Skip to contentPRIVACY POLICY
Last updated: november 14, 2025
Pro Commons Developers S.L. (hereinafter “we”, “us”, “our”, or “the Company”), with CIF ESB55412076 and registered office at Gran Via de les Corts Catalanes, 490, 08015 Barcelona, Spain, is committed to protecting and respecting your privacy in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Spanish Organic Law 3/2018 on Personal Data Protection and Digital Rights Guarantee (LOPDGDD).
This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our services, including our website https://procom.dev and our applications and services.
TABLE OF CONTENTS
- Data Controller
- Data Protection Contact
- What Personal Data We Collect
- Purposes and Legal Bases for Processing
- Data Recipients and Sharing
- Data Retention Periods
- International Data Transfers
- Security Measures
- Your Rights
- Cookies
- Minors
- Updates to This Policy
- Contact Information
1. DATA CONTROLLER
Pro Commons Developers S.L.
CIF: ESB55412076
Address: Gran Via de les Corts Catalanes, 490
08015 Barcelona, Spain
Email: [email protected]
Website: https://procom.dev
2. DATA PROTECTION CONTACT
For all matters related to the processing of your personal data and the exercise of your rights under this policy, you may contact our data protection representative at:
Email: [email protected]
Postal Address: Pro Commons Developers S.L., Data Protection, Gran Via de les Corts Catalanes, 490, 08015 Barcelona, Spain
3. WHAT PERSONAL DATA WE COLLECT
We collect and process different types of personal data depending on how you interact with our services:
3.1 Data You Provide Directly
- Account Information: Name, email address, username, password
- Contact Information: Email address, phone number, postal address
- Billing Information: Name, billing address, payment card details (processed securely through Stripe or PayPal)
- Professional Information: Company name, job title, professional email
- Communication Data: Messages, inquiries, support requests
- Social Login Data: If you use social login features (Facebook, Google, etc.), we receive basic profile information authorized by you
3.2 Data Collected Automatically
- Technical Data: IP address, browser type and version, operating system, device information
- Usage Data: Pages visited, features used, interaction with our services, access times and dates
- Cookie Data: As detailed in our Cookie Policy
3.3 Data from Our Applications
When you use our applications (Moderator, WhaChat, WhaSharer, WhaSolutions products, chatbots, and custom developments), depending on the specific application and your configuration, we may process:
- Application usage data
- Device identifiers
- Performance and diagnostic data
- Location data (only with your explicit consent and when necessary for the service)
- Push notification tokens (if you enable notifications)
Important: The specific data collected varies by application. Each application provides detailed information about its data processing at the point of collection or in its specific privacy settings.
4. PURPOSES AND LEGAL BASES FOR PROCESSING
We process your personal data for the following purposes and based on the following legal bases under GDPR Article 6:
| Purpose | Type of Data | Legal Basis |
|---|---|---|
| Provide and manage our services | Account data, technical data | Contract execution (Art. 6.1.b GDPR) |
| Process payments and billing | Billing data, transaction data | Contract execution (Art. 6.1.b GDPR) |
| Customer support | Contact data, communication data | Contract execution / Legitimate interest (Art. 6.1.b/f GDPR) |
| Legal compliance and accounting | Billing data, transaction records | Legal obligation (Art. 6.1.c GDPR) |
| Marketing communications | Contact data, preferences | Consent (Art. 6.1.a GDPR) or Legitimate interest for existing customers (Art. 6.1.f GDPR) |
| Service improvement and analytics | Usage data, technical data | Legitimate interest (Art. 6.1.f GDPR) |
| Security and fraud prevention | Technical data, usage patterns | Legitimate interest (Art. 6.1.f GDPR) |
4.1 Legitimate Interests
When we rely on legitimate interests, we have conducted a balancing test to ensure that our interests do not override your fundamental rights and freedoms. Our legitimate interests include:
- Improving and optimizing our services
- Ensuring network and information security
- Preventing fraud and abuse
- Direct marketing to existing customers (with opt-out option)
- Efficient business management and operations
5. DATA RECIPIENTS AND SHARING
We may share your personal data with the following categories of recipients:
5.1 Service Providers
We work with trusted third-party service providers who process data on our behalf:
- Google Cloud: Cloud hosting and infrastructure (EU data centers)
- Stripe and PayPal: Payment processing (PCI-DSS compliant)
- Google Analytics: Website analytics (anonymized data)
- Meta (Facebook/Instagram/WhatsApp): Social media integration and advertising
- Pusher: Real-time communication services
5.2 Legal Requirements
We may disclose your data when required by law, including:
- To comply with legal obligations
- To respond to lawful requests from public authorities
- To protect our rights, privacy, safety, or property
- In connection with legal proceedings
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protection standards.
