Privacy Policy
Last updated: May 15, 2026
1. Data controller
The data controller for personal data collected through the Website facturovia.com is a self-employed professional registered in Spain, whose complete identification, in compliance with Article 10 of Law 34/2002 (LSSI-CE) and Article 13 of Regulation (EU) 2016/679 (GDPR), is available in the Legal Notice accessible from the Website, acting as the provider of the electronic invoicing service accessible under the commercial name Facturovia. The contact channel established for any communication, query or exercise of data protection rights is the email address info@facturovia.com.
2. Data we collect
We collect the following data: (a) Registration data: full name or company name, Spanish tax ID (NIF/CIF/NIE), fiscal address, email address and password. (b) Invoicing and tax data: your clients' details, invoice line items, amounts, bank details and any other data required to issue invoices compliant with Spanish regulations. (c) Usage data: access logs, platform activity and account configuration.
3. Purpose of processing
We process your data to: (a) Provide the electronic invoicing and client management service. (b) Comply with legal and tax obligations applicable to invoicing activity in Spain (Invoicing Regulation, General Tax Law, VAT regulations). (c) Manage the contractual relationship, including subscription billing. (d) Improve and optimise the platform. We do not share or sell your data to third parties for commercial purposes.
4. Legal basis for processing
Processing of your data is based on: (a) Performance of a contract (Art. 6.1.b GDPR): to provide the service you have subscribed to. (b) Compliance with legal obligations (Art. 6.1.c GDPR): in particular, legal obligations applicable to the data controller regarding invoicing and document retention (General Tax Law 58/2003, Invoicing Regulation RD 1619/2012, VAT regulations). (c) Legitimate interests (Art. 6.1.f GDPR): for platform security and improvement.
5. Data retention
We retain your data for the duration of your account and, after cancellation, for the legally required retention period. For tax purposes, invoices and related data are retained for a minimum of 5 years in accordance with the Spanish General Tax Act (Law 58/2003). Access and security logs are retained for 12 months.
6. Your rights
Under the GDPR and Spanish LOPDGDD, you have the right to: (a) Access your personal data. (b) Rectify inaccurate or incomplete data. (c) Request erasure of your data when no longer necessary. (d) Object to processing in certain circumstances. (e) Request restriction of processing. (f) Receive your data in a structured format (data portability). To exercise these rights, write to us at info@facturovia.com. If you believe the processing does not comply with applicable law, you may lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.
7. Data processors and international transfers
For the provision of the service, the data controller may engage certain service providers acting as data processors in accordance with Article 28 of the GDPR, who are duly bound by contractual obligations of confidentiality, security, and limitation of processing to the expressly authorised purposes. The data processors currently engaged are: Railway Corp. (United States), as hosting infrastructure and database provider, with data stored in data centres located in the European region (europe-west4, the Netherlands); Twilio SendGrid, Inc. (United States), for the sending of transactional email communications such as account verification, password reset, security alerts, and invoice-related notifications; Stripe, Inc. (United States and Ireland), as the payment gateway for subscription management, which only receives the data strictly necessary to process payments; IPinfo.io, Inc. (United States), for approximate geolocation services from the IP address, with the purpose of generating security alerts in the case of sign-in from unusual locations. Some of the listed providers are entities established in the United States. In such cases, international data transfers are carried out under the EU-US Data Privacy Framework, approved by Adequacy Decision (EU) 2023/1795 of the European Commission, and, additionally or alternatively, by means of Standard Contractual Clauses approved by the European Commission, in accordance with Articles 45 and 46 of the GDPR. The controller undertakes to apply any additional safeguards necessary to ensure a level of protection essentially equivalent to that required within the European Economic Area.
8. Cookies
We use only strictly necessary technical cookies for the functioning of the service (session management, language and currency preferences). We do not use tracking, analytics or advertising cookies. You can configure your browser to block cookies, although this may affect the service's functionality.
9. Changes to this policy
We may update this Privacy Policy to reflect regulatory or service changes. We will notify you of any material changes by email at least 30 days in advance. The updated version will always be available at facturovia.com/privacy.