Privacy Policy

Last updated: March 26, 2026

1. Introduction

This Privacy Policy explains how Koply collects, uses, and protects information about you when you use our website (koply.eu) and our site search service. We are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR) and applicable Spanish and EU data protection law.

2. Data Controller

For the purposes of GDPR, the data controller is:

Company: Koply (by Guillermo Eduardo Gallego Pagella)

Address: Helsingborg, Sweden

Email: privacy@koply.eu

3. Data We Collect

3.1 Account data

When you create an account, we collect your name, email address, and password (stored as a secure hash). We use this data to provide and manage your Koply subscription.

3.2 Billing data

Payment processing is handled by Stripe. We do not store credit card numbers on our servers. We receive and store a Stripe customer ID and subscription status to manage your plan.

3.3 Usage and analytics data

We collect aggregated search query data from the stores that use our widget (query text, result count, response time). This data is used to provide analytics to our customers and improve our service. Individual end-user queries are not linked to personal identities.

3.4 Technical data

We collect standard server logs including IP addresses, browser type, and request timestamps for security monitoring and error diagnosis. Logs are retained for a maximum of 30 days.

4. Legal Basis for Processing

  • Contract performance — processing necessary to provide the Koply service you subscribed to.
  • Legitimate interests — security monitoring, fraud prevention, and service improvement.
  • Legal obligation — retention of billing records as required by Spanish tax law.
  • Consent — for optional communications such as product updates and newsletters, where applicable.

5. Data Storage and Security

All data is stored on servers located in Sweden (European Union). We use industry-standard encryption (TLS in transit, AES-256 at rest) and access controls to protect your data. Your data never leaves the European Union.

6. Data Sharing

We do not sell your personal data. We share data only with the following processors, all operating under GDPR-compliant agreements:

  • Stripe — payment processing (US, Privacy Shield / SCCs)
  • Amazon Web Services — infrastructure hosting (EU-West region only)
  • Anthropic — AI processing for synonym suggestions and enrichment (data is anonymised before transmission)

7. Data Retention

  • Account data: retained while your account is active and for 3 years after closure for legal purposes.
  • Billing records: 7 years as required by Spanish tax law.
  • Server logs: 30 days.
  • Search query analytics: retained in aggregated form indefinitely; raw query logs deleted after 90 days.

8. Your Rights

Under GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion of your data ("right to be forgotten").
  • Restriction — restrict how we process your data in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.

To exercise any of these rights, contact us at privacy@koply.eu. We will respond within 30 days. You also have the right to lodge a complaint with the Spanish data protection authority (AEPD) at aepd.es.

9. Cookies

We use a minimal set of cookies necessary for the service to function. For full details, see our Cookie Policy.

10. Changes to This Policy

We may update this policy from time to time. We will notify registered users by email for material changes. The current version is always available at koply.eu/privacy.

11. Contact

For any privacy-related questions, contact us at privacy@koply.eu.