Privacy Policy
1. Data Controller
Identity: Viral (a product of ApisDom)
Address: Alicante, Spain
Email: soporte-viral@apisdom.com
Website: viral.apisdom.com
2. Data We Collect
2.1 Registration Data (optional)
If you choose to register via Google OAuth:
- Email address
- Username
- Profile picture (if available)
- Registration date
2.2 Service Usage Data
- Prediction data you enter (dates, metrics, numerical values)
- Platform analyzed (YouTube, Instagram, TikTok, Twitch, etc.)
- Prediction history (registered users only)
- Number of credits available in your account
- Number of free trials used
2.3 Technical Data
- Device Fingerprint (FingerprintJS):
- Unique identifier generated from your device and browser characteristics (screen resolution, installed fonts, timezone, language, hardware). Used exclusively to manage the free trial system and prevent service abuse.
- Hashed IP Address:
- We never store your IP address in plain text. We use a SHA-256 cryptographic hash with salt exclusively to detect abuse patterns.
- Browser and Operating System Information:
- Only for technical compatibility purposes.
2.4 Payment Data
All payments are processed by Stripe (PCI-DSS Level 1 certified provider). Viral does not store or have access to:
- Credit or debit card numbers
- CVV/CVC codes
- Complete banking data
We only store:
- Stripe Customer ID (anonymous identifier)
- Transaction history (date, pack purchased, amount)
- Current credit balance
2.5 Cookies and Similar Technologies
- Necessary Cookies:
- Authentication session (Firebase Auth), cookie preference
- Analytical Cookies (optional):
- Google Analytics (require your prior consent)
- FingerprintJS:
- Not a cookie. The identifier is generated in real-time based on hardware characteristics and does not track your browsing on other sites.
For more information, see our Cookie Policy.
3. Processing Purposes
We use your data for:
- Service Provision:
- Generate growth predictions using ApisDom's Chronos-2 API
- Account Management:
- Store prediction history (registered users), manage credits and preferences
- Payment Processing:
- Manage credit pack purchases through Stripe
- Fraud Prevention:
- Control the free trial system via FingerprintJS
- Service Improvement:
- Aggregated and anonymous statistical analysis (only with your consent)
- Communications:
- Send you notifications about your account or transactions (never commercial spam without your authorization)
We do not sell, rent, or share your personal data with third parties for commercial purposes.
4. Legal Basis for Processing (GDPR)
| Data | Legal Basis | Justification |
|---|---|---|
| Email, name, photo | Consent (Art. 6.1.a GDPR) | Voluntary registration via Google OAuth |
| Prediction data | Contract Performance (Art. 6.1.b GDPR) | Necessary to provide the requested service |
| Fingerprint and hashed IP | Legitimate Interest (Art. 6.1.f GDPR) | Fraud and service abuse prevention |
| Payment data | Contract Performance (Art. 6.1.b GDPR) | Necessary to process credit purchases |
| Analytical cookies | Consent (Art. 6.1.a GDPR) | Express acceptance in the cookie banner |
5. Your Rights (GDPR and LOPDGDD)
In accordance with the General Data Protection Regulation (EU) 2016/679 and Organic Law 3/2018 on Personal Data Protection and guarantee of digital rights, you have the right to:
5.1 Right of Access
You can view all your data from your user profile at /profile.
5.2 Right of Rectification
You can modify your name and preferences from your account settings.
5.3 Right of Erasure ("right to be forgotten")
You can request complete deletion of your account and all associated data from /legal/delete or by sending an email to soporte-viral@apisdom.com.
5.4 Right of Portability
You can export all your data in JSON format from your user profile ("Export data" button).
5.5 Right of Opposition
You can object to the processing of your data for marketing purposes at any time.
5.6 Right of Limitation
You can request temporary suspension of your data processing by sending an email to soporte-viral@apisdom.com.
5.7 Right not to be subject to automated decisions
The generated predictions are statistical estimates based on historical data you provide. We do not make automated decisions that legally affect you.
Response Time: We will respond to your request within a maximum of 30 days from receipt.
Supervisory Authority: If you believe your rights have not been properly addressed, you can file a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es
6. Data Recipients
We share data only with the following providers, all with adequate safeguards:
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Firebase (Google) | Authentication and database | EU (europe-west1) | Standard Contractual Clauses, ISO 27001 Certification |
| Stripe | Payment processing | EU/USA | PCI-DSS Level 1, Standard Contractual Clauses |
| Google Analytics | Usage analysis (optional) | USA | Prior consent, Privacy Shield replacement |
| ApisDom | Prediction generation | EU | Data processor under contract |
7. International Transfers
When your data is transferred outside the European Economic Area (EEA), we ensure adequate safeguards exist:
- Standard Contractual Clauses approved by the European Commission
- European Commission adequacy decisions
- Approved certifications and codes of conduct
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | While your account remains active |
| Prediction history | While your account remains active |
| Transaction data | 5 years (Spanish tax obligation) |
| Device fingerprint | 90 days from last activity |
| Hashed IP | 90 days |
| Security logs | 12 months |
After your account deletion, your data will be removed within a maximum of 30 days, except for data we must retain due to legal obligation.
9. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in transit via TLS 1.3
- Encryption at rest in Firebase
- Firestore Security Rules that prevent access to other users' data
- Rate limiting to prevent denial of service attacks
- Validation and sanitization of all input data
- JWT verification on all authenticated routes
- Security headers (CSP, HSTS, X-Frame-Options)
- Periodic security audits
10. Minors
Viral is not intended for users under 14 years of age. We do not knowingly collect personal data from minors under that age. If you are a parent or guardian and believe your child has provided us with personal data, please contact us to arrange deletion.
11. Changes to This Policy
We reserve the right to update this Privacy Policy to reflect changes in our practices or applicable regulations.
- Substantial changes will be notified 30 days in advance
- We will publish the updated version on this page
- We will send an email to registered users informing them of the changes
12. Contact
For any questions regarding the protection of your personal data:
Email: soporte-viral@apisdom.com
Address: Alicante, Spain
