Privacy Policy

PRIVACY POLICY

Miiguel Mobile Application

Version 2.0 - February 2026

LEGAL INFORMATION

Company name: CLOVIS DE CASTILLE SL

NIF: B21935663

Legal form: Sociedad Limitada (SL) Registered office: Calle Roterdam, Num 6, 03520 Polop (Alicante), Spain Publication director: CLOVIS DE CASTILLE SL Host: PlanetHoster Website: miiguel.com Contact email: support@miiguel.com Intra-community NIF: ESB21935663

DEFINITIONS

"Application": refers to the Miiguel mobile application, accessible on iOS and Android platforms, as well as the miiguel.com website.

"We", "Our", "Miiguel": refers to the company CLOVIS DE CASTILLE SL, operating the Miiguel application, responsible for the processing of personal data.

"You", "Your", "User": refers to any person using the Application.

"Personal data": refers to any information relating to an identified or identifiable natural person.

"Processing": refers to any operation performed on personal data (collection, recording, organization, storage, etc.).

"Data controller": refers to CLOVIS DE CASTILLE SL, which determines the purposes and means of personal data processing.

"Processor": refers to any entity that processes personal data on behalf of CLOVIS DE CASTILLE SL.

1. INTRODUCTION

This Privacy Policy describes how Miiguel collects, uses, stores and protects your personal data when you use our mobile Application and our website.

We are committed to respecting your privacy and protecting your personal data in accordance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679) and the Spanish Organic Law 3/2018 on the Protection of Personal Data and guarantee of digital rights (LOPDGDD).

By using our Application, you accept the practices described in this policy. If you do not accept this policy, please do not use our Application.

2. PERSONAL DATA COLLECTED

2.1. Data collected during registration and authentication

When creating your account, we collect the following data:

  • First and last name
  • Email address
  • Password (stored securely and encrypted)
  • Phone number
  • Account type (Client or Service Provider)
  • Preferred language (French, English or Spanish)
  • Profile picture (optional)

2.2. Location data

To enable you to benefit from our geolocation-based connection services, we collect:

  • Full address (street, number, postal code, city, country)
  • GPS coordinates (latitude and longitude)
  • Real-time geolocation data (only when the Application is active and with your explicit consent)

This data is necessary to:

  • Find service providers near your location
  • Allow service providers to come to your home
  • Display services available in your geographic area

2.3. Payment data

For payment processing, we use Stripe, a PCI-DSS certified payment service provider. We do not directly store your bank card information.

Stripe collects and processes the following data:

  • Bank card information (number, expiration date, security code)
  • Cardholder name
  • Billing address
  • Stripe customer identifier

This data is processed directly by Stripe according to their own privacy policy. We only receive:

  • Transaction identifier
  • Payment status
  • Transaction amount
  • Transaction date and time

For Service Providers, Stripe also collects:

  • Bank details (IBAN/BIC) for payment transfers
  • Identity data for account verification (Stripe Connect)
  • Date of birth
  • Identity document

2.4. Data relating to requested services

When you create a service request, we collect:

  • Type of service requested (cleaning, handyman services, gardening, ironing, pool maintenance, window cleaning)
  • Desired date and time of service
  • Service-specific details (e.g., number of rooms to clean, area to treat, etc.)
  • Photos related to the service request (optional)
  • Service frequency (occasional or regular)
  • Repetition information (for regular services: interval and number of repetitions)

2.5. Communication data

When you use the messaging feature integrated into the Application, we collect:

  • Messages exchanged between clients and service providers
  • Message timestamps
  • Message read status

2.6. Professional profile data (for Service Providers)

If you are a Service Provider, we also collect:

  • Professional information (years of experience, biography, skills)
  • Services offered and rates
  • Availability and calendar (weekly time slots and custom availability)
  • Work radius (geographic service area)
  • Reviews and ratings received
  • Banking information to receive payments (via Stripe Connect)
  • Identity documents and supporting documents (for account verification)
  • SIRET number (where applicable)
  • Portfolio photos (examples of completed work)

2.7. Technical and usage data

We automatically collect certain technical data when you use the Application:

