Last architectural review: November 17, 2025
At Cojauny, privacy isn't an added feature—it's the foundation of our architecture. This policy meticulously details how we safeguard, process, and protect every byte of information you entrust to us during your interaction with our beta platform.
During the establishment phase of our definitive commercial entity, data management falls to Cojauny's founding team (referred to as the 'Cojauny Team' in this context). We operate from Spain under a distributed responsibility model, maintaining a single communication channel: support@cojauny.com. Complete registration details will be published in this section immediately following legal formalization.
Our collection schema follows the principle of extreme minimization: we only process voluntarily provided data (identification, contact, organizational context, and communications) along with anonymized browsing metrics (interaction patterns, language preferences, non-identifying technical fingerprinting) and essential security logs to ensure system integrity.
During event coordination, we temporarily process location data with end-to-end encryption. This data self-destructs 2 hours after the event and is never permanently stored on our servers. You can disable this feature at any time in the application settings without affecting core functionality.
Each data processing operation responds to a precise equation: beta access management (basis: explicit consent), service optimization through feedback (basis: calibrated legitimate interest), and aggregated analysis for product decisions (basis: consent for analytical cookies and proportional legitimate interest for system stability and security).
We implement a data sovereignty model where information only flows through providers essential for infrastructure, hosting, communications, and analytics. For extra-EEA transfers, we apply a multi-layer protocol: Standard Contractual Clauses reinforced with impact assessments and supplementary technical measures. We categorically exclude the sale or commercial transfer of data.
Our service is exclusively intended for individuals over 18 years of age. We do not knowingly collect information from minors. If we discover that we have processed a minor's data without parental consent verification, we will immediately delete such information from our systems and notify the competent authorities when required.
Data persists exclusively during the active beta cycle, with a maximum horizon of 12 months post-last interaction. This period is only interrupted by specific legal mandate or early exercise of deletion rights. Location data has a maximum retention of 2 hours.
Your control panel includes rights to access, rectification, objection, portability, restriction, and deletion—exercisable via support@cojauny.com with responses within 72 business hours. Consent is revocable at any point in the journey. For claims, the Spanish Data Protection Agency (www.aepd.es) acts as the supervisory authority.
In the unlikely event of a security breach affecting personal data, we will notify the competent authority within 72 hours and affected users without undue delay. We maintain detailed records of all security incidents for audit and continuous improvement.
We will architecturally review this policy in response to substantial processing changes or legal formalization. We will notify through priority channels and maintain complete versioning in this location. Substantial changes will require re-consent for processings based on this legal basis.
Technical privacy inquiries: support@cojauny.com | Response within ≤24h