Planova Studio Privacy Policy

1. General Information

Planova Studio ("we", "our application", "the service") is committed to protecting your privacy. This Privacy Policy clearly and transparently explains how we collect, use, store, protect, and share your personal information when you use our Planova Studio mobile application.

2. Information We Collect

2.1. Information you provide directly to us:

Account data (optional - only if you register):

• Email address: Used solely for authentication and service-related communication
• Password: Stored securely using hash (never in plain text). We use Supabase Auth for secure credential management
• Username: Optional, can be configured in the application

Content data (stored locally and optionally in the cloud):

• Social media posts: Text content, captions, descriptions, and post drafts
• Media files: Images, videos, and other media attached to posts (stored locally)
• Content calendar: Scheduled posts, dates, and platform assignments
• Categories and tags: Organization labels for your content
• Content templates: Saved post templates and presets

Settings and preferences:

• Platform preferences (Instagram, Twitter, LinkedIn, etc.)
• Display settings and configurations
• Content organization preferences

2.2. Information collected automatically:

Technical data:

• Device information (model, operating system, version)
• Unique device identifiers (for synchronization)
• Application usage data (features used, frequency of use)

Locally stored data:

• All content data is first stored on your device using local storage
• Settings and preferences are saved locally

2.3. Payment information (only if you make a purchase):

• Payment data: Processed exclusively through Stripe
• Purchase information: Purchase date, payment status, transaction identifiers
• We do not store: Credit card numbers, complete banking data, or other sensitive payment information (everything is processed through Stripe)

3. How We Use Your Information

We use the collected information solely for the following purposes:

3.1. Provide and improve our services:

• Allow you to create and organize social media content
• Synchronize your content between devices (if registered)
• Improve application functionality and user experience

3.2. Payment processing:

• Process premium subscriptions through Stripe
• Verify your subscription status
• Manage active and canceled subscriptions

3.3. Synchronization and backup (registered users with premium subscription only):

• Create automatic weekly backups of your content
• Allow content restoration in case of device loss
• Synchronize content between multiple devices

3.4. Personalization:

• Remember your content preferences and settings
• Customize the interface according to your settings

3.5. Communication:

• Send service-related notifications (if enabled)
• Respond to your inquiries and support requests

3.6. Legal compliance:

• Comply with legal and regulatory obligations
• Respond to valid legal requests

4. Where and How We Store Your Data

4.1. Local storage (always active):

Location: Your mobile device (iPhone/iPad or Android)

Technology: SQLite database and local file storage

Stored data:

• All your social media posts and content
• All your media files (images, videos)
• All your content calendars and schedules
• All your categories, tags, and templates
• Settings and preferences
• Username (if not registered)

Features:

• Data remains on your device
• Not sent to any external server
• Accessible only from your device
• Deleted if you uninstall the application

4.2. Cloud storage (optional - only if you register):

Provider: Supabase (https://supabase.com)

Data stored in Supabase:

`users` table (authentication):

• Unique user ID (UUID)
• Email (hashed and protected)
• Username (optional)
• Premium subscription status
• Subscription start and renewal dates (if Premium is active)
• Stripe customer ID (if applicable)

Supabase Storage - `user-backups` bucket (premium users only):

• Encrypted backups of all your content data
• Format: Files encrypted with AES-256
• Frequency: Automatic weekly backups
• Retention: Last 6 backups are kept, older ones are automatically deleted
• Note: Media files are stored locally only and are not included in cloud backups

Supabase storage features:

• Servers located in the European Union (GDPR compliance)
• Encryption in transit (HTTPS/TLS)
• Encryption at rest
• Row Level Security (RLS) policies - each user can only access their own data
• Private buckets (not public)

4.3. Secure credential storage:

Technology: Expo Secure Store (iOS Keychain / Android Keystore)

Stored data:

• Authentication tokens (sessions)
• Sensitive settings
• Backup information (only in memory during the process)

Features:

• Uses the operating system's secure storage
• On iOS: Keychain
• On Android: Keystore
• Not accessible by other applications

5. How We Protect Your Data

5.1. Technical security measures:

Data encryption:

• Cloud backups: Encrypted with AES-256 (Advanced Encryption Standard 256-bit)
• Key derivation: PBKDF2 with 10,000 iterations for enhanced security
• Compression: Backups are compressed with gzip before encryption to optimize storage
• Unique salt: Each backup uses a randomly generated unique salt

Secure authentication:

