GDPR. No system is infallible. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the competent supervisory authority and, where required, affected data subjects in accordance with GDPR Articles 33–34.

11. Your Rights under GDPR

As a data subject, you have the following rights under GDPR (Articles 15–21), subject to applicable conditions and exceptions:

• Right of access (Art. 15): obtain confirmation of whether we process your data and a copy of it.
• Right to rectification (Art. 16): request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17): request deletion of your data (“right to be forgotten”) where applicable.
• Right to restriction of processing (Art. 18): request that we limit processing in certain circumstances.
• Right to data portability (Art. 20): receive your data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21): object to processing based on legitimate interest, including profiling.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise your rights, contact us at: [[email protected] — confirmar]. We will respond within one month (extendable by two additional months in complex cases), in accordance with Art. 12 GDPR.

12. Right to Lodge a Complaint

You have the right to lodge a complaint with the Spanish supervisory authority:

Agencia Española de Protección de Datos (AEPD)
Website: www.aepd.es
Address: C/ Jorge Juan, 6, 28001 Madrid, Spain

You may also lodge a complaint with the supervisory authority of your habitual residence within the EU.

13. Updates

We may update this Policy. We will publish the current version with its date. Where required by applicable law, we will notify you of material changes and seek renewed consent if necessary. Continued use of the Services may constitute acceptance of non-material updates.