Privacy Policy

1. Data Controller

The party responsible for processing your data is:

SOS Mallorca
Martín Acuña
Mallorca, Spain
Email: hello@sosmallorca.com

2. What data we process

We only process data necessary to deliver our service:

• Account information: name, email address, phone number (used to sign in via SMS OTP).
• Location data: your precise address or geo-coordinates — used solely to calculate the travel fee and to route the nearest available professional.
• Chat content: messages you send via the in-app chat, including text, photos of the problem, and voice notes.
• Device identifiers: push notification tokens (Apple APNs / Firebase Cloud Messaging) so we can deliver notifications.
• Payment data: we do not store credit card details. Payments are processed directly by our payment provider Stripe.

3. Purpose of processing

• Delivering the service (matching with professionals, coordination, payment processing).
• Communication between you and our admin team or the professional.
• Sending push notifications about status changes of your request.
• Compliance with legal retention obligations (e.g. tax law).

4. Who has access

We share data only with the following processors, each of whom is contractually bound to protect your data:

• Stripe (payments) — processes card data directly, EU servers.
• Anthropic Claude (in-chat AI assistance) — chat content is sent for real-time triage; not persisted on Anthropic's side.
• Twilio (SMS OTP for sign-in).
• Cloudflare R2 (storage of uploaded photos), EU-hosted.
• Apple and Google (push notification transport) — only the notification payload is transmitted.
• Hetzner (server hosting), Germany/EU.

We do not sell your data and do not share it for advertising purposes.

5. Retention period

Your data is retained while your account is active. Upon account deletion, your data is irreversibly removed within 30 days — with the exception of invoicing data, which we are required to keep for 10 years under Spanish tax law (Art. 6 (1) (c) GDPR).

6. Your rights (GDPR)

You have the right to:

• Access the personal data we hold about you (Art. 15);
• Have inaccurate data corrected (Art. 16);
• Have your data erased (Art. 17);
• Restrict processing (Art. 18);
• Receive your data in a structured, commonly used format and have it transmitted to another controller (Art. 20);
• Object to processing (Art. 21);
• Lodge a complaint with the supervisory authority (in Spain: AEPD).

To exercise these rights, write to hello@sosmallorca.com. We respond within 30 days.

7. Security

We apply technical and organisational measures to protect your data against loss, manipulation and unauthorised access: TLS encryption in transit (HTTPS everywhere), encrypted storage of sensitive fields, two-factor authentication for administrators.

8. Push notifications

You can disable push notifications at any time in your device's system settings. We use push only for transactional purposes (e.g. new message from a professional, booking confirmation) — never for advertising.

9. Changes to this policy

We reserve the right to update this policy when our processing or legal requirements change. We will notify you of material changes by email or within the app.

10. Contact

For questions about privacy contact us at hello@sosmallorca.com.