Privacy Policy

Last updated: 23 April 2026

This document is an English translation of our official Spanish Privacy Policy. In case of discrepancy, the Spanish version shall prevail as the legally binding one, since the service is operated from Spain under Spanish and EU law.

1. Data controller

Daniel Perera Maneiro (hereinafter, "Journamee"), Spanish Tax ID (NIF) 43685861Y, with registered address at calle Marcelina Jacas 25, 2º 1ª, escalera A, Vilanova i la Geltrú (08800), Barcelona, Spain. Contact: privacy@journamee.com.

Once Journamee SLU is duly incorporated and registered, this document will be updated to include its corporate name, tax ID and registry data.

2. Guiding principles

Data minimisation: only the data strictly necessary for each specific purpose is processed.
Privacy by design: the application works by default without requesting identifying data. Processing operations involving personal identifiers are limited in time and purpose.
No first-party cross-site tracking: Journamee does not perform its own advertising tracking across sites. Technical identifiers are processed for service operation, security, fraud prevention and consent-based third-party advertising.

3. Data about the transient user (app user)

The application assigns locally on the device a pseudonymised technical identifier (UUID). Pursuant to Article 4(1) GDPR and recital 30 (as confirmed by the CJEU ruling in the Breyer case), this identifier qualifies as an online identifier and therefore as personal data, even though it is not linked to a name, email or other direct identifier.

Lawful bases for processing linked to the UUID:

Performance of the service requested by the user (Art. 6(1)(b) GDPR): showing nearby content, managing the application, coordinating interaction with publishers.
Legitimate interest of Journamee (Art. 6(1)(f) GDPR): security, fraud prevention, technical diagnostics.

No name, surname, telephone number or first-party advertising identifier is collected.

4. Geolocation

The application uses the device's location mainly in real time to display nearby zones and fragments. Except for minimal and temporary technical events strictly necessary for security, diagnostics or fraud prevention, no location history is retained.

The user can disable geolocation at any time from the device settings. Without geolocation, the main functions of the application are not available.

5. Transient user's email

When the transient user expresses interest in a work (by an affirmative "I'm interested" action) they voluntarily provide their email address. Journamee acts as the sole Data Controller (lawful basis: consent, Art. 6(1)(a) GDPR) and applies the following flow:

Before capture, the user is informed of the purpose (conveying the interest to the publisher and delivering the publisher's reply), the retention period (up to 30 days) and their rights.
The email is stored encrypted on Journamee's servers.
The email is never disclosed to the publisher. Communication between user and publisher is carried out entirely through the platform, which acts as an intermediary (relay): the publisher only receives the notification of interest and an opaque technical identifier they can reply through; Journamee then delivers that reply to the user's original email.
Thirty days after capture, or once the communication is concluded (whichever is earlier), the email is deleted from the systems.

6. Publisher data

The professional publisher who registers on the platform provides:

Professional contact email.
Identification: name or corporate name, tax ID and fiscal address.
Billing data (IBAN where applicable; card data is processed directly by Stripe and never reaches Journamee's systems).

Lawful bases: performance of the contract (Art. 6(1)(b) GDPR) and compliance with legal obligations (Art. 6(1)(c) GDPR) in commercial, tax and accounting matters.

7. Device integrity

The application uses Google Play Integrity (Android) and Apple App Attest (iOS) to verify that it is running in a non-tampered environment. These services process technical device signals under Google's and Apple's respective policies. Journamee does not use these signals to identify the user by name and only receives an integrity verdict.

8. Advertising

The application displays interstitial advertisements provided by Google AdMob during idle moments of the user. Advertisements are managed by Google under its own privacy and advertising policies. When advertising requires consent for the use of identifiers or preferences, Journamee will request it in advance through the standard consent management mechanism; if the user rejects it, they may continue to see, where applicable, contextual or non-personalised advertising.

9. Retention periods

Transient user's email: up to 30 days from capture, or earlier if the communication with the publisher ends.
Publisher data necessary to provide the service: during the term of the contract.
Billing data and commercial documentation: 6 years, pursuant to Article 30 of the Spanish Commercial Code and Article 66 of the Spanish General Tax Act.
Technical impression and anti-fraud records: 12 months.
Security and audit logs: only as long as strictly necessary for the purpose pursued.

Once the retention periods have elapsed, data is deleted, blocked where legally required, or irreversibly anonymised when Journamee decides to keep only statistical, non-reidentifiable information.

10. Data processors and service providers

Journamee relies on technical providers acting as Data Processors under signed Data Processing Agreements (DPA):

Hetzner Online GmbH (Germany): server infrastructure and storage.
Stripe Payments Europe Ltd. (Ireland): processing of payments to publishers.
Resend: sending of transactional emails.
Google Ireland Ltd. (AdMob, Play Integrity): in-app advertising and integrity verification on Android.
Apple Distribution International (App Attest): integrity verification on iOS.

11. International data transfers

Journamee's main infrastructure is located within the European Economic Area (Hetzner, Germany). Certain providers (Google, Apple, Resend) may process data in third countries. These transfers rely on the Standard Contractual Clauses adopted by the European Commission or on equivalent mechanisms, as provided for in Articles 44 et seq. GDPR.

12. Cookies and similar technologies

The website only uses strictly necessary technical cookies (for example, language preference). No tracking or advertising cookies are used on the website.

The website loads typographic fonts served by Google Fonts. Such loading entails a connection to Google's service; the associated information is processed under Google's privacy policy.

13. Data subject rights

Any person whose personal data Journamee processes has the right to:

Access their data.
Request rectification or erasure.
Request restriction of or objection to processing.
Request portability where technically feasible.
Withdraw consent at any time, where the processing is based on consent, without affecting the lawfulness of prior processing.

To exercise these rights, the data subject may send an email to privacy@journamee.com, providing reasonable identification. Journamee will respond within one month, extendable by two additional months in complex cases, notifying the applicant.

14. Complaint to the supervisory authority

The data subject who considers that the processing of their data does not comply with the law may file a complaint with the Spanish Data Protection Agency (aepd.es), without prejudice to any other administrative or judicial remedies.

15. Security breaches

In the event of a breach of the security of personal data that poses a risk to the rights and freedoms of data subjects, Journamee will notify the Spanish Data Protection Agency within 72 hours of becoming aware of it, as provided for in Article 33 GDPR, and will communicate the incident to the data subjects where required under Article 34.

16. Minors

Use of the application is intended for persons aged 14 or over (Article 7 LOPDGDD). Journamee does not knowingly collect data from children under 14. If it reasonably detects that a child under 14 has provided personal data without the verifiable consent of the holder of parental authority or guardianship, Journamee will block the affected functionality and securely delete the data without undue delay.

17. Security

Journamee applies appropriate technical and organisational measures to protect personal data, including: encryption in transit (HTTPS/TLS), at-rest encryption of the transient user's email, robust authentication of publishers, backups with point-in-time recovery (PITR), network segmentation and server access controls.

18. Modifications

Journamee may update this policy to adapt it to regulatory, technical or service changes. Substantial changes will be announced on the website and, additionally:

Registered publishers will be notified on a durable medium with at least 30 calendar days' notice, in accordance with Regulation (EU) 2019/1150 (P2B).
Transient users will be shown a notice within the application the next time they open it, with reasonable notice before the changes take effect.

19. Contact

For any question concerning this privacy policy or the processing of personal data: privacy@journamee.com.