Privacy Policy
Last updated: 11 July 2026. Document under review by Spanish legal counsel.
1. Data controller
PAIQ RAAS, S.L., tax ID (NIF) B27677392, C/ Poeta Francisco Coronado y Delicado nº 6, 3A, 29011 Málaga. Privacy contact: hello@paiq.io.
2. Data we process
- Purchase data: buyer email and payment data, processed by Stripe (we do not store card data).
- Scan usage data: the URLs submitted for analysis and the audit result. Reports are generated on demand and are not stored on our servers.
- Technical records: IP address and connection data in server logs, for security and abuse prevention.
- Browser local storage: holds only your language preference, your theme preference (light or dark) and your unlock code, on your device. We use no tracking cookies and no third-party analytics.
3. Purposes and legal bases
- Providing the Service and delivering the report and unlock code: performance of a contract (art. 6.1.b GDPR).
- Security, fraud and abuse prevention: legitimate interest (art. 6.1.f GDPR).
- Tax and accounting obligations on purchases: legal obligation (art. 6.1.c GDPR).
4. Recipients and processors
We use providers acting as data processors: Stripe (payments), Resend (transactional email) and Render (application hosting). Some of these providers are located in the United States; international transfers rely on EU Standard Contractual Clauses and/or the EU-US Data Privacy Framework, as set out in each provider's documentation. We do not sell data to third parties.
5. Retention periods
Purchase and billing data: for the legally required tax periods. Unlock codes: while valid and for the period needed for support. Technical logs: for a limited security period. Scanned URLs and results: not retained beyond report generation.
6. Your rights
You may exercise your rights of access, rectification, erasure, objection, restriction and portability by writing to hello@paiq.io. If you believe processing breaches the law, you may complain to the Spanish supervisory authority, the Agencia Española de Protección de Datos (aepd.es).
7. Security
We apply proportionate technical and organisational measures: encrypted communication (HTTPS), signature verification on payment webhooks and data minimisation by design.
8. Changes
This policy may be updated. The current version is always the one published on this page.