ADOIA
Request a demo
en
Back to home
ADOIA · Legal

Privacy policy

Controller: ADOIA PROJECT, S.L.

Tax ID: B25951856

Address: Calle camí de la Tolosa 9, 08500 Vic (Barcelona, Spain)

Email:info@adoiaproject.com

Data Protection Officer:legal@adoiaproject.com

1. Data controller

ADOIA PROJECT, S.L. is the entity responsible for processing personal data collected through the website and the service platform, in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

2. Personal data we process

Processing may cover the following categories of data:

  • Contact and form data: name, surname, email, phone and professional data (firm, practice area, number of lawyers).
  • Registration and billing data: access credentials, tax and billing data of the natural or legal person holding the licence.
  • Navigation data: IP address, browser identifier, navigation logs, technical logs and usage metrics.
  • User inputs: content, documents and queries uploaded or entered by the user on the platform.
  • Activity logs: activity records, security auditing and traceability of actions performed on the platform.

Important recommendation: it is advisable to anonymise or pseudonymise the personal data contained in documents before uploading them, especially in the case of court files or information subject to professional secrecy.

3. Purposes of processing

Data is processed for the following purposes:

  1. Handling requests for information and managing commercial contact.
  2. Performing the service contract and managing the customer relationship.
  3. Sending commercial communications about ADOIA products and services, provided there is a legal basis or consent.
  4. Processing the documents and queries uploaded to the platform to provide the contracted service.
  5. Complying with applicable legal obligations, especially tax, accounting and data protection obligations.
  6. Improving the service and producing aggregated statistics, without identification of specific users.
  7. Ensuring the security of the platform and preventing fraud or unauthorised access.

4. Legal basis for processing

  • Contract performance (art. 6.1.b GDPR) for service delivery.
  • Consent (art. 6.1.a GDPR) for commercial communications and non-technical cookies.
  • Legal obligation (art. 6.1.c GDPR) for tax, accounting and regulatory compliance.
  • Legitimate interest (art. 6.1.f GDPR) for security, service improvement and fraud prevention.

5. Data retention

  • Contact requests: up to 12 months from the last communication.
  • Contractual and billing data: for the duration of the relationship and, thereafter, for the legal statute-of-limitations period (between 4 and 6 years depending on the obligation).
  • User inputs: for the duration of the service subscription; after a reasonable period following termination, they will be deleted or anonymised unless required by law.
  • Logs and technical records: up to 24 months, unless a longer period is necessary for security or investigative reasons.

6. Information security

ADOIA applies technical and organisational measures consistent with the state of the art and the principles of the GDPR. In particular:

  • Encryption of data at rest with AES-256 and in transit with the TLS/SSL protocol.
  • Logical isolation of databases per customer licence, preventing information mixing between firms.
  • Role-based access control policy, audit logging and reinforced authentication for administrator users.
  • Security management protocols aligned with the ISO 27001 standard.
  • Commitment not to use the user's inputs to train third-party general models without their express consent.

7. Recipients and data processors

Data may be communicated to technology providers acting as data processors (cloud hosting, payment tools, technical support, artificial intelligence models), always under a processing agreement in accordance with article 28 GDPR.

Some providers may be located outside the European Economic Area. In such cases, ADOIA requires the appropriate safeguards provided for in the GDPR (adequacy decisions, standard contractual clauses or equivalent safeguards).

8. User rights

The user may exercise the following rights:

  • Access to their personal data.
  • Rectification of inaccurate data.
  • Erasure where applicable.
  • Restriction of processing.
  • Objection to processing.
  • Data portability.
  • Not to be subject to automated individual decisions with significant legal effects.

To exercise these rights, the user may write to legal@adoiaproject.com attaching a copy of an identification document. The user may also file a complaint with the Spanish Data Protection Agency ( www.aepd.es ).

9. Use of Google API data

When you connect your Google Drive account, ADOIA accesses the files and folder metadata you select, with read-only permissions (drive.readonly and drive.metadata.readonly), for the sole purpose of indexing and processing those documents to provide the search, inspection and document generation features. ADOIA never modifies or deletes files in your Google Drive.

ADOIA's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy , including the Limited Use requirements. In particular, data obtained from Google is not used for advertising or to train generalized or third-party AI models, and is not read by any human except with your explicit consent, for security or legal-compliance reasons, or where the data has been aggregated and anonymised.

You can revoke ADOIA's access at any time by disconnecting the integration from the platform —which revokes the token at Google and deletes the synced documents— or from your Google account permissions page ( myaccount.google.com/permissions ).

10. Changes to this policy

ADOIA reserves the right to update this Privacy Policy to adapt to legal or case-law developments, as well as to changes in services. Any modifications will be communicated by prior notice on the website.

The legally binding version of this document is the one drafted in Spanish. This translation is provided for informational purposes only.

Last updated · April 2026