5.4 With Your Consent
We may share your data with other parties when you have given us explicit consent to do so.
6. DATA RETENTION PERIODS
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
| Type of Data | Retention Period | Justification |
|---|---|---|
| Account data | Until account deletion by user + 30 days | Service provision and recovery period |
| Billing and transaction data | 6 years | Legal obligation (Spanish tax law) |
| Marketing communications | Until withdrawal of consent | Based on consent |
| Technical logs | 90 days | Security and troubleshooting |
| Cookie data | As specified in Cookie Policy | Various purposes |
| Support communications | 3 years after resolution | Service quality and legal defense |
After the retention period expires, we will securely delete or anonymize your personal data.
7. INTERNATIONAL DATA TRANSFERS
We store and process your data within the European Economic Area (EEA). We do not transfer personal data outside the EEA.
Some of our service providers (Google, Meta, Stripe, PayPal) are based in the United States but provide adequate safeguards through:
- EU-approved Standard Contractual Clauses (SCCs)
- Appropriate technical and organizational measures
- Compliance with GDPR requirements for data processors
You can request more information about these safeguards by contacting us.
8. SECURITY MEASURES
We implement appropriate technical and organizational measures to protect your personal data, including:
- Technical measures: Encryption of data in transit and at rest, secure servers, firewalls, access controls, regular security updates
- Organizational measures: Limited access on a need-to-know basis, confidentiality agreements, regular training, security policies and procedures
- Incident response: Procedures to detect, investigate, and respond to security incidents, including notification obligations under GDPR Article 33-34
While we strive to protect your personal data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but commit to notifying you and the relevant authorities of any breach as required by law.
9. YOUR RIGHTS
Under GDPR and LOPDGDD, you have the following rights regarding your personal data:
9.1 Your Rights Include:
- Right to Access (Article 15 GDPR): Obtain confirmation of whether we process your data and access to it
- Right to Rectification (Article 16 GDPR): Correct inaccurate or incomplete personal data
- Right to Erasure/”Right to be Forgotten” (Article 17 GDPR): Request deletion of your personal data in certain circumstances
- Right to Restriction (Article 18 GDPR): Request limitation of processing in certain circumstances
- Right to Data Portability (Article 20 GDPR): Receive your data in a structured, commonly used format
- Right to Object (Article 21 GDPR): Object to processing based on legitimate interests or for direct marketing
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
- Right Not to be Subject to Automated Decision-Making (Article 22 GDPR): Not to be subject to decisions based solely on automated processing
9.2 How to Exercise Your Rights
You can exercise your rights by:
- Email: [email protected]
- Postal mail: Pro Commons Developers S.L., Data Protection, Gran Via de les Corts Catalanes, 490, 08015 Barcelona, Spain
Please include:
- Proof of identity (copy of ID or passport)
- Specific right you wish to exercise
- Clear description of your request
We will respond within one month of receipt, extendable by two additional months for complex requests.
9.3 Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with:
Spanish Data Protection Agency (AEPD)
C/ Jorge Juan, 6
28001 Madrid, Spain
Website: www.aepd.es
Phone: 901 100 099 / 91 266 35 17
10. COOKIES
Our website uses cookies and similar technologies. We use:
- Necessary cookies: Essential for website functionality
- Functional cookies: Remember your preferences
- Analytics cookies: Understand how you use our services
- Marketing cookies: Deliver relevant advertisements
For detailed information about the cookies we use, how to manage them, and your choices, please see our Cookie Policy.
11. MINORS
Our services are not directed to persons under 16 years of age. We do not knowingly collect personal data from minors under 16. If you become aware that a minor has provided us with personal data, please contact us immediately.
In accordance with Article 8 of GDPR and Article 7 of LOPDGDD, if we need to process minors’ data, we will obtain consent from parents or legal guardians.
12. UPDATES TO THIS POLICY
We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. We will notify you of any material changes by:
- Posting the new policy on our website
- Updating the “Last updated” date
- Sending notification to registered users via email for significant changes
We encourage you to review this policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.
13. CONTACT INFORMATION
For questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:
Pro Commons Developers S.L.
Data Protection Department
Gran Via de les Corts Catalanes, 490
08015 Barcelona, Spain
Email: [email protected]
Website: https://procom.dev
This Privacy Policy is provided in English. In case of any discrepancy between language versions, the Spanish version shall prevail for Spanish users, in accordance with LOPDGDD requirements.