• Passwords are never stored in plain text
• We use Supabase Auth which implements bcrypt for password hashing
• Secure session tokens with automatic expiration
• Authentication via secure OAuth

Data protection in transit:

• All communications use HTTPS/TLS 1.2 or higher
• Valid SSL certificates on all endpoints
• No unencrypted data transmission

Data protection at rest:

• Local database protected by operating system permissions
• Data in Supabase encrypted at rest
• Restrictive access policies (RLS)

5.2. Organizational security measures:

Access control:

• Only the authenticated user can access their own data
• Row Level Security (RLS) policies in Supabase that guarantee data isolation
• No administrative access to user data without explicit authorization

Monitoring and auditing:

• Logging of access and critical operations
• Suspicious activity detection
• Periodic security policy review

Backup management:

• Automatic backups only for premium users
• Limited retention (last 6 backups)
• Automatic deletion of old backups
• Backups encrypted with user password

6. Third-Party Services

We use the following third-party services to provide specific functionalities:

6.1. Supabase (Storage and Authentication)

Purpose:

• User authentication
• Account information storage
• Encrypted backup storage (premium users only)

Shared data:

• Email (for authentication)
• Account information (name, trial/purchase dates)
• Encrypted backups (premium users only)

Supabase privacy policy: https://supabase.com/privacy

Server location: European Union (GDPR compliance)

Security: SOC 2 Type II certifications, GDPR compliance, End-to-end encryption

6.2. Stripe (Payment Processing)

Purpose:

• Premium subscription payment processing
• Customer and payment transaction management

Shared data:

• Email (to create customer account in Stripe)
• Payment information (processed directly by Stripe, we do not store card data)
• Transaction identifiers

Stripe privacy policy: https://stripe.com/privacy

Security: PCI DSS Level 1 certification (highest level of payment security), End-to-end encryption

Important: We do not store credit card numbers or banking data

6.3. Expo (Development Framework)

Purpose:

• Framework used to develop the application
• Build and distribution services

Shared data:

• Device technical information (for building)
• No user data is shared with Expo

Expo privacy policy: https://expo.dev/privacy

7. Sharing and Disclosure of Information

7.1. We do not sell your data:

We commit to:

• NOT sell your personal data to third parties
• NOT rent your personal data
• NOT share your data for advertising purposes
• NOT use your data for third-party marketing

7.2. We share data only when necessary:

With service providers:

• Supabase (storage and authentication) - as described in section 6.1
• Stripe (payment processing) - as described in section 6.2

Legal requirements:

• If required by law or in response to a valid legal request
• To protect our legal rights
• To prevent fraud or illegal activities

With your explicit consent:

• We only share data when you explicitly authorize it

8. Your Rights (GDPR and Data Protection Laws)

As a Planova Studio user, you have the following rights:

8.1. Right of access:

• You can request a copy of all personal data we have about you
• You can view your data directly in the application
• You can export your data through the backup function

8.2. Right to rectification:

• You can correct any inaccurate data directly in the application
• You can update your profile information at any time
• You can contact us to request corrections

8.3. Right to erasure ("Right to be forgotten"):

• You can request deletion of your account and all your data
• You can delete individual posts directly in the application
• When you delete your account, we delete all your data from our servers

8.4. Right to object:

• You can object to the processing of your data for certain purposes
• You can disable features that require data processing

8.5. Right to data portability:

• You can export all your content in JSON format
• You can download your encrypted backups
• You can transfer your data to another service if you wish

8.6. Right to withdraw consent:

• You can withdraw your consent at any time
• You can delete your account at any time
• You can disable cloud synchronization

8.7. Right to lodge a complaint:

• You can lodge a complaint with the data protection authority in your country
• In Spain: Spanish Data Protection Agency (AEPD)

9. Data Retention

9.1. Retention period:

We retain your personal data for as long as necessary to:

Active account data:

• While your account is active
• While you use our services
• Until you request deletion

Content data:

• Stored locally on your device indefinitely (until you delete it or uninstall the app)
• In the cloud: Only if you have a premium subscription and have enabled backups
• Cloud backups: Last 6 backups are kept, older ones are automatically deleted

Payment data:

• Payment transaction information: According to legal and tax requirements (generally 7 years)
• Data processed by Stripe: According to Stripe's retention policy

9.2. Data deletion:

When you delete your account:

• We delete all your data from our servers (Supabase)
• We delete all your cloud backups
• We delete your authentication information
• Local data on your device is deleted when you uninstall the application

Automatic deletion:

• Old backups are automatically deleted (only the last 6 are kept)
• Inactive account data may be deleted after a prolonged period of inactivity (with prior notification)

10. International Data Transfers

10.1. Server location:

Supabase:

• Servers located in the European Union
• GDPR compliance
• No transfers outside the EU for European user data

Stripe:

• Servers located in multiple regions
• Compliance with international data protection standards
• See Stripe's privacy policy for more details

10.2. Protection guarantees:

• We use standard contractual clauses when necessary
• We comply with GDPR for European users
• We implement adequate security measures

11. Minors

11.1. Age restriction:

Our application is NOT directed at minors under 18 years of age.

