Skip to main content

Privacy Policy

Last updated: February 2026

1. Data Controller

The data controller for your personal data is Victor Berthelius, with NIF 54052380B, acting as a self-employed professional under the trade name Frihet, with fiscal address at C/ Cervera n9, Radazul 38109, S/C de Tenerife.

You can contact us regarding data protection via email at support@frihet.io.

2. Data We Collect

We collect the following types of data:

  • Account data: name, email address, password (encrypted), company name, and tax information you provide upon registration.
  • Usage data: information about how you use the Service, including pages visited, features used, frequency of use, and configuration preferences.
  • Payment data: your credit or debit card data is processed directly by Stripe; Frihet does not store full card numbers on its servers.
  • Technical data: IP address, browser type, operating system, device identifiers, and connection data.

We process your personal data based on the following legal grounds:

  • Contractual performance (Art. 6.1.b GDPR): processing is necessary to provide the Service you have contracted.
  • Consent (Art. 6.1.a GDPR): for sending commercial communications and newsletters, which you can withdraw at any time.
  • Legitimate interest (Art. 6.1.f GDPR): for Service improvement, fraud prevention, and platform security.
  • Legal obligation (Art. 6.1.c GDPR): for compliance with applicable tax and legal obligations.

4. Purposes of Processing

We use your data for the following purposes:

  • Provision and management of the contracted Service
  • Payment processing and invoicing
  • Communication with you about your account, Service updates, and technical support
  • Sending commercial communications (with prior consent)
  • Improvement and personalization of user experience
  • Statistical and aggregated analysis of Service use
  • Compliance with legal and tax obligations
  • Fraud and abuse detection and prevention

5. Recipients of the Data

We share your data only with the following service providers, necessary for the provision of the Service:

ServicePurposeLocationGuarantee
StripePayment processingUSADPF
Firebase / Google CloudInfrastructure and authenticationUSADPF
ResendTransactional emailsUSADPA
Google Analytics 4Web analytics (only with consent)USADPF
Vercel Inc.Web hosting and cookie-less analyticsUSADPA
PostHogProduct analytics (only with consent)USADPA
UmamiWeb analytics (self-hosted in EU, cookie-less)EU
CloudflareCDN and securityGlobalDPA

All providers have been selected to ensure they offer adequate security measures and comply with applicable data protection regulations.

We do not sell or share your data with advertising agencies, data brokers, or commercial third parties.

6. International Transfers

Some of our service providers are located outside the European Economic Area, specifically in the United States. These transfers are carried out under the protection of:

  • The EU-US Data Privacy Framework for adhering providers
  • Standard contractual clauses approved by the European Commission
  • Adequacy decisions by the European Commission, where they exist

You can request additional information about the applicable safeguards for these transfers by writing to support@frihet.io.

7. Retention Period

DataRetentionReason
Account data and contentAccount validity + 30 daysAllow export
Billing data4 yearsGeneral Tax Law
Usage and analytics dataNo limit (anonymized and aggregated)Service improvement
Commercial communicationsUntil consent is withdrawnGDPR Art. 6.1.a

When you cancel your account:

  • Your data is retained for 30 days to allow export
  • Tax data is retained for the legally required period
  • Physical deletion after the retention period

8. Your Rights (ARCO-POL)

In accordance with the GDPR and the LOPDGDD, you have the following rights:

  • Access: know what personal data we process about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure (right to be forgotten): request the deletion of your data when it is no longer necessary.
  • Objection: object to the processing of your data in certain circumstances.
  • Data portability: receive your data in a structured, commonly used format (CSV, JSON).
  • Restriction of processing: request the restriction of processing in certain cases.

You can exercise these rights by sending an email to support@frihet.io, accompanied by a copy of your identity document. We respond within a maximum of 30 days.

You also have the right to file a complaint with the Spanish Data Protection Agency (AEPD).

9. Cookies and Analytics

At frihet.io we use the following analytics tools:

  • Umami (self-hosted in the EU, cookie-less, no identifiable personal data, GDPR compliant without requiring consent)
  • Google Analytics 4 (uses tracking cookies, activated only after explicit user consent via our cookie banner)
  • PostHog (product analytics, activated only after consent)
  • Vercel Analytics and SpeedInsights (cookie-less, anonymous performance metrics)

When you visit our website for the first time, a cookie consent banner is displayed. Tools that use cookies (GA4, PostHog) are only activated if the user explicitly accepts. You can withdraw your consent at any time from the cookie settings.

In our web application (app.frihet.io), we use local storage (localStorage) to save your language and session preferences, which is strictly necessary for the operation of the Service.

10. Security

We implement the following security measures:

  • Encryption in transit (TLS/SSL)
  • Encryption at rest (AES-256)
  • Role-based limited access
  • Change auditing (immutable log)
  • Daily encrypted backups
  • 24/7 security monitoring
  • Validation with Cloudflare Turnstile on login

No system is perfect. If you detect a vulnerability, report it to support@frihet.io.

11. Contact of the Data Controller

For any matter related to the processing of your personal data or the exercise of your rights:

Victor Berthelius C/ Cervera n9, Radazul 38109, S/C de Tenerife support@frihet.io

We commit to addressing your requests with the utmost diligence and transparency.

Version: 2.0 Effective date: February 2026