This Privacy Policy explains how MiEspacio ("we", "our", "us") collects, processes, stores and protects your personal information when you use our website miespacio.app, the biz.miespacio.app subdomain and related services ("Platform"). It complies with Regulation (EU) 2016/679 (GDPR), Spanish Organic Law 3/2018 (LOPDGDD) and Regulation (EU) 2022/2065 (Digital Services Act — DSA).Business model — please read first: MiEspacio is a marketplace: an online platform allowing consumers to conclude distance contracts with traders (DSA Arts. 30-32). Booking payments are settled directly between the consumer and the business's own payment processor (Redsys, Stripe, etc.); MiEspacio is not a party to the consumer's payment flow and does not see full card data. MiEspacio's only revenue source is the B2B SaaS subscription paid by businesses and billed by Lemon Squeezy as Merchant of Record (see Section 5).Data controller identification (GDPR Art. 13(1)(a) + LSSI-CE Art. 10):Type: Sole proprietor (autónomo) registered in Spain.Name: Bohdan HordiychukNIF: Y9939706VRegistered address: Alicante, SpainPrivacy contact: privacy@miespacio.appLegal contact: legal@miespacio.appData Protection Officer (DPO): none appointed; the conditions of Art. 37 GDPR / Art. 34 LOPDGDD are not met.

We collect different categories of data depending on the role you have on the Platform:Consumer account data: name, email, phone, encrypted password, profile picture, language, city.Booking metadata: chosen business, service, time slot, messages with the business, appointment history. We do not handle the full card details used for the booking — those are taken by the business's own payment processor.Reviews, ratings, photos and forum posts (user-generated content).Business (B2B trader) account data: contact person, tax ID, address, team, service catalogue, CRM configuration. Trader KYC verification (DSA Art. 30) includes legal name, address, tax identifier and, where applicable, copy of the legal representative's identification.B2B subscription billing data: handled by Lemon Squeezy (Merchant of Record). MiEspacio receives only metadata: transaction id, plan, amount, status. Lemon Squeezy processes the full payment data as an independent controller under its Privacy Policy.Technical and usage data: IP address (truncated), browser type, OS, language, pages visited, error metrics (Sentry).Cookies and similar technologies: see the Cookie Policy.Source: data is provided directly by you when registering, booking or posting content; trader data is provided by the business itself; we receive limited metadata from Lemon Squeezy after each subscription charge.

We process your personal data for the following purposes, grouped by your role on the Platform:For consumers: account creation and management; business search; sending the booking request to the business; reminders and notifications; receiving and publishing your review; customer support about Platform usage (not about the service rendered by the business, which is the business's responsibility).For businesses (B2B): trader identity verification (DSA Art. 30); SaaS subscription onboarding and management; billing via Lemon Squeezy; CRM, calendar, reviews and analytics tools; operational and (with consent) commercial product communications.Common: Platform security and fraud prevention; aggregate analytics for service improvement; compliance with legal obligations (tax, accounting, requests from authorities, DSA); defence against claims; handling of GDPR rights requests.

Each processing activity relies on a specific legal basis under Art. 6 GDPR:Performance of a contract (Art. 6(1)(b)): consumer or business account creation and management; sending the booking request to the business; B2B SaaS subscription management.Legitimate interest (Art. 6(1)(f)): Platform security and fraud prevention; service improvement via aggregate analytics; defence against claims; documented balancing test available on request.Consent (Art. 6(1)(a)): commercial communications, analytics and marketing cookies, advanced personalization. Revocable at any time without affecting prior lawfulness.Legal obligation (Art. 6(1)(c)): retention of Lemon Squeezy invoices and accounting records (Spanish General Tax Law 58/2003 and Commercial Code); responses to authorities; DSA compliance (Arts. 16, 17, 20, 24, 30, 31, 32) — trader KYC verification, register of illegal-content notices, retention of moderation reasons.Where consent is the basis, you may withdraw it at any time from your account or by writing to privacy@miespacio.app.

We do not sell your personal information. Data is shared with different recipients depending on their role:Businesses (independent controllers): upon booking confirmation, the business receives your name, contact and appointment details necessary to deliver the service. From that point on, the business acts as an independent controller with respect to the data you provide directly to it, the payments you make to its processor and any subsequent interactions. Each business publishes its own privacy policy on its profile.Lemon Squeezy — Merchant of Record for B2B subscriptions only: Lemon Squeezy (Lemon Squeezy, LLC, 251 Little Falls Drive, Wilmington, Delaware 19808, USA). Processes the billing of business subscription plans as an independent controller of payment-method data. Does not intervene in consumer booking payments. Policy: https://www.lemonsqueezy.com/privacy.Business payment processors (Redsys, Stripe, etc.): handle your card data directly when you pay a booking to a business. MiEspacio is not a party to this flow and only receives the operation status if the business so configures it.MiEspacio's data processors: hosting provider (EU), transactional email provider, monitoring tools (Sentry — truncated data), maps provider (Google Maps), all bound by Art. 28 GDPR contracts.Competent authorities: when there is a legal obligation or duly motivated request.

The controller is established in Spain, within the European Economic Area. Processing by the controller does not therefore constitute an international transfer. However, the following transfers to third-party providers may occur:US sub-processor — Lemon Squeezy (B2B billing only): transfers of business billing data to Lemon Squeezy (USA) rely on Standard Contractual Clauses (SCCs) Module C2C approved by Implementing Decision (EU) 2021/914 and on Lemon Squeezy's certification under the EU-US Data Privacy Framework, where applicable. This transfer does not affect consumers who only book: their data is not sent to Lemon Squeezy.Technical sub-processors: hosting and infrastructure are located preferentially in the EU or in countries covered by an adequacy decision. Any sub-processor outside the EU is bound by its own SCCs plus supplementary technical and organisational measures (encryption at rest and in transit, pseudonymization where feasible) following EDPB Recommendations 01/2020.Business payment processors: flows to Redsys, Stripe or any other processor are the responsibility of the business and its respective processor, outside the scope of this Policy.