  • Unique device identifier
  • Device type and platform (iOS, Android)
  • Operating system version
  • Application version
  • Performance and error data

2.8. Push notification data

To send you push notifications, we collect:

  • Push notification token (unique identifier of your device for notifications)
  • Platform (iOS, Android)
  • Token status (active/inactive)
  • Last used date

2.9. Review and rating data

When you leave a review after a service, we collect:

  • Your name (as the review author)
  • Rating given (1 to 5 stars)
  • Text comment

3. PURPOSES OF DATA PROCESSING

We use your personal data for the following purposes:

3.1. Execution of the service contract

  • Creation and management of your user account
  • Connection between clients and service providers
  • Processing and tracking of service requests
  • Management of reservations and appointments
  • Payment and refund processing
  • Communication between users via integrated messaging
  • Sending notifications related to your services (confirmations, reminders, updates)
  • Management of the refund policy in case of cancellation

3.2. Improvement of our services

  • Development of new features
  • Improvement of user experience
  • Resolution of technical problems

3.3. Communication and customer support

  • Response to your requests and questions
  • Sending important information about your account or our services
  • Technical support
  • Complaint management

3.4. Legal compliance and security

  • Compliance with legal and regulatory obligations
  • Fraud and abuse prevention
  • Application and data security
  • Dispute resolution

4. LEGAL BASIS FOR PROCESSING

In accordance with the GDPR, we process your personal data on the following legal bases:

  • **Contract execution**: For the provision of our connection services (Article 6.1.b of the GDPR)
  • **Consent**: For push notifications and real-time geolocation (Article 6.1.a of the GDPR)
  • **Legal obligation**: For compliance with our accounting, tax and security obligations (Article 6.1.c of the GDPR)
  • **Legitimate interest**: For the improvement of our services, fraud prevention, and security (Article 6.1.f of the GDPR)

5. SHARING DATA WITH THIRD PARTIES

We never sell your personal data. We share your data only in the following cases:

5.1. Service providers (Processors)

We use the services of third-party providers for the operation of the Application:

  • **Stripe**: Payment processing and professional account management (Stripe Connect)
  • Data shared: Payment information, customer identifier, service provider bank details
  • Privacy policy: https://stripe.com/privacy
  • **Google Maps / Google Places**: Mapping and geolocation services
  • Data shared: Addresses, GPS coordinates, address search queries
  • Privacy policy: https://policies.google.com/privacy
  • **OpenStreetMap**: Geocoding service (fallback service)
  • Data shared: Addresses for conversion to GPS coordinates
  • Privacy policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy
  • **Expo (Expo Push Notifications)**: Push notification service
  • Data shared: Notification tokens, device identifier
  • Privacy policy: https://expo.dev/privacy
  • **PlanetHoster**: Server hosting (data center in France)
  • Data shared: All data stored on our servers
  • Privacy policy: https://www.planethoster.com/en/Privacy

These providers are subject to strict contractual obligations regarding the protection of your data.

5.2. Application users

Some of your data is visible to other users:

  • **For Clients**: Your name, profile picture, address (only for service providers with whom you have an active reservation), and ratings are visible to service providers.
  • **For Service Providers**: Your name, profile picture, professional information, rates, general location (service area), portfolio photos, and ratings are visible to clients.

5.3. Legal obligations

We may be required to disclose your personal data if required by law or in response to a valid legal request (court order, warrant, etc.).

5.4. Data transfers outside the EU

Your personal data is primarily hosted in France (PlanetHoster) and processed within the European Union. Some of our technical providers (notably Stripe and Expo) may process data outside the European Union (United States). In such cases, we ensure that appropriate safeguards are in place (standard contractual clauses, European Commission adequacy decisions, certification mechanisms, etc.) to protect your data in accordance with the GDPR.

6. DATA RETENTION

We retain your personal data only for the duration necessary for the purposes for which it was collected:

  • **Account data**: For the duration of your account, then 3 years after its deletion (legal obligations)
  • **Transaction data**: 10 years (accounting and tax obligations)
  • **Location data**: Maximum 2 years, unless you delete it earlier
  • **Communication data (messages)**: For the duration of your account, then 1 year after its deletion
  • **Notification data**: For the duration of your account
  • **Technical logs**: Maximum 12 months

At the end of these periods, your data is securely deleted or irreversibly anonymized.

7. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data against:

  • Unauthorized access
  • Loss
  • Destruction
  • Modification
  • Disclosure

These measures include:

  • Encryption of sensitive data (passwords, tokens)
  • Use of secure connections (HTTPS/TLS)
  • Secure data storage (Expo Secure Store for sensitive data on the device)
  • JWT (JSON Web Tokens) authentication with automatic renewal
  • Role-based access control
  • Regular backups

8. YOUR RIGHTS

In accordance with the GDPR and the LOPDGDD, you have the following rights regarding your personal data:

8.1. Right of access

You have the right to obtain a copy of your personal data that we hold.

8.2. Right to rectification

You can request the correction of your inaccurate or incomplete personal data.

8.3. Right to erasure ("right to be forgotten")

You can request the deletion of your personal data in the following cases:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw your consent and there is no other legal basis
  • You object to the processing and there is no overriding legitimate ground
  • The data has been unlawfully processed

8.4. Right to restriction of processing

You can request the restriction of processing of your data in certain cases.

8.5. Right to data portability

You can receive your personal data in a structured and commonly used format, and transmit it to another data controller.

8.6. Right to object

You can object to the processing of your data for legitimate reasons, particularly for direct marketing.

8.7. Right to withdraw your consent

When processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal.

8.8. Right to lodge a complaint

You have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) if you believe that the processing of your personal data constitutes a violation of the GDPR.

AEPD

C/ Jorge Juan, 6 28001 Madrid (Spain) Phone: +34 901 100 099 Website: https://www.aepd.es

To exercise your rights, you can contact us at the following address: Email: support@miiguel.com Postal address: CLOVIS DE CASTILLE SL, Calle Roterdam, Num 6, 03520 Polop (Alicante), Spain

We will respond to your request within one month. This period may be extended by two months depending on the complexity and number of requests.

9. MANAGING YOUR DATA IN THE APPLICATION

You can manage some of your data directly in the Application:

  • **Edit your profile**: Name, first name, profile picture, phone number, preferred language
  • **Manage your addresses**: Add, edit or delete your registered addresses
  • **View your transactions**: History of payments and services
  • **Delete your account**: Via the Application settings (verification by OTP code)

10. DATA OF MINORS

Our Application is intended for adults (18 years and older). We do not knowingly collect personal data from minors. If we learn that a minor has provided us with personal data, we will delete this information as soon as possible.

11. CHANGES TO THIS POLICY

We may modify this Privacy Policy at any time to reflect changes in our practices or for other operational, legal or regulatory reasons.

In case of substantial modification, we will inform you by:

  • A notification in the Application
  • An email to the address associated with your account
  • An update of the version date at the top of this document

We encourage you to regularly review this policy to stay informed about how we protect your data.

The updated version of this policy takes effect upon publication.

12. LOCAL DATA STORAGE

The Application uses local storage on your device for:

  • **AsyncStorage**: Temporary storage of non-sensitive data (preferences, form data in progress)
  • **Expo Secure Store**: Secure storage of authentication tokens and sensitive data

This data is stored only on your device and is not synchronized with our servers (except for authentication tokens necessary for the API).

13. CONTACT

For any questions regarding this Privacy Policy or to exercise your rights, you can contact us:

**CLOVIS DE CASTILLE SL**

Email: support@miiguel.com Postal address: Calle Roterdam, Num 6, 03520 Polop (Alicante), Spain Website: miiguel.com

Data Protection Officer (DPO): Email: support@miiguel.com

We are committed to responding to your requests as soon as possible.

14. JURISDICTION AND APPLICABLE LAW

This Privacy Policy is governed by Spanish law and the General Data Protection Regulation (GDPR). Any dispute relating to the interpretation or execution of this policy falls under the exclusive jurisdiction of the courts of Alicante (Spain).

---

**Last update date: February 2026**

**Version: 2.0**

By using the Miiguel Application, you acknowledge that you have read, understood and accepted this Privacy Policy.

Privacy Policy | Miiguel