PRIVACY & COOKIES POLICY
Last updated: August 20, 2025
1. Data controller
TOGETHER SOLUTIONS, S.L.
- Tax ID (CIF): B-72792633
- Registered address: Calle Los Juncos 11, 28223 Pozuelo de Alarcon (Madrid, Spain)
- Contact email: help@together.day
- Data Protection Officer: Not applicable (micro-company; Art. 37 GDPR).
- Internal contacts: Walter Kobylanski (CEO) and Isabel Casero (COO).
2. Data processed, purposes, and legal bases
| Data category | Source | Purpose | Legal basis | Retention |
|---|---|---|---|---|
| Traffic data and logs (IP, device identifier, date, time, URL, HTTP headers) | Automatic server logging | Service security and maintenance | Legitimate interest (Art. 6.1.f GDPR) | 12 months |
| Contact data (email and content provided by the user) | Messages sent to help@together.day | Responding to inquiries and requests | Consent / Pre-contractual measures (Art. 6.1.a/b GDPR) | Up to 3 years from the last interaction |
| Browsing data collected via third-party analytics cookies | User device | Produce anonymous statistics about site usage | Consent (Art. 6.1.a GDPR) | See cookies table below |
| Google Calendar data (events, titles, descriptions, schedules, reminders) | Google account connected by the user | Sync and display events inside the Together app | Explicit consent granted via OAuth (Art. 6.1.a GDPR) | Until the user revokes access or deletes their Together account |
3. Recipients and processors
Data may be handled by the following providers under agreements compliant with Article 28 GDPR:
| Provider / service | Country | Safeguard | Purpose |
|---|---|---|---|
| AWS (hosting) | USA | Standard Contractual Clauses (SCC) | Hosting and mail gateway |
| Mailchimp | USA | SCC + supplementary measures | Email marketing (occasional) |
| Google Workspace | EU (Ireland) | Intra-group SCC | Email and productivity |
| Holded | Spain | EU processor agreement | Internal management |
| Twilio, MessageBird, Ngrok, Expo, Heroku | Various (some USA) | SCC | Communications and deployment services |
Regarding Google Calendar data:
- We do not share, sell, or disclose this information to third parties for advertising or commercial purposes.
- Access is strictly limited to the synchronization purpose within the app.
- The only recipients are our technology providers acting as processors (e.g., AWS and Google Cloud) under data protection agreements and Standard Contractual Clauses when required.
4. Data subject rights
You may exercise your rights of access, rectification, erasure, objection, restriction, and portability by emailing help@together.day with the subject line “Data protection” and providing proof of identity.
If you believe your request has not been handled correctly, you can lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).
5. Security measures
TOGETHER applies access controls, in-transit encryption (HTTPS/TLS 1.2+), backups, and periodic reviews, proportionate to risk and in line with Article 32 GDPR.
6. Cookies policy
| Type | Name | Provider | Purpose | Duration | Legal basis |
|---|---|---|---|---|---|
| Technical | _cf_bm, ... | First-party / hosting | Ensure operation and security | Session | Exempt |
| Analytics | _ga, _gid, _fbp, etc. | Google Analytics / Meta Pixel | Anonymous usage and performance metrics | 1 day - 2 years | Prior consent |
Consent management:
- On the first visit, users see a configurable banner where they can accept, reject, or customise analytics cookies.
- We store the record of those choices for 24 months and will ask again if the policy changes or that period expires.
How to disable cookies in your browser: every browser offers tools to block or delete cookies (Chrome, Firefox, Edge, Safari).
7. Changes
We reserve the right to amend this Policy to reflect legal updates or changes in processing. If a change affects your consent, we will request it again.
This Legal Notice and Privacy Policy comply with LSSI-CE 34/2002, Regulation (EU) 2016/679 (GDPR), LOPDGDD 3/2018, and Regulation (EU) 2022/2065 (DSA), in force as of August 20, 2025.