Last updated: June 2026
Privacy Policy
In accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD)
1. Data Controller
Ticpan
Contact email: hola@ticpan.app
2. Data we collect and why
| Data | Purpose | Legal basis | Retention |
|---|---|---|---|
| Name and registration email | Create and manage your account | Performance of contract | While account is active + 1 year |
| Billing data | Payment processing and tax obligations | Legal obligation | 5 years (commercial law) |
| Technical metrics from the agent module | Generate the Health Score and alerts | Performance of contract | 90-day history; configurable |
| Access and activity logs | Security, audit and support | Legitimate interest | 30 days |
| IP address | Security and fraud prevention | Legitimate interest | 30 days |
| Email (with consent) | Occasional commercial communications and newsletter | Consent (art. 6.1.a GDPR) | Until consent is withdrawn |
3. Data the agent module does NOT collect
The module is designed with strict privacy by default. It does not access or transmit:
- Orders, customers or transaction data (
sales_*,customer_*,quote_*) - Passwords, payment tokens or card data
- Conversation or message content
- Data from the "Business Health" pillar without the Customer's explicit consent
The Business Health (BIZ) pillar accesses catalogue and inventory tables only when the Customer explicitly enables the "Enable catalogue analysis" option in the Magento admin.
4. Who we share your data with
We do not sell your data. The only third parties that may access it are:
- Cloud infrastructure provider (platform hosting) — within the EU.
- Payment gateway — only billing data necessary to process the payment.
- Internal monitoring tools — anonymised availability metrics.
In the event of a legal requirement, we may be obliged to provide data to competent authorities.
5. International transfers
Data is stored on servers located in the European Union. If future transfers outside the EEA become necessary, they will be carried out under appropriate safeguards (Standard Contractual Clauses of the European Commission or equivalent mechanisms).
6. Your rights
You may exercise the following rights by emailing hola@ticpan.app:
- Access: obtain confirmation of whether we process your data and receive a copy.
- Rectification: correct inaccurate or incomplete data.
- Erasure: request deletion of your data when it is no longer necessary.
- Objection: object to processing based on legitimate interest.
- Portability: receive your data in a structured, machine-readable format.
- Restriction: request that we restrict processing in certain circumstances.
- Withdrawal of consent: without retroactive effect, at any time.
If you believe the processing infringes the applicable regulations, you may lodge a complaint with the Spanish Data Protection Agency (AEPD).
7. Security
We apply technical and organisational measures to protect your data: encryption in transit (TLS), HMAC-SHA256 authentication for agent module communication, role-based access control, revocable tokens and 5-minute anti-replay windows.
In the event of a security breach affecting your personal data, we will notify you within the timeframes established by the GDPR.
8. Cookies
Ticpan uses only strictly necessary cookies for session management, CSRF protection and language preference. We do not use tracking or third-party advertising cookies.
- Session / CSRF: required for authentication and form security.
- locale: stores your language preference (ES/EN) for 1 year. Functional cookie, not a tracker.
9. Commercial communications and newsletter
If you tick the opt-in box during registration — or optionally at any time from your account settings — we will send you, occasionally and sparingly:
- Relevant Ticpan updates: new rules, Health Score improvements and features.
- Practical tips for maintaining and improving the technical health of your Magento store.
- Special offers or promotions, on a very occasional basis.
We are committed to not flooding your inbox. You will only receive content worth reading, when there is genuinely something worth sharing.
Withdrawing consent
You can unsubscribe at any time with a single click on the "Unsubscribe" link at the bottom of every email. You may also revoke consent directly from your account settings or by writing to hola@ticpan.app. Unsubscribing is immediate and independent of the service: stopping communications does not affect your Ticpan account in any way.
Legal basis: explicit user consent (art. 6.1.a GDPR). Consent is entirely voluntary; withholding or withdrawing it does not affect access to the contracted service.
10. Changes to this policy
We may update this policy to reflect changes to the service or applicable law. Material changes will be notified by email with at least 15 days' notice.