Privacy Policy
1. Data Controller
Identity: Viral (a product of ApisDom)
Address: Alicante, Spain
Email: soporte-viral@apisdom.com
Website: viral.apisdom.com
2. Data We Collect
2.1 Registration Data (optional)
If you choose to register via Google OAuth:
- Email address
- Username
- Profile picture (if available)
- Registration date
2.2 Service Usage Data
- Prediction data you enter (dates, metrics, numerical values)
- Platform analyzed (YouTube, Instagram, TikTok, Twitch, etc.)
- Prediction history (registered users only)
- Number of credits available in your account
- Number of free trials used
2.3 Technical Data
- Device Identifier:
- Unique identifier generated from your device and browser characteristics. Used exclusively to manage the free trial system and prevent service abuse. This data is kept for a maximum of 90 days.
- Anonymised IP Address:
- We never store your IP address in plain text. We use an irreversible cryptographic hash exclusively to detect abuse patterns. This data is kept for a maximum of 90 days.
- Browser and Operating System Information:
- Only for technical compatibility purposes.
2.4 Payment Data
All payments are processed by Stripe (PCI-DSS Level 1 certified provider). Viral does not store or have access to:
- Credit or debit card numbers
- CVV/CVC codes
- Complete banking data
We only store:
- Stripe Customer ID (anonymous identifier)
- Transaction history (date, pack purchased, amount)
- Current credit balance
2.5 Cookies and Similar Technologies
- Necessary Cookies:
- Authentication session, language preference and visual theme
- Device Identifier:
- Not a cookie. The identifier is generated in real-time based on device characteristics and does not track your browsing on other sites.
For more information, see our Cookie Policy.
3. Processing Purposes
We use your data for:
- Service Provision:
- Generate growth predictions using ApisDom's Chronos-2 API
- Account Management:
- Store prediction history (registered users), manage credits and preferences
- Payment Processing:
- Manage credit pack purchases through Stripe
- Fraud Prevention:
- Control the free trial system via device identifier
- Service Improvement:
- Aggregated and anonymous statistical analysis (only with your consent)
- Communications:
- Send you notifications about your account or transactions (never commercial spam without your authorization)
We do not sell, rent, or share your personal data with third parties for commercial purposes.
4. Legal Basis for Processing (GDPR)
| Data | Legal Basis | Justification |
|---|---|---|
| Email, name, photo | Consent (Art. 6.1.a GDPR) | Voluntary registration via Google OAuth |
| Prediction data | Contract Performance (Art. 6.1.b GDPR) | Necessary to provide the requested service |
| Fingerprint and hashed IP | Legitimate Interest (Art. 6.1.f GDPR) | Fraud and service abuse prevention |
| Payment data | Contract Performance (Art. 6.1.b GDPR) | Necessary to process credit purchases |
| Technical support data | Contract performance (Art. 6.1.b GDPR) | Necessary to resolve issues reported by the user |
5. Your Rights (GDPR and LOPDGDD)
In accordance with the General Data Protection Regulation (EU) 2016/679 and Organic Law 3/2018 on Personal Data Protection and guarantee of digital rights, you have the right to:
5.1 Right of Access
You can view all your data from your user profile at /profile.
5.2 Right of Rectification
You can modify your name and preferences from your account settings.
5.3 Right of Erasure ("right to be forgotten")
You can request complete deletion of your account and all associated data from /legal/delete or by sending an email to soporte-viral@apisdom.com.
5.4 Right of Portability
You can export all your data in JSON format from your user profile ("Export data" button).
5.5 Right of Opposition
You can object to the processing of your data for marketing purposes at any time.
5.6 Right of Limitation
You can request temporary suspension of your data processing by sending an email to soporte-viral@apisdom.com.
5.7 Right not to be subject to automated decisions
The generated predictions are statistical estimates based on historical data you provide. We do not make automated decisions that legally affect you.
Response Time: We will respond to your request within a maximum of 30 days from receipt.
Supervisory Authority: If you believe your rights have not been properly addressed, you can file a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es
6. Data Recipients
We share data only with the following providers, all with adequate safeguards:
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Firebase (Google) | Authentication and database | EU (europe-west1) | Standard Contractual Clauses, ISO 27001 Certification |
| Stripe | Payment processing | EU/USA | PCI-DSS Level 1, Standard Contractual Clauses |
| ApisDom | Prediction generation | EU | Data processor under contract |
7. International Transfers
When your data is transferred outside the European Economic Area (EEA), we ensure adequate safeguards exist:
- Standard Contractual Clauses approved by the European Commission
- European Commission adequacy decisions
- Approved certifications and codes of conduct
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | While your account remains active |
| Prediction history | While your account remains active |
| Transaction data | 5 years (Spanish tax obligation) |
| Device fingerprint | 90 days from last activity |
| Hashed IP | 90 days |
| Security logs | As long as necessary to demonstrate compliance with legal obligations |
| Technical support data (tickets, messages, images) | 30 days after ticket closure. Attached images are deleted together with the ticket |
After your account deletion, your data will be removed within a maximum of 30 days, except for data we must retain due to legal obligation.
9. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in transit for all communications
- Encryption at rest for all stored data
- Database-level access rules that prevent access to other users' data
- Request throttling to prevent denial of service attacks
- Validation and sanitisation of all input data
- Identity verification on all authenticated routes
- Security headers on all server responses
- Periodic security audits
- One user's data is never used to improve predictions for another user. Each prediction is generated exclusively from the historical data provided by the user themselves
10. Minors
Viral is not intended for users under 14 years of age. We do not knowingly collect personal data from minors under that age. If you are a parent or guardian and believe your child has provided us with personal data, please contact us to arrange deletion.
11. Changes to This Policy
We reserve the right to update this Privacy Policy to reflect changes in our practices or applicable regulations.
- Substantial changes will be notified 30 days in advance
- We will publish the updated version on this page
- We will send an email to registered users informing them of the changes
12. Contact
For any questions regarding the protection of your personal data:
Email: soporte-viral@apisdom.com
Address: Alicante, Spain