MiEspacio's business model involves two independent payment flows, each with its own controller:(a) Booking payments (consumer → business)When a consumer books a service from a business listed on the Platform, payment is settled directly via the payment gateway contracted by that business (Redsys, Stripe or another). MiEspacio is not a party to the collection, does not see card data and is not part of the payment contract. The business and its gateway are the independent controllers of those data.(b) B2B SaaS subscriptions (business → MiEspacio)The fee businesses pay MiEspacio for access to the Platform is processed through Lemon Squeezy (Lemon Squeezy, LLC, 251 Little Falls Drive, Wilmington, Delaware 19808, USA), which acts as a Merchant of Record for this revenue stream only. In particular:The contractual payment relationship for the subscription is established directly between the business and Lemon Squeezy at checkout, under the terms available at https://www.lemonsqueezy.com/terms.Lemon Squeezy collects and processes the subscription payment data (tokenized PAN, billing details, address, IP, anti-fraud) as an independent controller. MiEspacio does not store full card data.Lemon Squeezy acts as VAT / sales-tax collector in the applicable jurisdictions and issues the invoice to the B2B customer.Lemon Squeezy privacy policy: https://www.lemonsqueezy.com/privacy (covers legal bases, retention, rights and international-transfer mechanisms, including the EU-US Data Privacy Framework).Subscription refunds and chargebacks are handled by Lemon Squeezy under its policy, while preserving any mandatory consumer-law minima (LGDCU for Spanish residents) where applicable.For any request relating to payment data processed by Lemon Squeezy or by a business's gateway, we recommend you contact the relevant entity first; MiEspacio will assist as far as it can.

We retain personal data only for as long as strictly necessary for each purpose. Periods per category:Account data: while the account is active and up to 30 calendar days after deletion request, save subsequent blocking for legal obligations (up to 5 years, Art. 1964 Spanish Civil Code).Booking metadata: 5 years from completion of the service to evidence the intermediation and handle claims.Trader KYC verification (DSA Art. 30): while the business is active and 6 months after the relationship ends.B2B subscription billing data: per the Spanish General Tax Law 58/2003 and the Commercial Code, for the legally required period (minimum 4 years, extendable depending on the tax). Invoices issued by Lemon Squeezy are additionally retained by Lemon Squeezy under US law.Usage and analytics: up to 26 months, aggregated or anonymized.User-generated content (reviews, comments): until removed by the user or account closure; moderation decisions are kept for 6 additional months under Art. 17 of Regulation (EU) 2022/2065.Cookies: per the duration stated in the Cookie Policy (max. 24 months).Once retention periods expire, data is irreversibly deleted, blocked or anonymized.

Under Articles 15-22 GDPR and Articles 13-18 LOPDGDD, you have the following rights:Access (Art. 15 GDPR): obtain confirmation and a copy of the data we process about you.Rectification (Art. 16): correct inaccurate or incomplete data.Erasure / right to be forgotten (Art. 17): deletion when no longer necessary or when you withdraw consent.Restriction of processing (Art. 18).Data portability (Art. 20): receive your data in a structured, commonly used format.Objection (Art. 21): to processing based on legitimate interest or to direct marketing.Not to be subject to automated decisions (Art. 22): right to human intervention.Withdraw consent at any time, without retroactive effect.To exercise these rights, write to privacy@miespacio.app stating which right you exercise and attaching a copy of an identification document. We will respond within one month, extendable by two further months in complex cases (Art. 12.3 GDPR).Right to lodge a complaint with the supervisory authority: if you consider your rights have not been properly addressed, you may file a complaint with the Spanish Data Protection Agency (AEPD), C/ Jorge Juan 6, 28001 Madrid — sedeagpd.gob.es. We recommend contacting us first to try to resolve the issue.

We use cookies and similar technologies to ensure the Platform functions and, with your consent, for analytics and marketing. MiEspacio's own cookies are documented in the Cookie Policy.Cookies outside our scope:Lemon Squeezy's billing portal (app.lemonsqueezy.com, hosted checkout) sets its own cookies during a business's subscription flow. Their use is governed by Lemon Squeezy's policy.When a business directs the consumer to its own payment processor's checkout (Redsys, Stripe, etc.) to settle a booking, that processor sets its own cookies on the relevant domain — outside the scope of MiEspacio's cookie banner.

Article 7 LOPDGDD sets the minimum age for valid consent at 14 years (lower than the 16 of Art. 8 GDPR). MiEspacio does not accept self-registration of minors under 14; the consent of the holder of parental authority or guardianship and reasonable verification thereof is required.If you become aware of unauthorised registration, write to privacy@miespacio.app. We will delete the data without undue delay.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies or legal requirements. We will notify you of significant changes via the email registered in your account, through a prominent notice on the Platform and by updating the "Last updated" date and version. Continued use of the Platform after publication constitutes acceptance.

For questions about this Privacy Policy or the processing of your personal data, contact us:Controller: Bohdan Hordiychuk, Alicante, Spain — privacy@miespacio.appGeneral inquiries: info@miespacio.appSupervisory authority: Spanish Data Protection Agency (AEPD) — www.aepd.es