Privacy Notice
‍Equito App

1. IDENTIFICATION

• Data Controller: Equito App, S.L.
• Registered address: Ronda Sant Pere (Urquinaona), 52 – AT, Barcelona, 08010
• VAT Number: B-16857609
• Public Registry: Registro Mercantil de Barcelona, Tomo 47992, Folio 198, Inscripción 1 (Hoja B-568662)
• E-mail: contact@equito.app
• Data Protection Officer: https://equito.app/

2. INFORMATION AND CONSENT

By using our website or Platform, you (the “Data Subject”) give informed, express, free and unequivocal consent for Equito to collect and process your personal data in accordance with:

• GDPR (EU 2016/679)
• LOPDGDD (Organic Law 3/2018, Dec 5)

Consent covers data collected by form submission and by cookies when you browse https://equito.app/. All required data are mandatory to provide the requested services; basic browsing remains free and unrestricted.

3. PURPOSES OF PROCESSING

PurposeData CategoriesContact inquiriesName, surname, e-mail, telephoneUser registrationName, e-mail address, phone numberInvestment managementName, address, e-mail, phone, financial info (cards, bank details), geolocation, photo, ID, requested loan amount, property type & location, marital status, dependents, debt historyPlatform usage & service dataTechnical info (IP, login, browser type/version, OS, timezone), navigation data (URLs, timestamps, clicks, errors, session length, scrolls)Service improvement & analyticsPseudonymized usage data to tailor and enhance user experience

4. LEGAL BASIS

• Contact: Legitimate interest
• Registration & Investment Management: Performance of contract
• Platform usage & analytics: Legitimate interest

5. DATA COLLECTED

1. Contact Form
   • Identification: name, surname
   • Contact: e-mail, telephone
2. Platform Registration
   • Name, e-mail, telephone
3. Investment Management
   • Personal & financial data: name, address, bank/account info, geolocation, photo, ID, marital/family status, debts, loan amount, property details
4. Technical & Navigation Data
   • IP address, browser/OS info, plugins, timezone
   • Clickstream, URLs visited, page timings, errors, interaction metrics

6. FACIAL DATA & BIOMETRIC INFORMATION

• Reasons for Collection: We collect facial data (photos and liveness video checks) solely for Identity Verification (KYC - Know Your Customer) and Anti-Money Laundering (AML) compliance. This is required by law for investment platforms to prevent identity theft and fraud.
• Storage & Retention: Facial data is stored for a period of 5 years following the termination of the business relationship, as mandated by Spanish and EU Anti-Money Laundering regulations. We do not store this data indefinitely.
• Third-Party Sharing: We share facial data with our identity verification provider, Veriff.
• Purpose of Sharing: Data is shared with this provider to perform automated biometric matching between your "selfie" and your government-issued ID to confirm your identity.
• Third-Party Practices: Our verification provider processes this data according to strict security standards (ISO 27001 / GDPR). They store the data only for the duration necessary to fulfill legal KYC requirements on our behalf and do not use it for any other purpose. You can view their privacy policy here:  https://www.veriff.com/privacy-notice

7. RECIPIENTS & INTERNATIONAL TRANSFERS

• No third-party transfers except where necessary (e.g. AML authorities, courts, tax bodies), always under a Data Processor agreement ensuring equal safeguards.
• International transfers outside the EEA only with explicit, prior consent; you will be informed and must agree before any such transfer.

8. DATA HOSTING

• Data are stored within the EEA.
• May be processed by staff outside the EEA (e.g. payment processing, support) under the same security standards.
• Retention period: 5 years after termination of commercial relationship, then erased.

9. PROFILING & AUTOMATED DECISIONS

• Profiling: To personalize services and communications (e.g. product updates). Pseudonymized where possible.
• Automated Decision-Making (ADM): Used for identity verification and fraud prevention. No legal effects solely from ADM.

10. YOUR RIGHTS

You may exercise your rights of access, rectification, erasure, objection, portability and restriction by writing to contact@equito.app with your name, surname and e-mail. We will respond within one month of receipt.

11. COOKIES

Use of cookies is governed by our Cookies Policy, in compliance with GDPR and Spanish Law 34/2002 on Information Society Services.

12. ACCEPTANCE & CHANGES

By using the Platform you acknowledge you have read, understood and agree to this Policy in full. Equito reserves the right to modify it at any time; updates become effective upon publication on the Platform.

Last update: February, 2026