Polimake

Privacy Policy

Learn how we protect your agency's and your clients' data when using the Polimake platform.

Last updated: May 18, 2026

At Polimake we take privacy very seriously. This document describes how we collect, use, and protect the personal information of our clients, end users, and visitors, in compliance with the General Data Protection Regulation (GDPR, EU Regulation 2016/679) and the LOPDGDD (Spanish Organic Law 3/2018).

1. Data controller

The controller responsible for processing your personal data is:

Legal name: NEBULAR MEDIA SLU (owner of the Polimake brand) Registered address: Calle Platería 6, Piso 2B — 30004 Murcia, Spain Tax ID (NIF/CIF): B56931686 Data protection contact email: dpo@polimake.com

For any inquiry related to this policy or to your rights, you can write to us at dpo@polimake.com.

2. Data we collect

We collect only the data necessary to provide the service:

  • Account data: name, email address and, where applicable, the identifier returned by your identity provider (for example, Google) when you sign in with SSO.
  • Platform usage data: content you upload, organize, comment on, or approve within Polimake.
  • Technical data: IP address, browser, operating system, and activity logs necessary for auditing, security, and incident resolution.
  • Billing data: when you purchase a paid plan, the tax and payment details required to issue the invoice.

We do not collect special categories of data (health, ideology, religion, etc.).

3. Legal basis and purposes

We process your data on the following legal bases and for the following purposes:

  • Performance of the contract: providing the platform, managing your account, and giving you technical support.
  • Legitimate interest: maintaining the security of the service, preventing fraud, and improving the product based on aggregated data.
  • Legal obligation: complying with tax and commercial regulations (retention of invoices, responding to administrative or judicial requests).
  • Consent: sending commercial communications or newsletters when you have expressly authorized it.

4. Cookies and similar technologies

Polimake uses a very small number of cookies, all of them strictly necessary for the operation of the service. We do not use analytics, advertising, or profiling cookies, which is why we do not display a consent banner.

Cookie / storageSourcePurposeDuration
appSession and derivativesAuth0 (Okta, Inc.)Keep the session securely signed inUp to 7 days or until you sign out

You can disable or delete cookies from your browser settings. Doing so will not prevent you from browsing the public website, but it will require you to sign in again and may prevent access to the authenticated area.

5. Data processors and transfers

To provide the service, we share strictly necessary data with the following providers, all of them subject to data processing agreements pursuant to Article 28 of the GDPR:

  • Auth0 (Okta, Inc.) — authentication and session management. Data transferred to the U.S. under the European Commission's standard contractual clauses and the DPF (Data Privacy Framework).
  • Hosting provider (Vercel Inc.) — hosting of the application and delivery of static content.

We do not sell, rent, or transfer your data to third parties for advertising purposes.

6. Retention

We retain data only for as long as it is necessary for the purposes described:

  • Account data and content: while your account is active and for up to 90 days after its cancellation, unless there is a legal obligation to retain it.
  • Billing: 6 years in accordance with the Spanish Commercial Code.
  • Technical logs: up to 12 months for security and auditing purposes.

7. Users' rights

As the data subject, you can exercise the following rights by writing to dpo@polimake.com:

  • Access to your data.
  • Rectification of inaccurate data.
  • Erasure ("right to be forgotten") when it is no longer necessary.
  • Restriction of or objection to processing.
  • Portability of the data in a structured format.
  • Withdrawal of consent at any time, without retroactive effect.

We respond to requests within a maximum of 30 days. If you believe we have not properly handled your request, you can file a complaint with the Spanish Data Protection Agency (www.aepd.es).

8. Security

We apply technical and organizational measures to protect your data: encryption in transit (TLS), role-based access control, auditing of sensitive operations, and regular backups. We limit Polimake staff access to your data to the minimum necessary to provide the service.

9. Changes to this policy

We may update this policy to reflect changes in the service, in our providers, or in applicable regulations. The date of the last update appears at the beginning of the document. If the changes are substantial, we will notify you by email or from within the application.

If you have additional questions about how we handle your data, contact our team at dpo@polimake.com.