Privacy Policy
Last updated: January 1, 2025
At Keyio, we are committed to protecting your personal data and respecting your privacy. This policy explains what data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR) and applicable Spanish law.
1. Data Controller
The data controller responsible for your personal data is Keyio (“we”, “us”, or “our”). For any privacy-related enquiries, please contact us at privacy@keyio.app.
2. Information We Collect
We collect the following categories of personal data:
- Account Information: Name, email address, and password (hashed) when you register.
- Billing Information: Payment details are processed securely by Stripe. We do not store your full card number.
- Property & Rental Data: Property addresses, rental income figures, tenant names, and contract details you enter into the platform.
- Guest Identity Documents: For SES.HOSPEDAJES compliance, we process guest identity document images (DNI, passport) using AI-powered OCR. These images are not stored beyond the extraction process.
- Usage Data: Pages visited, features used, and device/browser information to improve our service.
- Communications: Messages you send to our support team.
3. How We Use Your Data
We process your data on the following legal bases:
To provide, operate, and maintain the Keyio platform and all its features.
To comply with Spanish regulations including SES.HOSPEDAJES guest registration obligations.
To improve our service, prevent fraud, and ensure platform security.
For optional marketing communications (you can withdraw consent at any time).
4. Data Security & Encryption
We take data security seriously. Your information is protected by:
- End-to-end encryption for all data in transit (TLS 1.3)
- Encryption at rest for all stored data
- Role-based access controls ensuring you only see your own data
- Multi-factor authentication options for your account
- Regular security audits and vulnerability assessments
- Enterprise-grade cloud infrastructure with 99.9% uptime SLA
5. Data Sharing & Third Parties
We do not sell your personal data. We share data only with trusted partners necessary to deliver our service:
6. Data Retention
We retain your account data for as long as your account is active. Financial and rental records may be retained for up to 7 years as required by Spanish tax law. Guest identity document images are deleted immediately after OCR extraction. You may request deletion of your account and associated data at any time.
7. Your Rights (GDPR)
Under GDPR, you have the following rights:
Request a copy of all personal data we hold about you.
Correct any inaccurate or incomplete data.
Request deletion of your personal data ('right to be forgotten').
Receive your data in a structured, machine-readable format.
Object to processing based on legitimate interests.
Request we limit how we use your data.
To exercise any of these rights, contact us at privacy@keyio.app. You also have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD) at www.aepd.es.
8. Cookies
We use strictly necessary cookies to operate the platform (session authentication) and analytical cookies to understand how the service is used. We do not use advertising or tracking cookies. You can manage cookie preferences in your browser settings.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice in the application at least 30 days before the changes take effect.
Questions about your privacy?
Contact our Data Protection team at privacy@keyio.app or visit our contact page.