• We do not intentionally collect personal information from minors under 18
• If we discover that we have collected information from a minor without parental consent, we will delete that information immediately
• If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately

11.2. Responsibility:

• Parents or guardians are responsible for supervising minors' use of the application
• We recommend that minors use the application under adult supervision

12. Cookies and Similar Technologies

12.1. Cookie usage:

Planova Studio is a native mobile application and does NOT use cookies in the traditional sense of web pages.

12.2. Similar technologies:

Local storage:

• We use SQLite to store data locally
• We use Expo Secure Store for credentials
• This data remains on your device and is not shared

Session tokens:

• We use secure authentication tokens to maintain your session
• These tokens are stored securely on your device
• They are automatically invalidated when you log out

13. Changes to this Privacy Policy

13.1. Updates:

We may update this Privacy Policy occasionally to reflect:

• Changes in our data practices
• Changes in applicable legislation
• Improvements to our services
• User feedback

13.2. Notification of changes:

Significant changes:

• We will notify you through the application
• We will update the "Last updated" date in this policy
• We will provide you with a summary of the main changes

Minor changes:

• Minor updates will be reflected automatically
• The update date will be modified

13.3. Service continuity:

• Your continued use of the application after changes constitutes your acceptance of the updated policy
• If you do not agree with the changes, you can delete your account and stop using the application

14. Contact and Complaints

14.1. General contact:

For any questions, inquiries, or requests related to this Privacy Policy or the processing of your personal data:

14.2. Exercising your rights:

To exercise any of your rights (access, rectification, erasure, portability, etc.):

1. Send an email to: alberto@desarroyo.tech
2. Include your specific request
3. Provide sufficient information to verify your identity
4. You will receive a response within a maximum of 30 days

14.3. Data protection authority:

If you believe that the processing of your personal data violates data protection regulations, you have the right to lodge a complaint with the data protection authority in your country:

Spain:

• Spanish Data Protection Agency (AEPD)
• Website: https://www.aepd.es
• Email: internacional@aepd.es

European Union:

You can find the authority in your country at: https://edpb.europa.eu/about-edpb/board/members_en

15. Jurisdiction and Applicable Law

15.1. Applicable law:

This Privacy Policy is governed by:

• Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights (Spain)
• General Data Protection Regulation (GDPR) of the European Union (Regulation EU 2016/679)

15.2. Jurisdiction:

For any dispute related to this policy or data processing:

• Jurisdiction: Courts of Spain
• Applicable law: Spanish and European legislation

16. Additional Security Information

16.1. Encryption technical details:

Encryption algorithm: AES-256 (Advanced Encryption Standard)

• Key size: 256 bits
• Mode: CBC (Cipher Block Chaining)
• Padding: PKCS7

Key derivation: PBKDF2

• Iterations: 10,000
• Hash function: SHA-256
• Unique salt per backup

Compression:

gzip before encryption

16.2. Additional security measures:

• Two-factor authentication available (via Supabase Auth)
• Session tokens with automatic expiration
• Secure password policies (minimum 6 characters, we recommend more)
• Protection against brute force attacks
• Suspicious access monitoring

17. Frequently Asked Questions

Is my data secure?

Yes. We use AES-256 encryption for backups, secure storage for credentials, and all communications are via HTTPS.

Can I use the app without registering?

Yes. You can use Planova Studio completely without registering. Your content will be stored only locally on your device.

What happens if I delete my account?

All your data will be deleted from our servers. Local data on your device will remain until you uninstall the application.

Can I export my content?

Yes. You can export all your content from the application, or download your encrypted backups if you have a premium subscription.

Do you share my data with third parties?

Only with service providers necessary for the app to function (storage and payments), as described in this policy. We never sell or rent your data.

18. Version and Date

Policy version: 1.0

Last updated: November 20, 2025

Next scheduled review: November 20, 2026