Privacy Policy

1. Introduction

This Privacy Policy describes how OLR SOFTWARE SL ("we", "our", or "us") collects, uses, and protects your personal information when you use the NoteBalanceClaro budgeting application and website (collectively, the "Service").

We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR) 2016/679 and applicable Spanish data protection laws.

Data Controller:
OLR SOFTWARE SL
NIF: B60658994
Barcelona, Spain
Email: [email protected]

IMPORTANT: Client-Side Privacy Architecture

NoteBalanceClaro's budgeting tool operates 100% client-side. This means:

• We DO NOT collect your budget data: All transactions, expenses, and financial entries you create in the app are stored ONLY in your browser's local storage
• We DO NOT transmit your financial data: Your budget information never leaves your device. It is not sent to our servers, cloud storage, or any third party
• We DO NOT have access to your transactions: Because data stays on your device, we cannot view, analyze, or use your financial information in any way
• You have complete control: You can export your data as CSV anytime, and you can clear it from your browser at will

What this means for you: The budgeting tool is essentially a privacy-first calculator that runs in your browser. Your financial privacy is absolute when using the budgeting features.

2. Information We Collect

2.1 Information You Provide (Website Only, NOT the Budgeting App)

• Email Address: When you sign up for updates or early access through our website forms
• Contact Information: Name, email, and message content when you use our contact form
• Marketing Consent: Your opt-in preferences for receiving promotional emails

CRITICAL: We DO NOT collect any budget entries, transactions, expense categories, or financial data from the budgeting tool. That data stays on your device only.

2.2 Automatically Collected Information (Website Analytics Only)

• Usage Data: Pages visited, features used, time spent on website (NOT individual transaction details)
• Device Information: Browser type, operating system, IP address (anonymized)
• Cookies: Preference settings, analytics data (see Section 5)

2.3 Information We ABSOLUTELY Do NOT Collect

• Budget transactions or expense entries from the NoteBalanceClaro app tool
• Financial account numbers or balances
• Bank account credentials or login information
• Credit card numbers (payment processing is handled by third-party processors)
• Social security numbers or government ID numbers
• Your actual spending habits or transaction history

3. How We Use Your Information

We use your personal data (email addresses and contact information only) for the following purposes:

• Website Communication: To send service updates, respond to inquiries, provide support
• Marketing: To send promotional emails about NoteBalanceClaro features or upgrades (with your consent; you can opt-out anytime)
• Website Analytics: To understand how users navigate our website and improve the experience (we see page visits, not your budget data)
• Legal Compliance: To comply with legal obligations, resolve disputes, enforce our agreements

What we DO NOT do: We do not use, analyze, sell, or share your budget transactions because we never receive them in the first place. They stay on your device.

4. Legal Basis for Processing (GDPR)

We process your personal data based on:

• Contract: Processing necessary to provide the Service you signed up for
• Consent: You have given explicit consent (e.g., for marketing emails, analytics cookies)
• Legitimate Interest: For fraud prevention, security, and improving our Service
• Legal Obligation: To comply with applicable laws and regulations

5. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Required for authentication and basic functionality (cannot be disabled)
• Analytics Cookies: To measure site performance and usage patterns (you can opt-out)
• Advertising Cookies: For retargeting and measuring ad campaign effectiveness (with your consent)

You can manage your cookie preferences through our cookie banner or browser settings. Disabling certain cookies may limit functionality.

6. Data Sharing and Disclosure

We do NOT sell your personal data. We may share your information with:

• Service Providers: Hosting services (AWS, Google Cloud), email providers, payment processors acting on our behalf
• Analytics Partners: Google Analytics, Taboola (for advertising performance measurement)
• Legal Requirements: When required by law, court order, or to protect our legal rights
• Business Transfers: In the event of a merger, acquisition, or sale of assets (users will be notified)

All third parties are contractually obligated to protect your data and comply with GDPR.

7. Data Retention

We retain your personal data only as long as necessary:

• Active Accounts: While your account is active and for 30 days after account deletion
• Inactive Accounts: Accounts inactive for 3+ years may be anonymized or deleted
• Legal Requirements: Some data may be retained longer to comply with legal obligations (e.g., financial records for tax purposes)

8. Your Rights Under GDPR

As a user in the European Union, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent at any time (does not affect past processing)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Data Security

We implement industry-standard security measures to protect your data:

• SSL/TLS encryption for data in transit
• AES-256 encryption for data at rest
• Regular security audits and vulnerability assessments
• Access controls and authentication requirements for our team
• Secure cloud infrastructure (EU-based servers when possible)

However, no method of transmission over the Internet is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). In such cases, we ensure adequate protection through:

• EU Standard Contractual Clauses (SCCs)
• Data Processing Agreements with third-party providers
• Adherence to EU-US Data Privacy Framework (where applicable)

11. Children's Privacy

NoteBalanceClaro is not intended for users under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete it. Parents or guardians who believe their child has provided us with information should contact us immediately.

12. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to registered users
• Displaying a prominent notice in the application

Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

OLR SOFTWARE SL
Email: [email protected]
Address: Barcelona, Spain
NIF: B60658994

You also have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos - AEPD) at www.aepd.es.